New Primitives to AOP Weaving Capabilities for Security Hardening Concerns

Azzam Mourad, Marc-André Laverdière, Mourad Debbabi

Abstract

In this paper, we present two new primitives to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. These primitives are called exportParameter and importParameter and are used to pass parameters between two point cuts. They allow to analyze a program’s call graph in order to determine how to change function signatures for the passing of parameters associated with a given security hardening. We find this feature necessary in order to implement security hardening solutions that are infeasible or impractical using the current AOP proposals. Moreover, we show the viability and correctness of our proposed primitives by elaborating their algorithms and presenting experimental results.

References

  1. Bodkin, R.: Enterprise security aspects (2004) http://citeseer.ist.psu.edu/ 702193.html (accessed 2007/04/19).
  2. DeWin, B.: Engineering application level security through aspect oriented software development (2004) http://www.cs.kuleuven.ac.be/cwis/research/ distrinet/resources/publications/41140.pdf.
  3. Huang, M., Wang, C., Zhang, L.: Toward a reusable and generic security aspect library. In: AOSD:AOSDSEC 04: AOSD Technology for Application level Security, March. (2004)
  4. Cigital Labs: An aspect-oriented security assurance solution. Technical Report AFRL-IFRS-TR-2003-254 (2003)
  5. Slowikowski, P., Zielinski, K.: Comparison study of aspect-oriented and container managed security (2003)
  6. Masuhara, H., Kawauchi, K.: Dataflow pointcut in aspect-oriented programming. In: APLAS. (2003) 105-121
  7. harbulot, B., Gurd, J.: A join point for loops in AspectJ. In: Proceedings of the 4th workshop on Foundations of Aspect-Oriented Languages (FOAL 2005), March. (2005)
  8. Mourad, A., Laverdière, M.A., Debbabi, M.: Towards an aspect oriented approach for the security hardening of code. (To appear in the Proceedings of the 21st IEEE International Conference AINA, AINA-SSNDS 2007, IEEE)
  9. Laverdière, M.A., Mourad, A., Soeanu, A., Debbabi, M.: Control flow based pointcuts for security hardening concerns. (To appear in the Proceedings of the IFIPTM 2007 Conference, Springer)
  10. Grove, D., Chambers, C.: A framework for call graph construction algorithms. ACM Trans. Program. Lang. Syst. 23 (2001) 685-746
  11. Myers, A.: Jflow: Practical mostly-static information flow control. In: Symposium on Principles of Programming Languages. (1999) 228-241
  12. Bonr, J.: Semantics for a synchronized block join point (2005) http://jonasboner.com/2005/07/18/ semantics-for-a-synchronized-block-joint-point/ (accessed 2007/04/19.
  13. Kiczales, G.: The fun has just begun, keynote talk at AOSD 2003 (2003) http://www.cs.ubc.ca/˜gregor/papers/kiczales-aosd-2003.ppt (accessed 2007/04/19).
Download


Paper Citation


in Harvard Style

Mourad A., Laverdière M. and Debbabi M. (2007). New Primitives to AOP Weaving Capabilities for Security Hardening Concerns . In Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007) ISBN 978-972-8865-96-2, pages 123-130. DOI: 10.5220/0002422001230130


in Bibtex Style

@conference{wosis07,
author={Azzam Mourad and Marc-André Laverdière and Mourad Debbabi},
title={New Primitives to AOP Weaving Capabilities for Security Hardening Concerns},
booktitle={Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)},
year={2007},
pages={123-130},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002422001230130},
isbn={978-972-8865-96-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2007)
TI - New Primitives to AOP Weaving Capabilities for Security Hardening Concerns
SN - 978-972-8865-96-2
AU - Mourad A.
AU - Laverdière M.
AU - Debbabi M.
PY - 2007
SP - 123
EP - 130
DO - 10.5220/0002422001230130