TOWARDS LANGUAGE-INDEPENDENT APPROACH FOR SECURITY CONCERNS WEAVING

Azzam Mourad, Dima Alhadidi, Mourad Debbabi

Abstract

In this paper, we propose an approach for weaving security concerns in the Gimple representation of programs. Gimple is an intermediate, language-independent, and tree-based representation generated by GNU Compiler Collection (GCC) during the compilation process. This proposition constitutes the first attempt towards adopting the aspect-oriented concept on Gimple and exploiting this intermediate representation to allow advising an application written in a specific language with security code written in a different one. At the same time, injecting security is applied in a systematic way in order not to alter the original functionalities of the software. We explore the viability and the relevance of our proposition by: (1) implementing several Gimple weaving capabilities into the GCC compiler (2) developing a case study for securing the connections of a client application and (3) using the weaving features of the extended GCC to inject the security concerns into the application.

References

  1. Bodkin, R. (2004). Enterprise security aspects. In Proceedings of the AOSD 04 Workshop on AOSD Technology for Application-level Security (AOSD'04:AOSDSEC).
  2. DeWin, B. (2004). Engineering Application Level Security through Aspect Oriented Software Development. PhD thesis, Katholieke Universiteit Leuven.
  3. Huang, M., Wang, C., and Zhang, L. (2004). Toward a reusable and generic security aspect library. In Proceedings of the AOSD 04 Workshop on AOSD Technology for Application-level Security (AOSD'04:AOSDSEC).
  4. Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., and Griswold, W. (2001). Overview of aspectj. In Proceedings of the 15th European Conference ECOOP 2001, Budapest, Hungary. Springer Verlag.
  5. Masuhara, H. and Kawauchi, K. (2003). Dataflow pointcut in aspect-oriented programming. In Proceedings of The First Asian Symposium on Programming Languages and Systems (APLAS'03), pages 105-121.
  6. Mourad, A., Laverdière, M.-A., and Debbabi, M. (2007). A high-level aspect-oriented based language for software security hardening. In Proceedings of the International Conference on Security and Cryptography. Secrypt.
  7. Mourad, A., Laverdière, M.-A., and Debbabi, M. (2008). A high-level aspect-oriented based framework for software security hardening. Information Security Journal: A Global Perspective, 17(2):56-74.
  8. Shah, V. (2003). An aspect-oriented security assurance solution. Technical Report AFRL-IF-RS-TR-2003-254, Cigital Labs.
  9. Spinczyk, O., Gal, A., and chroder Preikschat, W. (2002). Aspectc++: An aspect-oriented extension to c++. In Proceedings of the 40th International Conference on Technology of Object-Oriented Languages and Systems, Sydney, Australia.
  10. Yang, Z. (2007). On building a dynamic vulnerability detection system. Master's thesis, Concordia University.
Download


Paper Citation


in Harvard Style

Mourad A., Alhadidi D. and Debbabi M. (2008). TOWARDS LANGUAGE-INDEPENDENT APPROACH FOR SECURITY CONCERNS WEAVING . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 460-465. DOI: 10.5220/0001925704600465


in Bibtex Style

@conference{secrypt08,
author={Azzam Mourad and Dima Alhadidi and Mourad Debbabi},
title={TOWARDS LANGUAGE-INDEPENDENT APPROACH FOR SECURITY CONCERNS WEAVING},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={460-465},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001925704600465},
isbn={978-989-8111-59-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI - TOWARDS LANGUAGE-INDEPENDENT APPROACH FOR SECURITY CONCERNS WEAVING
SN - 978-989-8111-59-3
AU - Mourad A.
AU - Alhadidi D.
AU - Debbabi M.
PY - 2008
SP - 460
EP - 465
DO - 10.5220/0001925704600465