A High-level Aspect-oriented-based Framework for Software Security Hardening

Mourad, Azzam; Laverdière, Marc-André; Debbabi, Mourad

doi:10.1080/19393550801911230

Cited by 17 publications

(7 citation statements)

References 10 publications

(12 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The initial proposition, which is detailed in (Mourad et al, 2007;Mourad et al, 2008), is composed of a framework, a language called SHL and a compiler for securing software in a systematic way. SHL is an aspect-oriented and programming-independent language.…”

Section: Weaving Methodologymentioning

confidence: 99%

“…We have selected a client application implemented in C++, which allows to connect and exchange data with a server through HTTP requests. Listing 1 presents the pattern elaborated in SHL for securing the connection of the aforementioned application using GnuTL-S/SSL (Please refer to (Mourad et al, 2007;Mourad et al, 2008) for SHL structure and syntax). The code of the functions used in the Code of the pattern's Behavior(s) is illustrated in Listing 2.…”

Section: Pattern and Aspect For Securing The Connections Of Client Apmentioning

confidence: 99%

“…The process of merging the security concerns into the original program is called weaving. In this context, we have presented previously in (Mourad et al, 2007;Mourad et al, 2008) contributions towards elaborating methodologies and solutions to integrate systematically and consistently security models and components into software.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards Language-Independent Approach for Security Concerns Weaving

Mourad¹,

Alhadidi²,

Debbabi³

2008

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

In this paper, we propose an approach for weaving security concerns in the Gimple representation of programs. Gimple is an intermediate, language-independent, and tree-based representation generated by GNU Compiler Collection (GCC) during the compilation process. This proposition constitutes the first attempt towards adopting the aspect-oriented concept on Gimple and exploiting this intermediate representation to allow advising an application written in a specific language with security code written in a different one. At the same time, injecting security is applied in a systematic way in order not to alter the original functionalities of the software. We explore the viability and the relevance of our proposition by: (1) implementing several Gimple weaving capabilities into the GCC compiler (2) developing a case study for securing the connections of a client application and (3) using the weaving features of the extended GCC to inject the security concerns into the application. * This research is the result of a fruitful collaboration

show abstract

Section: Weaving Methodologymentioning

confidence: 99%

Section: Pattern and Aspect For Securing The Connections Of Client Apmentioning

confidence: 99%

See 1 more Smart Citation

Towards Language-Independent Approach for Security Concerns Weaving

Mourad¹,

Alhadidi²,

Debbabi³

2008

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

show abstract

“…As alternative to XACML, several extensions such SBA-XACML and its related analysis were proposed to make the policy evaluation faster using sets based languages in [32]- [34]. Moreover, it is important to mention that the use of aspect-oriented programming may improve the model by allowing dynamic integration of the policies changes within XACML and business processes [35], [36].…”

Section: B Performance-aware Control Policiesmentioning

confidence: 99%

Intelligent Performance-Aware Adaptation of Control Policies for Optimizing Banking Teller Process Using Machine Learning

Tay

Mourad

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

In the current banking systems and business processes, the permission granted to employees is controlled and managed by the configured access control methods, in which static role-based models focus on access to information and functions. The deployed configuration is not reviewed/updated systematically and is handled manually by managers. Consequently, banks and companies are looking for systems and applications to automate and optimize their business processes and data management intelligently. In this context, the notion of integrating machine learning (ML) techniques in banking business processes has emerged. In order to build an intelligent and systematic solution, we combine in this paper ML and dynamic authorization techniques to enable performance-based policy evaluation into the banking teller process, where policies adapt to the changes recognized by the ML model. The objective of this work is to focus on the banking teller process that may be generalized to other operational banking processes. In this context, we propose in this paper a new model providing Intelligent Performance-Aware Adaptation of Roles and Policy Control using a support vector machine (SVM). We demonstrate that our model is capable of assessing the deployed control policies and updating them systematically with new roles and authorization levels based on tellers' performance, work history, and system constraints. We evaluated different machine learning models on a real dataset generated from a real-life banking environment. Experimental results explore the relevance and efficiency of our proposed scheme in terms of prediction accuracy, required authorizations, transaction time, and employees' working hours.

show abstract

“…control and encryption using pointcut-based deployment. Other research has proposed even more advanced scenerios where AOSD is applied to address security [4,6,7,9,16,17,20,25,26,28]. However, most existing tools and research focus on the protection of server-side resources.…”

Section: Introductionmentioning

confidence: 98%

Enforcing security for desktop clients using authority aspects

Cannon

Wohlstadter

2009

Proceedings of the 8th ACM International Conference on Aspect-Oriented Software Development

View full text Add to dashboard Cite

Desktop client applications interact with both local and remote resources. This is both a benefit in terms of the rich features desktop clients can provide, but also a security risk. Due to their high connectivity, desktop clients can leave a user's machine vulnerable to viruses, malicious plug-ins, and scripts. Aspect-Oriented Software Development can be used to address security concerns in software in a modular fashion. However, most existing research focuses on the protection of server-side resources. In this paper we introduce an aspect-oriented mechanism, Authority Aspects, to enforce the Principle of Least Privilege on desktop clients. This helps to ensure that legitimate resource access is allowed and illegitimate access is blocked. We present a case study applying our approach on two desktop applications: an RSS feed aggregator and a Web browser.

show abstract

A High-level Aspect-oriented-based Framework for Software Security Hardening

Cited by 17 publications

References 10 publications

Towards Language-Independent Approach for Security Concerns Weaving

Towards Language-Independent Approach for Security Concerns Weaving

Intelligent Performance-Aware Adaptation of Control Policies for Optimizing Banking Teller Process Using Machine Learning

Enforcing security for desktop clients using authority aspects

Contact Info

Product

Resources

About