An aspect-oriented approach for the systematic security hardening of code

Mourad, Azzam; Laverdière, Marc-André; Debbabi, Mourad

doi:10.1016/j.cose.2008.04.003

Cited by 23 publications

(9 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Other approaches, such as [14],implement a risk management analysis in order to incorporate security into the SDLC. Other related works such as [27][28][29][30][31][32]have attempted to improve security by using AOP at the SDLC implementation stage. Moreover, among these works [27] and [28] have also proposed a method to integrate security using AOP at the implementation stage, while [29] and [30] have investigated aspectizing security at the programming stage.…”

Section: 4aspect-oriented Modelling For Representing and Integratimentioning

confidence: 99%

“…Moreover, among these works [27] and [28] have also proposed a method to integrate security using AOP at the implementation stage, while [29] and [30] have investigated aspectizing security at the programming stage. Additionally, [31] and [32] have considered using AO Ponly during the programming stage to ensure that the system is trustworthy during the development process.Generally, less attention has been given to utilizing the benefits of AO and its related concepts for other (earlier)SDLC stages as a means to improve the security of software. However, it makes sense to employ AO as early as possible in the SDLC, otherwise it might be too late to address all the security dimensions.…”

Section: 4aspect-oriented Modelling For Representing and Integratimentioning

confidence: 99%

See 1 more Smart Citation

Securing Software Development Stages Using Aspect-Orientation Concepts

Magableh¹,

AlSobeh²

2018

IJSEA

View full text Add to dashboard Cite

In the past 10 years, the research community has produced a significant number of design notations to represent security properties and concepts in a design artifact. The need to improve the security of software has become a key issue for developers.The security function needs to be incorporated into the software development process at the requirement, analysis, design, and implementation stages as doing so may help to smooth integration and to protect systems from attack. Security affects all aspects ofa software program, which makes the incorporation of security features a crosscutting concern. Therefore, this paper looks at the feasibility and potential advantages of employing an aspect orientation approach in the software development lifecycle to ensure efficient integration of security.These notations are aimed at documenting and analyzing security in a software design model. It also proposes a model called the Aspect-Oriented Software Security Development Life Cycle (AOSSDLC), which covers arrange of security activities and deliverables for each development stage. It is concluded that aspect orientation is one of the best options available for installing security features not least because of the benefit that no changes need to be made to the existing software structure.

show abstract

Section: 4aspect-oriented Modelling For Representing and Integratimentioning

confidence: 99%

Section: 4aspect-oriented Modelling For Representing and Integratimentioning

confidence: 99%

Securing Software Development Stages Using Aspect-Orientation Concepts

Magableh¹,

AlSobeh²

2018

IJSEA

View full text Add to dashboard Cite

show abstract

“…Other approaches, such as [14], implement a risk management analysis in order to incorporate security into the SDLC. Other related works such as [27][28][29][30][31][32] have attempted to improve security by using AOP at the SDLC implementation stage. Moreover, among these works [27] and [28] have also proposed a method to integrate security using AOP at the implementation stage, while [29] and [30] have investigated aspectizing security at the programming stage.…”

Section: Aspect-oriented Modelling For Representing and Integrating Smentioning

confidence: 99%

Aspect-Oriented Software Security Development Life Cycle (AOSSDLC)

Magableh¹,

AlSobeh²

2018

Computer Science &Amp; Information Technology (CS &Amp; IT)

View full text Add to dashboard Cite

Recently, the need to improve the security of software has become a key issue for developers. The security function needs to be incorporated into the software development process at the requirement, analysis, design, and implementation stages as doing so may help to smooth integration and to protect systems from attack. Security affects all aspects of a software program, which makes the incorporation of security features a crosscutting concern. Therefore this paper looks at the feasibility and potential advantages of employing an aspect orientation approach in the software development lifecycle to ensure efficient integration of security. It also proposes a model called the Aspect-Oriented Software Security Development Life Cycle (AOSSDLC), which covers arrange of security activities and deliverables for each development stage. It is concluded that aspect orientation is one of the best options available for installing security features not least because of the benefit that no changes need to be made to the existing software structure.

show abstract

“…AOP has been used to implement security features: access control [37,47], error detection and handling [28], automatic login [51], hardening the security of existing libraries [32] or preventing buffer overflow [43] are some examples where AOP has been used successfully. AOP proves itself a useful and powerful tool as it allows the expression of security concerns that should apply to the whole application while completely decoupling their specification from the application functionality.…”

Section: Aspect Oriented Programmingmentioning

confidence: 99%

FlowR

Pasquier

Bacon

Shand

2014

Proceedings of the 13th International Conference on Modularity

View full text Add to dashboard Cite

This paper reports on our experience with providing Information Flow Control (IFC) as a library. Our aim was to support the use of an unmodified Platform as a Service (PaaS) cloud infrastructure by IFC-aware web applications. We discuss how Aspect Oriented Programming (AOP) overcomes the limitations of RubyTrack, our first approach. Although use of AOP has been mentioned as a possibility in past IFC literature we believe this paper to be the first illustration of how such an implementation can be attempted.We discuss how we built FlowR (Information Flow Control for Ruby), a library extending Ruby to provide IFC primitives using AOP via the Aquarium open source library. Previous attempts at providing IFC as a language extension required either modification of an interpreter or significant code rewriting. FlowR provides a strong separation between functional implementation and security constraints which supports easier development and maintenance; we illustrate with practical examples. In addition, we provide new primitives to describe IFC constraints on objects, classes and methods that, to our knowledge, are not present in related work and take full advantage of an object oriented language (OO language).The experience reported here makes us confident that the techniques we use for Ruby can be applied to provide IFC for any Object Oriented Program (OOP) whose implementation language has an AOP library.

show abstract

An aspect-oriented approach for the systematic security hardening of code

Cited by 23 publications

References 4 publications

Securing Software Development Stages Using Aspect-Orientation Concepts

Securing Software Development Stages Using Aspect-Orientation Concepts

Aspect-Oriented Software Security Development Life Cycle (AOSSDLC)

FlowR

Contact Info

Product

Resources

About