An Aspect-Oriented Security Assurance Solution

Shah, Viren

doi:10.21236/ada419305

Cited by 16 publications

(7 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many contributions (Shah, 2003;Dewin, 2004;Bodkin, 2004;Huang et al, 2004) in addition to our experiments , have proven the usefulness of AOP for integrating security features into software. In this context, we present in this section a methodology to develop the security solutions and their corresponding aspects and patterns based on AOP.…”

Section: Approach Overviewmentioning

confidence: 53%

New Approach Targeting Security Patterns Development and Deployment

Mourad

Otrok

Baajour

2011

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

Section: Approach Overviewmentioning

confidence: 53%

New Approach Targeting Security Patterns Development and Deployment

Mourad

Otrok

Baajour

2011

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

“…Few contributions that discuss and explore the relevance of AOP and AOP languages for integrating security code into applications have been published recently (Bodkin, 2004;DeWin, 2004;Huang et al, 2004;Shah, 2003;Xu et al, 2006). These research initiatives presented mainly as case studies, however, focus on exploring the usefulness of AOP for securing software by security experts who know exactly where each piece of code should be manually injected and/ or proposing AOP languages for security.…”

Section: Aop Approaches For Security Injectionmentioning

confidence: 99%

“…Cigital labs proposed an AOP language called CSAW (Shah, 2003;Shah andHill, 2002, 2003;Viega et al, 2001), which is a small superset of C programming language. Their work is mostly dedicated to improve the security of C programs.…”

Section: Aop Approaches For Security Injectionmentioning

confidence: 99%

A High-level Aspect-oriented-based Framework for Software Security Hardening

Mourad

Laverdière

Debbabi

2008

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

In this paper, we present an aspect-oriented approach and propose a high-level language called SHL (Security Hardening Language) for the systematic security hardening of software. The primary contribution of this proposition is providing the software architects with the capabilities to perform security hardening by applying well-defined solutions and without the need to have expertise in the security solution domain. At the same time, the security hardening is applied in an organized and systematic way in order not to alter the original functionalities of the software. This is done by providing an abstraction over the actions required to improve the security of a program and adopting aspect-oriented programming to build and develop the solutions. SHL allows the developers to describe and specify the security hardening plans and patterns needed to harden systematically security into open source software. It is a minimalist language built on top of the current aspectoriented technologies that are based on advice-poincut model and can also be used in conjunction with them. We explore the viability and relevance of our proposition by applying it into several security hardening case studies and presenting their experimental results.

show abstract

“…Most of the contributions (Bodkin, 2004;DeWin, 2004;Huang et al, 2004;Shah, 2003) that explore the usability of AOP for integrating security code into applications are presented as case studies that show the relevance of AOP languages for application security. They have focused on exploring the usefulness of AOP for securing software by security experts who know exactly where each piece of code should be manually injected.…”

Section: Aop Approaches For Security Injectionmentioning

confidence: 99%

“…One way of addressing such problems is by separating out the security concerns from the rest of the application, such that they can be addressed independently and applied globally. More recently, several proposals have been advanced for code injection, via an aspect-oriented computational style, into source code for the purpose of improving its security (Bodkin, 2004;DeWin, 2004;Huang et al, 2004;Shah, 2003). Aspect-Oriented Programming (AOP) is an appealing approach that allows the separation of crosscutting concerns.…”

Section: Introductionmentioning

confidence: 99%

Towards Language-Independent Approach for Security Concerns Weaving

Mourad¹,

Alhadidi²,

Debbabi³

2008

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

In this paper, we propose an approach for weaving security concerns in the Gimple representation of programs. Gimple is an intermediate, language-independent, and tree-based representation generated by GNU Compiler Collection (GCC) during the compilation process. This proposition constitutes the first attempt towards adopting the aspect-oriented concept on Gimple and exploiting this intermediate representation to allow advising an application written in a specific language with security code written in a different one. At the same time, injecting security is applied in a systematic way in order not to alter the original functionalities of the software. We explore the viability and the relevance of our proposition by: (1) implementing several Gimple weaving capabilities into the GCC compiler (2) developing a case study for securing the connections of a client application and (3) using the weaving features of the extended GCC to inject the security concerns into the application. * This research is the result of a fruitful collaboration

show abstract

An Aspect-Oriented Security Assurance Solution

Cited by 16 publications

References 19 publications

New Approach Targeting Security Patterns Development and Deployment

New Approach Targeting Security Patterns Development and Deployment

A High-level Aspect-oriented-based Framework for Software Security Hardening

Towards Language-Independent Approach for Security Concerns Weaving

Contact Info

Product

Resources

About