Abstract
Since many applications are too complex to be solved ad hoc, mechanisms are being developed to deal with different concerns separately. An interesting case of this separation is security. The implementation of security mechanisms often interacts or even interferes with the core functionality of the application. This results in tangled, unmanageable code with a higher risk of security bugs.
Aspect-oriented programming promises to tackle this problem by offering several abstractions that help to reason about and specify the concerns one a t a time. In this paper we make use of this approach to introduce security into an application. By means of the example of access control, we investigate how well the state of the art in aspect-oriented programming can deal with the separation of security from an application. We also discuss the benefits and drawbacks of this approach, and how it relates to similar techniques.
Chapter PDF
Similar content being viewed by others
References
Ancona, M., Cazzola, W., and Fernandez, E. (1999). Reflective Authorization Systems: Possibilities, Benifits anti Drawbacks. In Secure Internet Programming: Security Issues for Mobile and Distributed Objects.
Chiba, S. (1995). A Meta Object Protocol for C++. In Proceedings of the 1995 Conference on Object-Oriented Programming.
Cohen, S., Chase, J., and Kaminsky, D. (1998). Automatic Program Transformation with JOIE. In Proceedings of the 1998 USENZX Annual Technical Symposium.
De Win, B., Van den Bergh, J., Matthijs, F., De Decker, B., and Joosen, W. (2000). A Security Architecture for Electronic Commerce Applications. In Information Security for Global Information Infrastructures, pages 491–500. IFIP TC11, Kluwer Academic Publishers.
Demailly, L. (1996). Netscape Security (problems). http://www.demailly.com/dl/netscapesec/.
Evans, D. and Twyman, A. (1999). Flexible Policy-Directed Code Safety. In Proceedings of the 1999 IEEE Symposium on Security and Privacy.
Fraser, T., Badger, L., and Feldman, M. (1999). Hardening COTS Software with Generic Software Wrappers. In Proceedings of the 1999 IEEE Symposium on Security and Privacy.
Gamma, E., Helm, R., Johnson, R., and Vlissides, J. (1994). Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley Longman.
Gong, L. (1998). Java Security Architecture. http://java.sun.com/security.
Hagimont, D. and Ismail, L. (1997). A Protection Scheme for Mobile Agents on Java. In Proceedings of the International Conference on Mobile Computing and Networking.
Keller, R. and Holzle, U. (1998). Binary Code Adaptation. In Proceeding of the 1998 European Conference on Object-Oriented Programming.
Lai, C., Gong, L., Nadalin, A., and Schemers, R. (1999). User Authentication and Authorization in the Java Platform. In Proceedings of the 15th Annual Computer Security Applications Conference.
Robben, B., Vanhaute, B., Joosen, W., and Verbaeten, P. (1999). Non-functional Policies. In Cointe, P., editor, Meta-Level Architectures and Reflection, volume 1616 of Lecture Notes in Computer Science, pages 74–92. Springer-Verlag.
Stroud, R. and Wue, Z. (1996). Using Metaobject Protocols to Satifsy Non-functional Requirements. In Advances in Object-Oriented Metalevel Architectures and Reflection.
Vanhaute, B., De Win, B., and De Decker, B. (2001). Building Frameworks in Aspect J. ECOOP2001 Workshop on Advanced Separation of Concerns.
Welch, I. and Stroud, R. (2000). Using Reflection as a Mechanism for Enforcing Security Policies in Mobile Code. In Proceedings of the Sizth European Symposium on Research in Computer Security.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
De Win, B., Vanhaute, B., De Decker, B. (2002). Security Through Aspect-oriented Programming. In: De Decker, B., Piessens, F., Smits, J., Van Herreweghen, E. (eds) Advances in Network and Distributed Systems Security. IFIP International Federation for Information Processing, vol 78. Springer, Boston, MA. https://doi.org/10.1007/0-306-46958-8_9
Download citation
DOI: https://doi.org/10.1007/0-306-46958-8_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7558-6
Online ISBN: 978-0-306-46958-9
eBook Packages: Springer Book Archive