An Aspect-Oriented Approach For Web Application Access Control Presented by: Mohamed Hassan Carleton University Carleton University

Slides:



Advertisements
Similar presentations
Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
Advertisements

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 12Slide 1 Software Design l Objectives To explain how a software design may be represented.
Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.
1 JAC : Aspect Oriented Programming in Java An article review by Yuval Nir and Limor Lahiani.
© 2007 ATLAS Nantes 1 Atlas Model Weaver Use Case: Aspect Oriented Modeling Marcos Didonet Del Fabro Atlas Group (INRIA & LINA), Université de Nantes,
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.
Aspect Oriented Programming - AspectJ Radhika Rajput.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Modularization.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Introduction To System Analysis and Design
ASPECT ORIENTED SOFTWARE DEVELOPMENT Prepared By: Ebru Doğan.
1 Objectives To introduces the concept of software Design. To introduce the concept of Object- Oriented Design (OOD). To Define various aspects about object.
HAS. Patterns The use of patterns is essentially the reuse of well established good ideas. A pattern is a named well understood good solution to a common.
©Ian Sommerville 2006Software Engineering, 7th edition. Chapter 14 Slide 1 Object-oriented Design.
Copyright 2004 Prentice-Hall, Inc. Essentials of Systems Analysis and Design Second Edition Joseph S. Valacich Joey F. George Jeffrey A. Hoffer Appendix.
UML and Object Oriented Concepts
1 Model Interface Implementation for Two-Way Obliviousness in Aspect-Oriented Modeling Presented by Wuliang Sun Department of Computer Science Baylor University.
Deriving AO Software Architectures using the AO-ADL Tool Suite Luis Fernández, Lidia Fuentes, Mónica Pinto, Juan A. Valenzuela Universidad de Málaga
Software Engineering Muhammad Fahad Khan
1 Introduction Chapter 1. 2 Key Ideas Many failed systems were abandoned because analysts tried to build wonderful systems without understanding the organization.
1 Thomas Cottenier 1,2, Aswin van den Berg 1, Tzilla Elrad 2 1 Software and System Engineering Research Lab, Motorola Labs 2 Concurrent Programming Research.
Design Patterns OOD. Course topics Design Principles UML –Class Diagrams –Sequence Diagrams Design Patterns C#,.NET (all the course examples) Design Principles.
O BJECT O RIENTATION F UNDAMENTALS Prepared by: Gunjan Chhabra.
An Object-Oriented Approach to Programming Logic and Design
Secure Systems Research Group - FAU Aspects and mobile applications Sergio Soares Paulo Borba, “PaDA: A Pattern for Distribution Aspects” In Second Latin.
Introduction to Aspect Oriented Programming Presented By: Kotaiah Choudary. Ravipati M.Tech IInd Year. School of Info. Tech.
Architecture-Based Runtime Software Evolution Peyman Oreizy, Nenad Medvidovic & Richard N. Taylor.
Aspect Oriented Programming Razieh Asadi University of Science & Technology Mazandran Babol Aspect Component Based Software Engineering (ACBSE)
Supporting Heterogeneous Users in Collaborative Virtual Environments using AOP CoopIS 2001 September 5-7, Trento, Italy M. Pinto, M. Amor, L. Fuentes,
VERIFICATION OF ASPECT ORIENTED MODELS BY DON MARTIN JAYASHREE VENKIPURAM PATHANGI PIYUSH SRIVASTAVA REFERENCES F. Mostefaoui and J. Vachon,” Design level.
Copyright 2001 Prentice-Hall, Inc. Essentials of Systems Analysis and Design Joseph S. Valacich Joey F. George Jeffrey A. Hoffer Appendix A Object-Oriented.
Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.
What is “model transformation”? Distinction between source and target Source may be same as target May be multiple sources, or targets Reaching a fixed.
Introduction To System Analysis and Design
SOFTWARE DESIGN.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development 1.
Modularizing Web Services Management with AOP María Agustina Cibrán, Bart Verheecke { Maria.Cibran, System and Software Engineering.
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.
 FOAL 2010 Modeling Aspects by Category Theory Serge P. Kovalyov Novosibirsk, Russia.
Copyright 2002 Prentice-Hall, Inc. Chapter 2 Object-Oriented Analysis and Design Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey.
Aspect Oriented Programming Sumathie Sundaresan CS590 :: Summer 2007 June 30, 2007.
POSL (Principles of Software Languages) Gr. Kyushu Institute of Technology, Japan Pointcut-based Architectural Interface.
Aspect Oriented Programming Gülşah KARADUMAN.
VERIFICATION OF ASPECT-ORIENTED MODELS Review of Aspect-Oriented Definitions aspect – crosscutting concern that may involve multiple classes pointcut –
Aspect-Oriented Modeling of Access Control in Web Applications Gefei Zhang Joint work with Hubert Baumeister, Nora Koch and Alexander Knapp UML-BASED WEB.
Methodology: The AOP Refactoring Process Aspect-Oriented Refactoring of the Apache Cocoon Shared-Object Resource Allocation System Jeff Dalton Advisor:
AOP-1 Aspect Oriented Programming. AOP-2 Aspects of AOP and Related Tools Limitation of OO Separation of Concerns Aspect Oriented programming AspectJ.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 14 Slide 1 Object-oriented Design.
UHD::3320::CH121 DESIGN PHASE Chapter 12. UHD::3320::CH122 Design Phase Two Aspects –Actions which operate on data –Data on which actions operate Two.
1 An Aspect-Oriented Implementation Method Sérgio Soares CIn – UFPE Orientador: Paulo Borba.
Object-Oriented Modeling: Static Models. Object-Oriented Modeling Model the system as interacting objects Model the system as interacting objects Match.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University IWPSE 2003 Program.
MDD approach for the Design of Context-Aware Applications.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Applying Aspect-Orientation in Designing Security Systems Shu Gao Florida International University Center for Advanced Distributed Systems Engineering.
R R R A Brief Introduction to Aspect-Oriented Programming.
21/1/ Analysis - Model of real-world situation - What ? System Design - Overall architecture (sub-systems) Object Design - Refinement of Design.
Object-Oriented Systems. Goals Object-Oriented Methodologies – The Rumbaugh et al. OMT – The Booch methodology – Jacobson's methodologies.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Appendix A Object-Oriented Analysis and Design A.1.
Aspect-Oriented Software Development (AOSD)
Introduction to Service Orientation MIS 181.9: Service Oriented Architecture 2 nd Semester,
Basic Characteristics of Object-Oriented Systems
Aspect-oriented Code Generation Approaches Abid Mehmood & Dayang N. A. Jawawi Department of Software Engineering Faculty of Computer Science and Information.
Object-Oriented Analysis
Chapter 20 Object-Oriented Analysis and Design
Appendix A Object-Oriented Analysis and Design
An Introduction to Software Architecture
AspectAda Aspect-Oriented Programming for Ada95
Aspect Oriented Software Design
Presentation transcript:

An Aspect-Oriented Approach For Web Application Access Control Presented by: Mohamed Hassan Carleton University Carleton University Supervisor: Prof. Samuel A. Ajila

Outline Object-Oriented Modeling What is Aspect-Oriented? Aspect-Oriented Modeling Motivated Example Problem Statement Contribution AO Reference Architecture Related Works Integrated AO Access Control Implementation for Integrated Access Control Conclusion Future Works

Object-Oriented Modeling UK Security RMTR air_in taxi_in taxi_out air_out UK Monitoring RMTR air_in taxi_in taxi_out air_out UK Synchronize RMTR air_in taxi_in taxi_out air_out UK Real-Time RMTR air_in taxi_in taxi_out air_out Standard Model Concern requirements

Object-Oriented Modeling (contd.) OO Limitation: No separation of concerns Concerns are spread out. Single concern Concerns are spread out. Single concern affects multiple models. Multiple Concerns are interleaved in Multiple Concerns are interleaved in a single model. No mechanism for modeling interweaving crosscutting concerns. No mechanism for modeling interweaving crosscutting concerns.

What is Aspect-Oriented? “A technique that resolves crosscutting concerns where each concern is encapsulated in a modular unit called Aspect” [Elrad et. al].

Base Model UKRMTR air_in taxi_in taxi_out air_out UKRMTR air_in taxi_in taxi_out air_out Aspect Access Control Woven Model Aspect Real-Time Aspect Synchronize UKRMTR air_in taxi_in taxi_out air_out UKRMTR air_in taxi_in taxi_out air_out Base Requirements Access Control Requirements Synchronize Requirements Real-Time Requirements Aspect-Oriented Modeling Weaver

Base Model UKRMTR air_in taxi_in taxi_out air_out UKRMTR air_in taxi_in taxi_out air_out Aspect Access Control Woven Model Aspect Real-Time Aspect Synchronize UKRMTR air_in taxi_in taxi_out air_out UKRMTR air_in taxi_in taxi_out air_out Base Requirements Access Control Requirements Synchronize Requirements Real-Time Requirements Aspect-Oriented Modeling (contd.) Objective: 1- Validation of modules Weaver

Base Model Aspect Access Control Woven Model Aspect Real-Time Aspect Synchronize Aspect Library Objective: 2- Reuse of modules Weaver Aspect-Oriented Modeling (contd.)

Base Model (1) Woven Models Aspect Library Aspect-Oriented Modeling (contd.) Objective: 3- Plug and reuse models Base Model (2) Base Model (3)

Jointpoints Security holes Aspect Authentication ? ? ? Aspect weaver Motivated Example

Problem Statement Access control spread across application. Access control spread across application.  Hard to understand, reusable or analyze. Security policy can very in time. Security policy can very in time.  Weaving overhead and poor performance. Aspect itself can be targeted by intrusions. Aspect itself can be targeted by intrusions.  Aspect must be secured. Aspects must be woven to the application Aspects must be woven to the application in a proper order. in a proper order.  Aspect woven procedure.

Contribution Apply security rules depending on the application version before establishing the connection. Apply security rules depending on the application version before establishing the connection. Dynamically apply proper login menu depending on the connection type and the user behaviors. Dynamically apply proper login menu depending on the connection type and the user behaviors. Weave history technique: Weave history technique: Weave only modified part of aspect Weave only modified part of aspect Analyze aspect for un-authorize change Analyze aspect for un-authorize change An integration aspect-oriented approach to secure the web application

ConcernDecomposition AdaptationKindAdaptationSubject Language «import» AO Reference Architecture [Schauerhuber et al.] General decomposition of the system into concerns Describes where to introduce the aspect’s adaptation Concepts to describe how an aspect adapts a concern Language underlying the specification of base and aspect

Related works

Integrated AO Access Control Design principles 1. Each aspect module has multiple design iterative. Step 1: Class Diagram Step 1: Class Diagram  Define class: Attributes/ methods Relationship between classes Relationship between classes Step 2: Sequence Diagram (and other diagrams) Step 2: Sequence Diagram (and other diagrams)  Specify messages between objects

Security policy definition: A joined abstract modules that collect the rules into organized structure. 2. Security policy definition: A joined abstract modules that collect the rules into organized structure. Collects logical definitions for security rules into a central location. Collects logical definitions for security rules into a central location. Allows elements to be reused with other central location in other applications. Allows elements to be reused with other central location in other applications. Provides basic for security Library. Provides basic for security Library. Design principles (contd.) Integrated AO Access Control

3. Security policy weaved only once to the base module. Design principles (contd.) Integrated AO Access Control  Aspect propagates the changes in the aspect definition refereeing to its woven state.

Integrated AO Access Control > BaseAspect > Replace Abstract aspects Input: requested aspect from aspect library Previous woven aspect Timestamp (last modified) Timestamp (last woven) Output: weaved aspect begin Weave history end. First activity Second activity Third activity Fourth activity Weave history Weaver

Integrated AO Access Control Weave history Activity 1 Weave history

> Weaved_rules Integrated AO Access Control New rules weaved rules Activity 2 Weave history The difference of rules > New_rules

> User_Auth > Weaved_rules > Session_V2 Sub-aspects weaved version Integrated AO Access Control > Modified_Aspect Copy modified aspect Activity 3 Weave history

Integrated AO Access Control Modified aspect Base model Activity 4 Weave history > Modified_Aspect

Transition from design to development Aspect Oriented Programming. Aspect Oriented Programming.  AspectJ + Eclipse Generate aspect-oriented programming codes using: Generate aspect-oriented programming codes using:  Defined models that are created using UML and security design. Prototyping effort. Prototyping effort.

Aspect Access control Connection() Enter_Menu() Login() Implementation for Integrated Access Control Web Application

Implementation for Integrated Access Control Connection_menu() New_Result() Connection Client Step (1)

Implementation for Integrated Access Control Connection_type() Login menu Connection Enter menu Step (2)

Implementation for Integrated Access Control Connection() New_Result() Check for un-authorized aspect Check aspect list Security threat Connection Client Execute aspect Yes

Conclusion Aspects are presented using UML modeling. Aspects are presented using UML modeling. Representation are supplied with supplementary meta-attributes to hold weaving instruction. Representation are supplied with supplementary meta-attributes to hold weaving instruction. Aspect models defined generic abstract aspects that encapsulate the pointcuts. Aspect models defined generic abstract aspects that encapsulate the pointcuts.  High degree of independent.  More reusable in different context (aspect library). An integrated aspect-oriented approach is proposed to secure web application from any violation.

Conclusion (contd.) Aspect module collects information from application using before joinpoint. Aspect module collects information from application using before joinpoint.  Implemented the parallel-box concept.  Traces client behaviours in two different versions of the program. First:

Conclusion (contd.) Aspect module defines start and end points of the login method using around joinpoint. Aspect module defines start and end points of the login method using around joinpoint.  Overrides login menu depending on connection type and client behaviours.  Required bi-direction transformation of rules between aspect and application. Second:

Conclusion (contd.) Weaving history module is presented. Weaving history module is presented.  Weave only modified part of the aspect.  Analyze aspect modules for any unauthorized changes before weaves them to the application. Third:

Future works Analyze technique that verifies the weave of access control aspects. Analyze technique that verifies the weave of access control aspects. Build a dynamic weaving history technique. Build a dynamic weaving history technique. User interface to facilitate aspect selection and apply security rules. User interface to facilitate aspect selection and apply security rules. We are interested in extending our works in three different areas:

Questions? Thank you for attention!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.