Aspect Oriented Security Tim Hollebeek, Ph.D.

Slides:



Advertisements
Similar presentations
Scenarios for applying crosscutting concerns. Aspects should be visible throughout the full lifecycle of a software product. While most AOP-efforts currently.
Advertisements

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
The Top 10 Reasons Why Federated Can’t Succeed And Why it Will Anyway.
Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.
Chapter 3 Process Models
ASTA Aspect Software Testing Assistant Juha Gustafsson, Juha Taina, Jukka Viljamaa University of Helsinki.
1 JAC : Aspect Oriented Programming in Java An article review by Yuval Nir and Limor Lahiani.
Framework is l Reusable Code, often domain specific (GUI, Net, Web, etc) l expressed as l a set of classes and l the way objects in those classes collaborate.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
The Knowledge Industry Survival Strategy (KISS) Tony Clark, Thames Valley University, London, UK Jorn Bettin, Sofismo, Switzerland.
ASPECT ORIENTED SOFTWARE DEVELOPMENT Prepared By: Ebru Doğan.
Software Services for Social Network tools implementation Aleksandar Dimov, PhD Sofia University
Rigorous Fault Tolerance Using Aspects and Formal Methods Shmuel Katz Computer Science Department The Technion Haifa, Israel
On the horizon Chapter twenty-five of: Szyperski, Clemens et al. Component Software - Beyond Object-Oriented Programming. Second Edition.
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
Object-Oriented Methods: Database Technology An introduction.
1 An introduction to design patterns Based on material produced by John Vlissides and Douglas C. Schmidt.
1 Model Interface Implementation for Two-Way Obliviousness in Aspect-Oriented Modeling Presented by Wuliang Sun Department of Computer Science Baylor University.
PROGRAMMING LANGUAGES The Study of Programming Languages.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 18 Slide 1 Software Reuse.
Software Engineering Muhammad Fahad Khan
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
GENERAL CONCEPTS OF OOPS INTRODUCTION With rapidly changing world and highly competitive and versatile nature of industry, the operations are becoming.
SWE 316: Software Design and Architecture – Dr. Khalid Aljasser Objectives Lecture 11 : Frameworks SWE 316: Software Design and Architecture  To understand.
Introduction to Aspect Oriented Programming Presented By: Kotaiah Choudary. Ravipati M.Tech IInd Year. School of Info. Tech.
Database Design - Lecture 2
©Ian Sommerville 2000 Software Engineering, 6th edition. Slide 1 Component-based development l Building software from reusable components l Objectives.
©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.
1 Chapter 9 Database Design. 2 2 In this chapter, you will learn: That successful database design must reflect the information system of which the database.
Aspect Oriented Programming Razieh Asadi University of Science & Technology Mazandran Babol Aspect Component Based Software Engineering (ACBSE)
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.
Ranga Rodrigo. The purpose of software engineering is to find ways of building quality software.
Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.
CSC 395 – Software Engineering Lecture 12: Reusability –or– Programming was Bjarne Again.
Modularizing Web Services Management with AOP María Agustina Cibrán, Bart Verheecke { Maria.Cibran, System and Software Engineering.
KMS Products By Justin Saunders. Overview This presentation will discuss the following: –A list of KMS products selected for review –The typical components.
Copyright © 2007 Addison-Wesley. All rights reserved.1-1 Reasons for Studying Concepts of Programming Languages Increased ability to express ideas Improved.
Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.
University of Southern California Center for Systems and Software Engineering Model-Based Software Engineering Supannika Koolmanojwong Spring 2013.
Model Driven Development An introduction. Overview Using Models Using Models in Software Feasibility of MDA MDA Technologies The Unified Modeling Language.
1 The Modular Structure of Complex Systems Presented by: SeyedMasoud Sadjadi and Wei Zhu David L. Parnas, Paul C. Clement, and David M. Weiss ICSE 1984.
Securing Class Initialization in Java-like Languages.
Date: November 9, 2011 Presenter – Munawar Hafiz Assistant Professor, CSSE, Auburn University A Tale of Four Research Ideas.
1 An Aspect-Oriented Implementation Method Sérgio Soares CIn – UFPE Orientador: Paulo Borba.
1 Vulnerability Assessment Elisa Heymann Computer Architecture and Operating Systems Department Universitat Autònoma de Barcelona
Adaptive Software Kevin Cella Graduate Seminar 02/04/2005.
Software Waterfall Life Cycle
Weaving a Debugging Aspect into Domain-Specific Language Grammars SAC ’05 PSC Track Santa Fe, New Mexico USA March 17, 2005 Hui Wu, Jeff Gray, Marjan Mernik,
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University IWPSE 2003 Program.
1 Object Oriented Logic Programming as an Agent Building Infrastructure Oct 12, 2002 Copyright © 2002, Paul Tarau Paul Tarau University of North Texas.
Interfaces About Interfaces Interfaces and abstract classes provide more structured way to separate interface from implementation
By Godwin Alemoh. What is usability testing Usability testing: is the process of carrying out experiments to find out specific information about a design.
Java Example Presentation of a Language. Background Conception: Java began as a language for embedded processors in consumer electronics, such as VCR,
Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.
Biological Model Engineering Peter Saffrey, Department of Medicine Cakes Talk Monday, October 20, 2008.
Aspect-Oriented Software Development (AOSD)
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.
A service Oriented Architecture & Web Service Technology.
The Development Process of Web Applications
SysML v2 Formalism: Requirements & Benefits
The Top 10 Reasons Why Federated Can’t Succeed
Chapter 2 – Software Processes
Automatic Derivation, Integration and Verification
Chapter 7 –Implementation Issues
Ivan Kurtev, Klaas van den Berg Software Engineering Group
Presentation transcript:

Aspect Oriented Security Tim Hollebeek, Ph.D.

Overview Background and Motivation Aspect Oriented Programming Aspect Oriented Security Strategy and Progress

State of the World Then (1980’s): Network applications vulnerable to compromise due to well known software flaws Now: Network applications vulnerable to compromise due to well known software flaws Why don’t we have secure software? Many subtleties Too much to know Programming is hard Popular languages are not designed with security in mind What we know isn’t being applied to real software!

Nature of Software Security Security expertise is rare, and expensive to produce Software is large and complex Auditing is often impractical Yet: only as secure as “weakest link” Ability to apply security concerns uniformly throughout code would be useful

Aspect Oriented Programming Developer Source Code Source Code Application ? Developer Source code organized in terms of concerns instead of in terms of objects

Aspect Oriented Security Developers Security Expert Source Code Security Expertise Secure Application ? Developer is not a security expert

Aspect Oriented Security Developers Security Expert Source Code Security Aspect Secure Application Weaver Developer is not a security expert Security expertise is application independent

Aspect Oriented Security Programmers should not have to be security experts! Security experts should not have to know what application every programmer is building! Abstract security concerns away and deal with them separately Build technology to weave in the appropriate constructs Write once, apply everywhere Goal: Aspect language for static transformations that express security fixes and preventative measures Need: Portability of concerns, as well as separation

Architecture

Scope Language: C Traditional applications Many security problems –Buffer overflows, race conditions, unsafe library calls, TOCTOU, unchecked error codes, audit logging, critical sections (and others!) Problems are well known and well understood Many insecure programs could immediately benefit from working tool Results can be easily applied to new languages

Theory Aspects must be able to make moderately complex transformations to existing code Aspects must be portable, must integrate cleanly with other aspects without prior knowledge Merging multiple aspects –Based on the idea that semantics of original program are preserved Theory and experience from AOP community is helpful here

Key issues Security experts need sufficiently powerful primitives for expressing interesting transformations Tool must place little or no burden on users Filman and Friedman: “Aspect Oriented Programming is Quantification and Obliviousness” OOPSLA 2000

Progress to Date Build Integration –weaving integrates seamlessly into development environment Designed and implemented infrastructure for future weavers Prototype aspect language and weaver –syntax and semantics similar to AspectJ –explored what can be expressed –evaluated requirements/design considerations for further improvements

Future Work Aspect collision Reusable aspects –Aspect inheritance –Aspect extension (e.g., error recovery) Aspect language improvements –Extensibility –Expressiveness Configuration and build issues –Usability –Aspect configuration Integration –Linker, library issues –Other tools Design and implement security aspects, distribute tool

Conclusion Aspect Oriented Security  provides uniform framework for building secure software automatically C source Other languages  Separation of concerns Developer does not require security expertise Security expert does not require knowledge of program  Security aspects are reusable and extensible Automatic Integrated with normal build process

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.