1. New aspect-oriented constructs for security hardening concerns
- Author
-
Mourad, Azzam, Soeanu, Andrei, Laverdiere, Marc-Andre, and Debbabi, Mourad
- Subjects
Algorithm ,Algorithms -- Analysis ,Algorithms -- Safety and security measures - Abstract
To link to full-text access for this article, visit this link: http://dx.doi.org/10.1016/j.cose.2009.02.003 Byline: Azzam Mourad, Andrei Soeanu, Marc-Andre Laverdiere, Mourad Debbabi Abstract: In this paper, we present new pointcuts and primitives to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. The two proposed pointcuts allow to identify particular join points in a program's control-flow graph (CFG). The first one is the GAFlow, Closest Guaranteed Ancestor, which returns the closest ancestor join point to the pointcuts of interest that is on all their runtime paths. The second one is the GDFlow, Closest Guaranteed Descendant, which returns the closest child join point that can be reached by all paths starting from the pointcut of interest. The two proposed primitives are called ExportParameter and ImportParameter and are used to pass parameters between two pointcuts. They allow to analyze a program's call graph in order to determine how to change function signatures for passing the parameters associated with a given security hardening. We find these pointcuts and primitives to be necessary because they are needed to perform many security hardening practices and, to the best of our knowledge, none of the existing ones can provide their functionalities. Moreover, we show the viability and correctness of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies. Author Affiliation: Computer Security Laboratory, Concordia Institute for Information Systems Engineering, Concordia University, Montreal (QC), Canada Article History: Received 18 October 2007; Revised 21 January 2009; Accepted 23 February 2009 Article Note: (footnote) [star] This research is the result of a fruitful collaboration between CSL (Computer Security Laboratory) of Concordia University, DRDC (Defence Research and Development Canada) Valcartier and Bell Canada under the NSERC DND Research Partnership Program.
- Published
- 2009