Title :
A Practical Framework for the Dataflow Pointcut in AspectJ
Author :
Boukhtouta, Amine ; Alhadidi, Dima ; Debbabi, Mourad
Author_Institution :
Comput. Security Lab., Concordia Univ., Montreal, QC
Abstract :
In this paper, we present the design and the implementation of the dataflow pointcut in AspectJ compiler ajc 1.5.0. Some security concerns are sensitive to flow of information in a program execution. The dataflow pointcut has been proposed by Masuhara and Kawauchi in order to easily implement such security concerns in aspect-oriented programming languages. The pointcut identifies join points based on the origins of values. The dataflow pointcut can detect and fix a lot of vulnerabilities that result from not validating input effectively, e.g., Web application vulnerabilities, process injection, log forging, and path injection. AspectJ extends the Java programming language to implement crosscutting concerns modularly in general. The implementation methodology of the dataflow pointcut which depends in define-use analysis is described in detail together with case studies that demonstrate how the implemented dataflow pointcut can detect a considerable number of vulnerabilities.
Keywords :
Java; data flow analysis; object-oriented programming; program compilers; security of data; AspectJ compiler; Java programming language; aspect-oriented programming language; dataflow pointcut; program execution; security aspect; Application software; Availability; Computer languages; Computer security; Data security; Design engineering; Information security; Java; Laboratories; Open source software; AspectJ; Dataflow; Security;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.86