A Practical Framework for the Dataflow Pointcut in AspectJ

Author

Boukhtouta, Amine ; Alhadidi, Dima ; Debbabi, Mourad

Author_Institution

Comput. Security Lab., Concordia Univ., Montreal, QC

fYear

2009

fDate

16-19 March 2009

Firstpage

835

Lastpage

840

Abstract

In this paper, we present the design and the implementation of the dataflow pointcut in AspectJ compiler ajc 1.5.0. Some security concerns are sensitive to flow of information in a program execution. The dataflow pointcut has been proposed by Masuhara and Kawauchi in order to easily implement such security concerns in aspect-oriented programming languages. The pointcut identifies join points based on the origins of values. The dataflow pointcut can detect and fix a lot of vulnerabilities that result from not validating input effectively, e.g., Web application vulnerabilities, process injection, log forging, and path injection. AspectJ extends the Java programming language to implement crosscutting concerns modularly in general. The implementation methodology of the dataflow pointcut which depends in define-use analysis is described in detail together with case studies that demonstrate how the implemented dataflow pointcut can detect a considerable number of vulnerabilities.

Keywords

Java; data flow analysis; object-oriented programming; program compilers; security of data; AspectJ compiler; Java programming language; aspect-oriented programming language; dataflow pointcut; program execution; security aspect; Application software; Availability; Computer languages; Computer security; Data security; Design engineering; Information security; Java; Laboratories; Open source software; AspectJ; Dataflow; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2009. ARES '09. International Conference on

Conference_Location

Fukuoka

Print_ISBN

978-1-4244-3572-2

Electronic_ISBN

978-0-7695-3564-7

Type

conf

DOI

10.1109/ARES.2009.86

Filename

5066573