Towards an Aspect Oriented Approach for the Security Hardening of Code

Author

Mourad, Azzam ; Laverdiére, Marc-André ; Debbabi, Mourad

Author_Institution

Comput. Security Lab., Concordia Univ., Montreal, QC

Volume

1

fYear

2007

fDate

21-23 May 2007

Firstpage

595

Lastpage

600

Abstract

In this paper, we present an approach revolving around aspect-oriented software development (AOSD) for the systematic security hardening of source code. It provides an abstraction over the actions required to improve the security of the program. Security architects can specify high level security hardening plans that leverages a priori defined security hardening patterns. These patterns describe the steps and actions required for hardening, including detailed information on how and where to inject the security code. We show the viability and relevance of our approach by: (1) Elaborating security hardening patterns and plans to common security hardening practices, (2) realizing these patterns by implementing them into aspect oriented languages, (3) applying them to secure applications, (4) testing the hardened applications.

Keywords

object-oriented programming; security of data; software engineering; aspect oriented languages; aspect-oriented software development; code security hardening; program security; security hardening patterns; source code; Application software; Computer security; Information security; Information systems; Laboratories; Open source software; Programming; Proposals; Systems engineering and theory; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on

Conference_Location

Niagara Falls, Ont.

Print_ISBN

978-0-7695-2847-2

Type

conf

DOI

10.1109/AINAW.2007.355

Filename

4221122