New aspect-oriented constructs for security hardening concerns

Computers and Security

Volumn 28, Issue 6, 2009, Pages 341-358

  Mourad, Azzam ^a   Soeanu, Andrei ^a   Laverdière, Marc André ^a   Debbabi, Mourad ^a  

^a Concordia University ^*  (Canada)

Author keywords

Aspect oriented programming; Control flow graph; Dominators; Security hardening; Security software engineering; Software security

Indexed keywords

ASPECT-ORIENTED PROGRAMMING; CONTROL-FLOW GRAPH; DOMINATORS; SECURITY HARDENING; SECURITY/SOFTWARE ENGINEERING; SOFTWARE SECURITY;

COMPUTER SOFTWARE; COMPUTER SYSTEMS PROGRAMMING;

HARDENING;

EID: 67649823405     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2009.02.003     Document Type: Article

References (41)

1. Aberg R.A., Lawall J.L., Sudholt M., Muller G., and Meury A.F.L. On the automatic evolution of an OS kernel using temporal logic and AOP. Proceedings of the 18th IEEE international conference on automated software engineering (ASE03) (2003), IEEE
2. Aït-Kaci H., Boyer R., Lincoln P., and Nasr R. Efficient implementation of lattice operations. ACM Transactions on Programming Languages and Systems 11 1 (1989) 115-146
3. Bishop M. How attackers break programs, and how to write more secure programs. Available at: (2005). http://nob.cs.ucdavis.edu/∼bishop/secprog/sans2002/index.html [accessed 11.11.08]
4. Bodkin R. Enterprise security aspects. In: Proceedings of the workshop on AOSD technology for application-level security (AOSD04: AOSDSEC); 2004.
5. Böllert K. On weaving aspects. In: Proceeding of the international workshop on aspect-oriented programming at ECOOP99; 1999.
6. Bonér J. Semantics for a synchronized block join point. Available at: (2005). http://www.jonasboner.com/2005/07/18/semantics-for-a-synchronized-block-join-point/ [accessed 11.11.08]
7. Callahan D., Carle A., Hall M.W., and Kennedy K. Constructing the procedure call multigraph. IEEE Transactions on Software Engineering 16 4 (1990) 483-487
8. Clarke D., Drossopoulou S., Noble J., and Wrigstad T. Tribe: a simple virtual class calculus. AOSD07: proceedings of the 6th international conference on aspect-oriented software development (2007), ACM
9. Coady Y., Kiczales G., Feeley M., and Smolyn G. Using AspectC to improve the modularity of path-specific customization in operating system code. Proceedings of foundations of software engineering (2001), ACM
10. Cooper K, Harvey T, Kennedy K. A simple, fast dominance algorithm. Software Practice and Experience 2001;4:1-10.
11. Cottenier T., van den Berg A., and Elrad T. Stateful aspects: the case for aspect-oriented modeling. Proceedings of the 10th international workshop on aspect-oriented modeling (2007), ACM
12. DeWin B. Engineering application level security through aspect oriented software development, Ph.D. thesis, Katholieke Universiteit Leuven; 2004.
13. Dijkstra E. Dijkstra's algorithm. Available at:. http://en.wikipedia.org/wiki/Dijkstra_algorithm [accessed 11.11.08]
14. Gomez E. CS624-notes on control flow graph. Available at: (2003). http://www.csci.csusb.edu/egomez/cs624/cfg.pdf [accessed 11.11.08]
15. Grove D., and Chambers C. A framework for call graph construction algorithms. ACM Transactions on Programming Languages and Systems 23 6 (2001) 685-746
16. Hadidi D., Belblidia N., and Debbabi M. Security crosscutting concerns and AspectJ. Proceedings of the 2006 international conference on privacy, security and trust (PST 2006) (2006), McGraw-Hill/ACM
17. Harbulot JR, Gurd A. Join point for loops in AspectJ. In: Proceedings of the 4th workshop on foundations of aspect-oriented languages (FOAL 2005). March; 2005.
18. Holloway G., and Smith M.D. The Machine-SUIF control-flow analysis library. Available at: (1998), Harvard University. http://www.eecs.harvard.edu/machsuif/software/nci/cfa.html [accessed 11.11.08]
19. Howard M., and LeBlanc D.E. Writing secure code (2002), Microsoft, Redmond, WA, USA
20. Howard M., and Lipner S. The security development lifecycle (2006), Microsoft, Redmond, WA, USA
21. Huang M, Wang C, Zhang L. Toward a reusable and generic security aspect library. In: Proceedings of the workshop on AOSD technology for application-level security (AOSD04: AOSDSEC); 2004.
22. Kiczales G. The fun has just begun, keynote talk at AOSD 2003. Available at: (2003). http://www.cs.ubc.ca/∼gregor/papers/kiczales-aosd-2003.ppt [accessed 11.11.08]
23. Kiczales G., Hilsdale E., Hugunin J., Kersten M., Palm J., and Griswold W. Overview of AspectJ. Proceedings of the 15th European conference ECOOP 2001 (2001), Springer Verlag
24. Kim H. An AOSD implementation for C#, tech. rep. TCD-CS2002-55 (2002), Department of Computer Science, Trinity College, Dublin
25. Laverdière MA, Mourad A, Soeanu A, Debbabi M. Control flow based pointcuts for security hardening concerns. In: Proceedings of the joint iTrust and PST conferences on privacy, trust management and security. Moncton, New Brunswick, Canada; 2007.
26. Masuhara H, Kawauchi K. Dataflow pointcut in aspect-oriented programming. In: Proceedings of the first Asian symposium on programming languages and systems (APLAS03); 2003.
27. Mourad, Laverdière M.A., and Debbabi M. Security hardening of open source software. Proceedings of the 2006 international conference on privacy, security and trust (PST 2006) (2006), McGraw-Hill/ACM
28. Mourad A., Laverdière M.A., and Debbabi M. Towards an aspect oriented approach for the security hardening of code. Proceedings of the 3rd IEEE international symposium on security in networks and distributed systems (2007), IEEE
29. Mourad A., Laverdière M.A., and Debbabi M. A high-level aspect-oriented based language for software security hardening. Proceedings of the international conference on security and cryptography (2007), Secrypt
30. Mourad A., Laverdière M.A., and Debbabi M. An aspect oriented approach for the systematic security hardening of code. Computers & Security 27 3-4 (2008) 101-114
31. Myers A. Jflow: practical mostly-static information flow control. Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on principles of programming languages (POPL99) (1999), ACM
32. Navarro L.D.B., Südholt M., Vanderperren W., Fraine B.D., and Suvée D. Explicitly distributed AOP using AWED. AOSD06: proceedings of the 5th international conference on aspect-oriented software development (2006), ACM
33. Ryder G. Constructing the call graph of a program. IEEE Transactions on Software Engineering 5 3 (1979) 216-226
34. Schumacher M., Fernandez-Buglioni E., Hybertson D., Buschmann F., and Sommerlad P. Security patterns: integrating security and systems engineering (2006), Wiley
35. Seacord R.C. Secure coding in C and C++, SEI series (2005), Addison-Wesley
36. Shah V. An aspect-oriented security assurance solution, techical report AFRL-IF-RS-TR-2003-254 (2003), Cigital Labs
37. Shah V., and Hill F. Aspect-oriented programming security framework. Proceedings of the DARPA information survivability conference and exposition (DISCEX 03) (2003), IEEE
38. Slowikowski P, Zielinski K. Comparison study of aspect-oriented and container managed security. In: Proceedings of the ECCOP workshop on analysis of aspect-oriented software; 2003.
39. Spinczyk O, Gal A, Schröder-Preikschat W. AspectC++: an aspect-oriented extension to C++. In: Proceedings of the 40th international conference on technology of object-oriented languages and systems; 2002.
40. Wheeler D.A. Secure programming for Linux and Unix HOWTO - creating secure software v3.010. Available at: (2003). http://www.dwheeler.com/secure-programs/ [accessed 11.11.08]
41. Xu D., Goel V., and Nygard K. An aspect-oriented approach to security requirements analysis. 30th Annual international computer software and applications conference (COMPSAC'06) (2006), IEEE