Enforcing security for desktop clients using authority aspects

Proceedings of the 8th ACM International Conference on Aspect-Oriented Software Development, AOSD'09

Volumn , Issue , 2009, Pages 255-266

  Cannon, Brett ^a   Wohlstadter, Eric ^a  

^a UNIVERSITY OF BRITISH COLUMBIA   (Canada)

Author keywords

Design; Security

Indexed keywords

ASPECT ORIENTED SOFTWARE DEVELOPMENT; ASPECT-ORIENTED; CLIENT APPLICATIONS; DESIGN SECURITY; DESKTOP APPLICATIONS; HIGH CONNECTIVITY; LEAST PRIVILEGE; PLUG-INS; REMOTE RESOURCES; RESOURCE ACCESS; RSS FEEDS; SECURITY RISKS;

COMPUTER SOFTWARE; COMPUTER SYSTEMS PROGRAMMING; SOFTWARE DESIGN;

NETWORK SECURITY;

EID: 70450267827     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1509239.1509275     Document Type: Conference Paper

References (28)

1. Anonymous. The Lobo Project. http://www.lobobrowser.org/.
2. Anonymous. Sans top-20 2007 security risks. http://www.sans.org/top20/, The SANS Institute, 2007.
3. Anonymous. Java International FAQ. http://java.sun.com/javase/ technologies/core/basic/intl/faq.jsp, 09 2008.
4. A. Charfi and M. Mezini. Using aspects for security engineering of web service compositions. In Proceedings of the IEEE International Conference on Web Services, pages 59-66, Washington, DC, USA, 2005. IEEE Computer Society.
5. R. Elz and R. Bush. Clarifications to the DNS Specification. http://www.ietf.org/rfc/rfc2181.txt, 07 1997.
6. S. Gao, Y. Deng, H. Yu, X. He, K. Beznosov, and K. Cooper. Applying Aspect-Orientation in Designing Security Systems: A Case Study. In The Sixteenth International Conference on Software Engineering and Knowledge Engineering, 2004.
7. C. B. Haley, R. C. Laney, and B. Nuseibeh. Deriving security requirements from crosscutting threat descriptions. In Proceedings of the 3rd international conference on Aspect-oriented software development, pages 112-121, New York, NY, USA, 2004. ACM.
8. C. Hawblitzel, C.-C. Chang, G. Czajkowski, D. Hu, and T. von Eicken. Implementing Multiple Protection Domains in Java. In Proceedings of the 1998 USENIX Annual Technical Conference, 1998.
9. M. Huang, C. Wang, and L. Zhang. Toward a Reusable and Generic Security Aspect Library. In AOSD Technology for Application-Level Security Workshop, 2004.
10. A. H. Karp. POLA Today Keeps the Virus at Bay. Technical Report HPL-2003-191, HP Laboratories Palo Alto, 2003.
11. G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. G. Griswold. An Overview of AspectJ. In Proceedings of the 15th European Conference on Object-Oriented Programming, 2001.
12. L. Koved, M. Pistoia, and A. Kershenbaum. Access rights analysis for Java. In Proceedings of the 17th Annual ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, 2002.
13. L. C. Lam and T. cker Chiueh. A general dynamic information flow tracking framework for security applications. In Proceedings of the 22nd Annual Computer Security Applications Conference, 2006.
14. A. Mettler and D. Wagner. The Joe-E Language Specification (draft). University of California, June 2006.
15. M. S. Miller and J. S. Shapiro. Paradigm Regained: Abstraction Mechanisms for Access Control. In Asian Computing Conference, 2003.
16. A. Mourad, M.-A. Laverdiére, and M. Debbabi. A High-level Aspect-oriented-based Framework for Software Security Hardening. Information Security Journal: A Global Perspective, 17(2):56-74, 2008.
17. K. Padayachee and J. Eloff. Innovations and Advanced Techniques in Computer and Information Sciences and Engineering, chapter An Aspect-Oriented Model to Monitor Misuse, pages 273-278. Springer Netherlands, 09 2007.
18. B. Pasero. RSSOwl. http://www.rssowl.org/.
19. N. Provos, M. Friedl, and P. Honeyman. Preventing privilege escalation. In Proceedings of the 12th conference on USENIX Security Symposium, 2003.
20. A. Prunicki and T. Elrad. Aclamate: An aosd security framework for access control. In Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing, pages 293-300, Washington, DC, USA, 2006. IEEE Computer Society.
21. J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. In Communications of the ACM, volume 17, 7, 1974.
22. M. Stiegler, A. H. Karp, K.-P. Yee, and M. S. Miller. Polaris: Virus Safe Computing for Windows XP. Technical Report HP:-2004-221, HP Laboratories Palo Alto, 2004.
23. D. Wagner. Object Capabilities for Security. Invited Talk, PLAS 2006, June 2006.
24. R. J. Walker and K. Viggers. Implementing protocols via declarative event patterns. In SIGSOFT FSE, pages 159-169, 2004.
25. B. D. Win, V. Shah, W. Joosen, and R. Bodkin. Report of the AOSD2004 workshop on AOSD technology for application-level security. Technical report, Department of Computer Science, K.U. Leuven, Leuven, Belgium, 2005.
26. B. D. Win, B. Vanhaute, and B. D. Decker. Security Through Aspect-Oriented Programming. In Network Security, 2001.
27. K. Yee. User Interaction Design for Secure Systems. In International Conference on Information and Computer Security, 2002.
28. Z. J. Zhu and M. Zulkernine. Towards an Aspect-Oriented Intrusion Detection Framework. In COMPSAC '07: Proceedings of the 31st Annual International Computer Software and Applications Conference - Vol. 1, pages 637-638. IEEE Computer Society, 2007.