.

New aspect-oriented constructs for security hardening concerns

LAUR Repository

Show simple item record

dc.contributor.author Mourad, Azzam
dc.contributor.author Soeanu, Andrei
dc.contributor.author Laverdiere, Marc-André
dc.contributor.author Debbabi, Mourad
dc.date.accessioned 2015-11-25T10:03:14Z
dc.date.available 2015-11-25T10:03:14Z
dc.date.copyright 2009
dc.date.issued 2016-05-19
dc.identifier.uri http://hdl.handle.net/10725/2683
dc.description.abstract In this paper, we present new pointcuts and primitives to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. The two proposed pointcuts allow to identify particular join points in a program's control-flow graph (CFG). The first one is the GAFlow, Closest Guaranteed Ancestor, which returns the closest ancestor join point to the pointcuts of interest that is on all their runtime paths. The second one is the GDFlow, Closest Guaranteed Descendant, which returns the closest child join point that can be reached by all paths starting from the pointcut of interest. The two proposed primitives are called ExportParameter and ImportParameter and are used to pass parameters between two pointcuts. They allow to analyze a program's call graph in order to determine how to change function signatures for passing the parameters associated with a given security hardening. We find these pointcuts and primitives to be necessary because they are needed to perform many security hardening practices and, to the best of our knowledge, none of the existing ones can provide their functionalities. Moreover, we show the viability and correctness of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies. en_US
dc.language.iso en en_US
dc.title New aspect-oriented constructs for security hardening concerns en_US
dc.type Article en_US
dc.description.version Published en_US
dc.author.school SAS en_US
dc.author.idnumber 200904853 en_US
dc.author.woa N/A en_US
dc.author.department Computer Science and Mathematics en_US
dc.description.embargo N/A en_US
dc.relation.journal Computers & Security en_US
dc.journal.volume 28 en_US
dc.journal.issue 6 en_US
dc.article.pages 341-358 en_US
dc.keywords Software security en_US
dc.keywords Security hardening en_US
dc.keywords Aspect-oriented programming en_US
dc.keywords Security/software engineering en_US
dc.keywords Control-flow graph en_US
dc.keywords Dominators en_US
dc.identifier.doi http://dx.doi.org/10.1016/j.cose.2009.02.003 en_US
dc.identifier.ctation Mourad, A., Soeanu, A., Laverdière, M. A., & Debbabi, M. (2009). New aspect-oriented constructs for security hardening concerns. Computers & security, 28(6), 341-358. en_US
dc.author.email azzam.mourad@lau.edu.lb
dc.identifier.url http://www.sciencedirect.com/science/article/pii/S016740480900011X
dc.orcid.id https://orcid.org/0000-0001-9434-5322


Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search LAUR


Advanced Search

Browse

My Account