Nouveaux points de coupure et primitives pour les préoccupations de renforcement de sécurité

Abstract

In this paper, we present two new pointcuts and two new Primitives to AspectOriented Programming (AOP) languages that are needed for systematic hardening of security concerns. The two proposed pointcuts allow to identify particular join points in a program’s control flow graph (CFG). The first one is the GAFlow, the Closest Guaranteed Ancestor, which returns the closest ancestor join point to the pointcuts of interest that is on all their runtime paths. The second one is the GDFlow, the Closest Guaranteed Descendant, which returns the closest child join point that can be reached by all paths starting from the pointcuts of interest. The two proposed primitives are called exportParameter and importParameter and are used to pass parameters between two pointcuts. They allow to analyze a program’s call graph in order to determine how to change function signatures for the passing of parameters associated with a given security hardening. We find these pointcuts and primitives to be necessary because they are needed to perform many security hardening practices and, to the best of our knowledge, none of the existing ones can provide their functionalities. Moreover, we show the viability and correctness of our proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the results of explanatory case studies.