Towards language-independent approach for security concerns weaving

Mourad, Azzam; Alhadidi, Dima; Debbabi, Mourad

Towards language-independent approach for security concerns weaving

Mourad, Azzam; Alhadidi, Dima; Debbabi, Mourad

URI: http://hdl.handle.net/10725/8461

URL: https://www.scitepress.org/Link.aspx?doi=10.5220/0001925704600465

DOI: https://doi.org/10.5220/0001925704600465

Date: 2018-09-13

Terms of Use: This item is made available under the terms and conditions applicable to " Conference Paper / Proceeding ", as set forth at: http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.php

Abstract:

In this paper, we propose an approach for weaving security concerns in the Gimple representation of programs. Gimple is an intermediate, language-independent, and tree-based representation generated by GNU Compiler Collection (GCC) during the compilation process. This proposition constitutes the first attempt towards adopting the aspect-oriented concept on Gimple and exploiting this intermediate representation to allow advising an application written in a specific language with security code written in a different one. At the same time, injecting security is applied in a systematic way in order not to alter the original functionalities of the software. We explore the viability and the relevance of our proposition by: (1) implementing several Gimple weaving capabilities into the GCC compiler (2) developing a case study for securing the connections of a client application and (3) using the weaving features of the extended GCC to inject the security concerns into the application.

Citation:

Mourad, A., Alhadidi, D., & Debbabi, M. (2008). Towards Language-Independent Approach for Security Concerns Weaving. In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) (pp. 460-465).