Authors: Amjad Nusayr

Abstract:

Software security is a general term used to any type of software architecture or model in which security aspects are incorporated in this architecture. These aspects are not part of the main logic of the underlying program. Software security can be achieved using a combination of approaches including but not limited to secure software designs, third part component validation, and secure coding practices. Memory safety is one feature in software security where we ensure that any object in memory is have a valid pointer or a reference with a valid type. Aspect Oriented Programming (AOP) is a paradigm that is concerned with capturing the cross-cutting concerns in code development. AOP is generally used for common cross-cutting concerns like logging and Database transaction managing. In this paper we introduce the concepts that enable AOP to be used for the purpose of memory and type safety. We also present ideas for extending AOP in software security practices.

Keywords: Aspect oriented programming, programming languages, software security, memory and type safety.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 346

References:

[1] S. L. Kanniah and M. N. ri bin Mahrin, “Secure software development practice adoption model: A delphi study,” J. Telecommun. Electron. Comput. Eng., vol. 10, no. 2–8, pp. 71–75, 2018.
[2] G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. G. Griswold, “An Overview of AspectJ,” in Proceedings of the 15th European Conference on Object-Oriented Programming, 2001, pp. 327–353.
[3] N. Cooprider, W. Archer, E. Eide, D. Gay, and J. Regehr, “Efficient memory safety for TinyOS,” in SenSys’07 - Proceedings of the 5th ACM Conference on Embedded Networked Sensor Systems, 2007, pp. 205–218.
[4] C. Technology, “MICAz: Wireless Measurement System,” Prod. Datasheet, pp. 4–5, 2008.
[5] E. Bodden and K. Havelund, “Aspect-oriented race detection in Java,” IEEE Trans. Softw. Eng., vol. 36, no. 4, 2010.
[6] D. Llewellyn-Jones, Q. Shi, and M. Merabti, “Extending aop principles for the description of network security patterns,” in Cyberpatterns: Unifying Design Patterns with Security and Attack Patterns, vol. 9783319044477, 2014.
[7] N. Ubayashi, “An AOP Implementation Framework for Extending Join Point Models,” in Proceedings of ECOOP 2004 Workshop on Reflection, AOP and Meta-Data for Software Evolution (RAM-SE’04, 2004, pp. 71–81.
[8] G. J. Duck and R. H. C. Yap, “EffectiveSan: Type and memory error detection using dynamically typed C/C++,” ACM SIGPLAN Not., vol. 53, no. 4, pp. 181–195, 2018.
[9] J. Regehr, N. Cooprider, W. Archer, and E. Eide, “Efficient type and memory safety for tiny embedded systems,” in International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, 2006.
[10]
[A. usayr, J. Cook, and G. Rahnavard, “TEAMS: A special-purpose AOP framework for runtime monitoring,” in Proceedings - 23rd IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2012, 2012.