Re-engineering Security as a Crosscutting Concern

We have re-engineered a third-party application using a reflective security architecture that allows security to be treated as a crosscutting concern. This has resulted in a considerable reduction in tangling between application code and security code. Prior to the re-engineering, the application was secured using a conventional approach based upon the application of inheritance and the proxy pattern, and we are thus able to compare both approaches. Our experience highlights some general points that are applicable to any attempt to engineer security using advanced separation of concerns technology and some possible improvements to Kava, used to implement the crosscutting concerns.

[1]  Michael Golm,et al.  Jumping to the Meta Level: Behavioral Reflection Can Be Fast and Flexible , 1999, Reflection.

[2]  Ian Welch,et al.  Kava - Using Byte code Rewriting to add Behavioural Reflection to Java , 2001, COOTS.

[3]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[4]  Bob Blakley,et al.  Approach to Object Security in Distributed SOM , 1996, IBM Syst. J..

[5]  Robert J. Walker,et al.  An initial assessment of aspect-oriented programming , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[6]  Ian Welch,et al.  Using Reflection as a Mechanism for Enforcing Security Policies on Compiled Code , 2002, J. Comput. Secur..

[7]  Winfried E. Kühnhauser,et al.  The BirliX Security Architecture , 2013, J. Comput. Secur..

[8]  Michel Riveill,et al.  Experiments with JavaPod, a Platform Designed for the Adaptation of Non-functional Properties , 2001, Reflection.

[9]  Laurence Duchien,et al.  JAC: A Flexible Solution for Aspect-Oriented Programming in Java , 2001, Reflection.

[10]  Franz J. Hauck,et al.  Meta objects for access control: a formal model for role-based principals , 1998, NSPW '98.

[11]  Karen R. Sollins,et al.  Towards Security in an Open Systems Federation , 1992, ESORICS.

[12]  Walter Cazzola,et al.  Reflective Authorization Systems: Possibilities, Benefits, and Drawbacks , 1999, Secure Internet Programming.

[13]  Lodewijk Bergmans,et al.  An Object-Oriented Language-Database Integration Model: The Composition-Filters Approach , 1992, ECOOP.

[14]  Urs Hölzle,et al.  Integrating Independently-Developed Components in Object-Oriented Languages , 1993, ECOOP.

[15]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[16]  Ian Welch,et al.  Using Reflection as a Mechanism for Enforcing Security Policies in Mobile Code , 2000, ESORICS.

[17]  Jörg Kienzle,et al.  AOP: Does It Make Sense? The Case of Concurrency and Failures , 2002, ECOOP.

[18]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[19]  C. Q. Lee,et al.  The Computer Journal , 1958, Nature.

[20]  Stanley M. Sutton,et al.  Multi-Dimensional Separation of Concerns , 1999 .

[21]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[22]  Denis Caromel,et al.  Reflections on MOPs, Components, and Java Security , 2001, ECOOP.

[23]  Franz J. Hauck,et al.  Meta objects for access control: extending capability-based security , 1998, NSPW '97.

[24]  Denis Caromel,et al.  A Simple Security-Aware MOP for Java , 2001, Reflection.

[25]  Shigeru Chiba,et al.  Load-Time Structural Reflection in Java , 2000, ECOOP.

[26]  Daniel G. Bobrow,et al.  Book review: The Art of the MetaObject Protocol By Gregor Kiczales, Jim des Rivieres, Daniel G. and Bobrow(MIT Press, 1991) , 1991, SGAR.

[27]  Pattie Maes,et al.  Concepts and experiments in computational reflection , 1987, OOPSLA '87.

[28]  José de Oliveira Guimarães,et al.  Reflection for Statically Typed Languages , 1998, ECOOP.

[29]  Wouter Joosen,et al.  Dynamic and selective combination of extensions in component-based applications , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.