Security Aspect Models Geri Georg, Robert France, and Indrakshi Ray Department of Computer Science Colorado State University, Fort Collins, CO 80523 Abstract. Aspect-oriented modeling (AOM) techniques allow system architects to design the most important decompositions of complex systems to create a Aspect-oriented modeling (AOM) techniques allow system architects to design the most important decompositions of complex systems to create a primary system modularization. These techniques can also be used to design additional system concerns that are not part of the primary system modularization. Aspect-oriented modeling techniques can be used to compose different aspect models with the primary decomposition models in order to analyze the complete system design. The results of analyses can be used to compare potential design realizations of multiple competing concerns. Aspect models, composition, and analysis techniques must be available at different levels of abstraction to enable comprehensive trade-off analysis among competing concern realizations. Different levels of abstraction are particularly important when multiple mechanisms are available to realize a concern, such as in the area of security. Architects need to experiment with different security mechanisms in order to choose those that best meet overall system goals while providing minimal interference with other design considerations. Abstract aspect models can be used to develop more detailed mechanism models that are still independent of implementation considerations. These detailed models can be used for mechanism analysis and trade-off experimentation. We have created two detailed authentication mechanism models using an abstract aspect model, and we demonstrate the steps used to create the detailed model for one of these mechanisms in this paper. Although not discussed in this paper, we have composed these different mechanism models with primary decomposition models using the same AOM composition techniques that we use to compose abstract models. The resulting compositions allow system architects to analyze different mechanisms available to realize a particular abstract concern, such as authentication. Architects can use analysis results to make design trade-off decisions and choose the mechanisms that best meet overall system requirements. We are continuing to evolve this work to define a refinement mechanism for our prototype tool.
[1]
Marcelo R. Campo,et al.
Analyzing the role of aspects in software design
,
2001,
CACM.
[2]
William G. Griswold,et al.
An Overview of AspectJ
,
2001,
ECOOP.
[3]
Yoshikazu Yamamoto,et al.
Extending UML with Aspects: Aspect Support in the Design Phase
,
1999,
ECOOP Workshops.
[4]
Ruzanna Chitchyan,et al.
Persistence as an aspect
,
2003,
AOSD '03.
[5]
Mehmet Aksit,et al.
Composing Multiple Concerns Using Composition Filters
,
2001
.
[6]
Thomas D. Wu.
The Secure Remote Password Protocol
,
1998,
NDSS.
[7]
Robert B. France,et al.
Tool Support for Aspect-Oriented Design
,
2002,
OOIS Workshops.
[8]
Sudipto Ghosh,et al.
Using Roles to Characterize Model Families
,
2003
.
[9]
Indrakshi Ray,et al.
Designing High Integrity Systems Using Aspects
,
2002,
IICIS.
[10]
Grady Booch.
Growing the UML
,
2002,
Software and Systems Modeling.
[11]
Siobhán Clarke,et al.
Separating Concerns Throughout the Development Lifecycle
,
1999,
ECOOP Workshops.
[12]
Indrakshi Ray,et al.
Using aspects to design a secure system
,
2002,
Eighth IEEE International Conference on Engineering of Complex Computer Systems, 2002. Proceedings..
[13]
Gregory T. Sullivan.
Aspect-oriented programming using reflection and metaobject protocols
,
2001,
CACM.
[14]
Karl J. Lieberherr,et al.
Aspect-oriented programming with adaptive methods
,
2001,
CACM.
[15]
Jeffrey G. Gray,et al.
Handling crosscutting constraints in domain-specific modeling
,
2001,
CACM.
[16]
António Rito Silva,et al.
Separation and Composition of Overlapping and Interacting Concerns
,
1999
.
[17]
João Araújo,et al.
Modularisation and composition of aspectual requirements
,
2003,
AOSD '03.
[18]
Harold Ossher,et al.
Using multidimensional separation of concerns to (re)shape evolving software
,
2001,
CACM.