AOSD as an enabler for good enough security

The idea of business driven, good enough security for distributed software applications is promising, but many challenges remain. In this paper, we discuss some of the essential requirements, and focus in detail on one of the key technological challenges: how to engineer secure applications so that they support easy evolution of the security measures. Traditional (object-oriented) software engineering techniques cannot provide adequate support for the highly evolutionary character of good enough security because of the crosscutting nature of security. The technique of aspectoriented software development is developed to support the modularisation of such crosscutting concerns and, hence, it is a prime candidate to address this matter. In this paper, we evaluate the benefits of aspect-oriented software development for engineering evolvable secure applications based on some case studies we have done in the past. We also discuss the potential business impact of these benefits.