[aosd-discuss] Security Question

[Donisthorpe C (AT)]

Hi,
 
I think this is a tough one.  
 
You need to come up with a mechanism for deliberately introducing security flaws in the first place.  
 
One way of doing this might be to intentionally introduce crosscut effects which have the desired 'hacking' effect as a part the design.  Other people might also be able look at the code and identify crosscut weaknesses which could be exploited to modify the behaviour in an application.  
 
I think a major problem with these scenarios would be trying to unravel complex behaviours between existing system aspects with enough clarity to understand how it might be possible to introduce a security flaw into the design.  If you managed to find a way to introduce a flaw then you'd probably be able to defend against it.  
 
However, if you think this is worth persuing then a good paper would be "Deriving security requirements from crosscutting threat descriptions" (Haley et al., 2004).
 
 
Regards
 
Charles
 

________________________________

From: discuss-bounces at aosd.net on behalf of Andrew Camilleri
Sent: Thu 03/05/2007 10:32
To: discuss at aosd.net
Subject: [aosd-discuss] Security Question



Hi All,

 

I am looking for papers that deal with how aspects can be

used maliciously modify an application. Most of the papers that deal with

security and aspects are concerned with how aspects can implement access

control or security in general. I am interested on how a weaver can be used to

numb software maliciously or introduce security flaws. I would be glad if you

could send me references that deal with this issue. Thanks!

 

regards,

 

Andrew

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://aosd.net/pipermail/discuss_aosd.net/attachments/20070508/be1b9b6f/attachment.html