[aosd-discuss] Security Question

Gefei Zhang zhangg at informatik.uni-muenchen.de
Tue May 8 13:18:14 EDT 2007 

*Hi,

Another tip would be, as I already answered Andrew in a private mail,

*

Kung Chen and Ju-Bing Chen, "On Instrumenting Obfuscated Java Bytecode 
with Aspects", Software Engineering for Secure Systems (SESS06), May 
2006, Shanghai, PRC.

http://portal.acm.org/citation.cfm?id=1137627.1137632&coll=&dl=ACM&type=series&idx=1137627&part=Proceedings&WantType=Proceedings&title=International%20Conference%20on%20Software%20Engineering&CFID=15151515&CFTOKEN=6184618

best,
Gefei




Donisthorpe C (AT) wrote:
> Hi,
>  
> I think this is a tough one. 
>  
> You need to come up with a mechanism for deliberately introducing 
> security flaws in the first place. 
>  
> One way of doing this might be to intentionally introduce crosscut 
> effects which have the desired 'hacking' effect as a part the design.  
> Other people might also be able look at the code and identify crosscut 
> weaknesses which could be exploited to modify the behaviour in an 
> application. 
>  
> I think a major problem with these scenarios would be trying to 
> unravel complex behaviours between existing system aspects with enough 
> clarity to understand how it might be possible to introduce a security 
> flaw into the design.  If you managed to find a way to introduce a 
> flaw then you'd probably be able to defend against it. 
>  
> However, if you think this is worth persuing then a good paper would 
> be "Deriving security requirements from crosscutting threat 
> descriptions" (Haley et al., 2004).
>  
> // 
> /Regards/
> // 
> /Charles/
>  
>
> ------------------------------------------------------------------------
> *From:* discuss-bounces at aosd.net on behalf of Andrew Camilleri
> *Sent:* Thu 03/05/2007 10:32
> *To:* discuss at aosd.net
> *Subject:* [aosd-discuss] Security Question
>
> Hi All,
>
>  
>
> I am looking for papers that deal with how aspects can be
>
> used maliciously modify an application. Most of the papers that deal with
>
> security and aspects are concerned with how aspects can implement access
>
> control or security in general. I am interested on how a weaver can be 
> used to
>
> numb software maliciously or introduce security flaws. I would be glad 
> if you
>
> could send me references that deal with this issue. Thanks!
>
>  
>
> regards,
>
>  
>
> Andrew
>
>  
>
>  
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> discuss mailing list    -    discuss at aosd.net
>
> To unsubscribe and change options, go to:
> http://aosd.net/mailman/listinfo/discuss_aosd.net
>
> Check out the AOSD.net Wiki: http://aosd.net/wiki
>

More information about the discuss mailing list