[aosd-discuss] Security Question

Andrew Camilleri a.camilleri at lancaster.ac.uk
Wed May 9 05:01:22 EDT 2007 

Hi All,

I wanted to thank you all for your references. I found them
all useful! Thanks! :)

regards,

Andrew

-----Original Message-----
From: discuss-bounces at aosd.net [mailto:discuss-bounces at aosd.net] On Behalf
Of Bart De Win
Sent: 09 May 2007 08:40
To: discuss at aosd.net
Subject: Re: [aosd-discuss] Security Question

Hi,

some other pointers (as already communicated to Andrew as well) to papers
that 
elaborate on the problems in this context and/or propose suggestions on how 
to address this:
- Bart De Win, Frank Piessens and Wouter Joosen, "How secure is AOP and what

can we do about it?," in proceedings of the second workshop on Software 
Engineering for Secure Systems (SESS06), Shanghai, 2006.
- Daniel S. Dantas and David Walker, "Aspects, Information Hiding and 
Modularity," in ACM SIGPLAN Conference on Programming Language and Design 
(PLDI2004), 2004.
- Daniel S. Dantas and David Walker, "Harmless Advice," in ACM
SIGPLAN-SIGACT 
Symposium on Principles of Programming languages (PoPL2006), January 2006. 

Other AOP language extensions/restrictions have been proposed that address 
(some of) these problems as well (incl. open modules, joinpoint 
encapsulation, and so forth). 

Kind regards,
Bart.


On Tuesday 08 May 2007 19:18, Gefei Zhang wrote:
> *Hi,
>
> Another tip would be, as I already answered Andrew in a private mail,
>
> *
>
> Kung Chen and Ju-Bing Chen, "On Instrumenting Obfuscated Java Bytecode
> with Aspects", Software Engineering for Secure Systems (SESS06), May
> 2006, Shanghai, PRC.
>
>
http://portal.acm.org/citation.cfm?id=1137627.1137632&coll=&dl=ACM&type=ser
>ies&idx=1137627&part=Proceedings&WantType=Proceedings&title=International%2
0
>Conference%20on%20Software%20Engineering&CFID=15151515&CFTOKEN=6184618
>
> best,
> Gefei
>
> Donisthorpe C (AT) wrote:
> > Hi,
> >
> > I think this is a tough one.
> >
> > You need to come up with a mechanism for deliberately introducing
> > security flaws in the first place.
> >
> > One way of doing this might be to intentionally introduce crosscut
> > effects which have the desired 'hacking' effect as a part the design.
> > Other people might also be able look at the code and identify crosscut
> > weaknesses which could be exploited to modify the behaviour in an
> > application.
> >
> > I think a major problem with these scenarios would be trying to
> > unravel complex behaviours between existing system aspects with enough
> > clarity to understand how it might be possible to introduce a security
> > flaw into the design.  If you managed to find a way to introduce a
> > flaw then you'd probably be able to defend against it.
> >
> > However, if you think this is worth persuing then a good paper would
> > be "Deriving security requirements from crosscutting threat
> > descriptions" (Haley et al., 2004).
> >
> > //
> > /Regards/
> > //
> > /Charles/
> >
> >
> > ------------------------------------------------------------------------
> > *From:* discuss-bounces at aosd.net on behalf of Andrew Camilleri
> > *Sent:* Thu 03/05/2007 10:32
> > *To:* discuss at aosd.net
> > *Subject:* [aosd-discuss] Security Question
> >
> > Hi All,
> >
> >
> >
> > I am looking for papers that deal with how aspects can be
> >
> > used maliciously modify an application. Most of the papers that deal
with
> >
> > security and aspects are concerned with how aspects can implement access
> >
> > control or security in general. I am interested on how a weaver can be
> > used to
> >
> > numb software maliciously or introduce security flaws. I would be glad
> > if you
> >
> > could send me references that deal with this issue. Thanks!
> >
> >
> >
> > regards,
> >
> >
> >
> > Andrew
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > discuss mailing list    -    discuss at aosd.net
> >
> > To unsubscribe and change options, go to:
> > http://aosd.net/mailman/listinfo/discuss_aosd.net
> >
> > Check out the AOSD.net Wiki: http://aosd.net/wiki
>
> _______________________________________________
> discuss mailing list    -    discuss at aosd.net
>
> To unsubscribe and change options, go to:
> http://aosd.net/mailman/listinfo/discuss_aosd.net
>
> Check out the AOSD.net Wiki: http://aosd.net/wiki

_______________________________________________
discuss mailing list    -    discuss at aosd.net

To unsubscribe and change options, go to:
http://aosd.net/mailman/listinfo/discuss_aosd.net

Check out the AOSD.net Wiki: http://aosd.net/wiki

More information about the discuss mailing list