secure systems research group - fau aspect oriented programming carlos oviedo secure systems...
TRANSCRIPT
Secure Systems Research Group - FAU
Aspect Oriented Programming
Carlos Oviedo
Secure Systems Research Group
Secure Systems Research Group - FAU
Introduction
• Late 90’s PARC (Palo Alto Research Center)
• Object Oriented Programming & Meta-object modeling protocols
• Capture cross-cutting concerns• AspectJ Java• Under constant development
Secure Systems Research Group - FAU
Cross-cutting concerns
• Not encapsulated by imperative object oriented programming languages (C, C#, Java, Pascal. Etc)
[Cac04]
Secure Systems Research Group - FAU
Cross-cutting concerns
• Sometimes requirements relating to a particular concern are spread among multiple requirement sources.
• Example: Logging• The consequence Code spread across
several modules
Secure Systems Research Group - FAU
Cross-cutting concerns
A specific concern spread along multiple classes
Secure Systems Research Group - FAU
Cross-cutting concerns
• Security is a concern that has impact on each design unit.
• Modifying the affected design units accordingly can be fault prone and a tedious task.
• Other examples:identity managementtransaction integrityauthenticationperformance
Secure Systems Research Group - FAU
Aspects Outline
• Cross cutting concerns are not reusable (cannot be refined or inherited)
• AOP Modularizes cross cutting concerns
• Pointcut (dynamic)• Advice (dynamic)• Inter-type declarations (static)• Aspects (encapsulates constructions)
Secure Systems Research Group - FAU
Aspects Outline
JOIN POINT:• A specific
execution point in the program flow
POINT CUT:• Selects certain
join points and values at those points
Secure Systems Research Group - FAU
Point Cuts
• Call join point actions of an object receiving a call
pointcut move():
call(void FigureElement.setXY(int,int)) ||
call(void Point.setX(int)) ||
call(void Point.setY(int)) ||
call(void Line.setP1(Point))||
call(void Line.setP2(Point));
Secure Systems Research Group - FAU
Advices
• To implement the cross cutting behaviors we use advices
before(): move() {
System.out.println("about to move");
}
after() returning: move() {
System.out.println("just successfully
moved");
}
Secure Systems Research Group - FAU
Aspects
• Aspects are wrappers• Very similar to “object oriented” classes
aspect Logging
{
OutputStream logStream = System.err;
before(): move() {
logStream.println("about to move");
}
}
Secure Systems Research Group - FAU
Aspects in security
• Example: Control access to a specific resource Account access by a bank officer
Secure Systems Research Group - FAU
Aspects in security
public aspect AccountAuthorization{ OutputStream logStream = System.err; boolean grantAccess(string id){ if(id != “guest”)
return true else return false; } Pointcut change(): call(void Account.MakeWithDrawal());
before(): change(){ logStream.println("Change in progress..."); if(!grantAccess(context.id)) throw new UnauthorizedAccessException(); }}
Secure Systems Research Group - FAU
Aspects in security
Pointcut change():
call(* MakeWithdrawal(..));
Secure Systems Research Group - FAU
Aspects in security
abstract aspect SimpleAuthorization{ OutputStream logStream = System.err; public static boolean grantAccess(string id) { if(id != “guest”)
return true else return false; } abstract pointcut change(): call( * Make*(..));
before(): change() { logStream.println("Change in progress..."); if(!grantAccess(context.id)) throw new UnauthorizedAccessException(); }}
Secure Systems Research Group - FAU
Aspects in security
• A specialization of the aspect:
public aspect TransactionAuthorization extends
SimpleAuthorization {
pointcut change(): within(Transaction) ||
within(SecureTransaction);
//...
}
Secure Systems Research Group - FAU
Conclusions
• Aspects are capable abstract structures to capture cross cutting concerns such as security and can be applied to a system after it has been written.
• Security concerns can be maintained in one place• Another example : track who did what on a
system Non-repudiation• Currently this field is under constant expansion
and it is worth to exploring its potential due its ability to encapsulate concerns
Secure Systems Research Group - FAU
AOP: Aspect Oriented Programming
Theserverside.com