research-article

Aspects and class-based security: a survey of interactions between advice weaving and the Java 2 security model

Authors:

Christoph Bockisch,

Mira MeziniAuthors Info & Claims

VMIL '08: Proceedings of the 2nd Workshop on Virtual Machines and Intermediate Languages for emerging modularization mechanisms

Article No.: 3, Pages 1 - 7

https://doi.org/10.1145/1507504.1507507

Published: 21 October 2008 Publication History

Abstract

Various aspect-oriented languages, e.g., AspectJ, Aspect-Werkz, and JAsCo, have been proposed as extensions to one particular object-oriented base language, namely Java. But these extensions do not fully take the interactions with the Java 2 security model into account. In particular, the implementation technique of advice weaving gives rise to two security issues: the erroneous assignment of aspects to protection domains and the violation of namespace separation. Therefore, a comprehensive discussion of the design choices available with respect to interactions with the dynamic class loading facilities of the Java VM is provided.

References

[1]

B. Alpern, C. R. Attanasio, A. Cocchi, D. Lieber, S. Smith, T. Ngo, J. J. Barton, S. F. Hummel, J. C. Sheperd, and M. Mergen. Implementing Jalapeño in Java. In Proceedings of the 14th Conference on Object-oriented Programming, Systems, Languages, and Applications, 1999.

Digital Library

[2]

The AspectJ Project. The AspectJ Development Environment Guide. http://www.eclipse.org/aspectj/doc/released/devguide/.

[3]

The AspectJ Project. The AspectJ Programming Guide. http://www.eclipse.org/aspectj/doc/released/progguide/.

[4]

P. Avgustinov, A. S. Christensen, L. J. Hendren, S. Kuzins, J. Lhoták, O. Lhoták, O. de Moor, D. Sereni, G. Sittampalam, and J. Tibbie. Optimising AspectJ. ACM SIGPLAN Notices, 40(6), 2005.

Digital Library

[5]

O. Barzilay, Y. A. Feldman, S. Tyszberowicz, and A. Yehudai. Call and execution semantics of AspectJ. In Proceedings of the 3rd Workshop on Foundations of Aspect-oriented Languages, 2004.

[6]

C. Bockisch, M. Haupt, and M. Mezini. Dynamic virtual join point dispatch. In Proceedings of the 4th Workshop on Software Engineering Properties of Languages and Aspect Technologies, 2006.

[7]

J. Bonér. AspectWerkz. In Proceedings of the 3rd Conference on Aspect-oriented Software Development, 2004.

[8]

B. de Win, F. Piessens, and W. Joosen. How secure is AOP and what can we do about it? In Proceedings of the 2006 Workshop on Software Engineering for Secure Systems, 2006.

Digital Library

[9]

L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers. Going beyond the sandbox: An overview of the new security architecture in the Java development kit 1.2. In Proceedings of the USENIX Symposium on Internet Technologies and Systems, 1997.

Digital Library

[10]

J. Gosling, W. N. Joy, G. L. Steele, and G. Bracha. The Java Language Specification. Addison-Wesley, 3rd edition, 2005.

Digital Library

[11]

E. Hilsdale and J. Hugunin. Advice weaving in AspectJ. In Proceedings of the 3rd Conference on Aspect-oriented Software Development (AOSD), 2004.

Digital Library

[12]

G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. G. Griswold. An overview of AspectJ. In Proceedings of the 15th European Conference on Object-oriented Programming, 2001.

Digital Library

[13]

G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. V. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-oriented programming. In Proceedings of the 11th European Conference on Object-oriented Programming, 1997.

[14]

S. Liang and G. Bracha. Dynamic class loading in the Java virtual machine. In Proceedings of the 13th Conference on Object-oriented Programming, Systems, Languages, and Applications, 1998.

Digital Library

[15]

T. Lindholm and F. Yellin. The Java Virtual Machine Specification. The Java Series. Prentice Hall, 2nd edition, 1999.

Digital Library

[16]

H. Masuhara and G. Kiczales. Modeling crosscutting in aspect-oriented mechanisms. In Proceedings of the 17th European Conference on Object-oriented Programming, 2003.

[17]

Sun Microsystems. The Java HotSpot Server VM. http://java.sun.com/products/hotspot/docs/general/hs2.html.

[18]

D. Suvée, W. Vanderperren, and V. Jonckers. JAsCo: an aspect-oriented approach tailored for component based software development. In Proceedings of the 2nd Conference on Aspect-oriented Software Development, 2003.

Digital Library

[19]

System and Software Engineering Lab, Vrije Universiteit Brussel. JAsCo language reference 0.8.6. http://ssel.vub.ac.be/jasco/lib/exe/fetch.php?media=documentation%3Ajasco.pdf.

Cited By

De Borger WDe Win BLagaisse BJoosen WJezequel JSudholt M(2010)A permission system for secure AOPProceedings of the 9th International Conference on Aspect-Oriented Software Development10.1145/1739230.1739254(205-216)Online publication date: 15-Mar-2010
https://dl.acm.org/doi/10.1145/1739230.1739254

Index Terms

Aspects and class-based security: a survey of interactions between advice weaving and the Java 2 security model
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language types
        Multiparadigm languages
        Object oriented languages

Recommendations

An interface mechanism for encapsulating weaving in class-based AOP
SPLAT '07: Proceedings of the 5th workshop on Software engineering properties of languages and aspect technologies

Aspect-oriented programming (AOP) separates crosscutting concerns from primary concerns. These concerns are woven together by a weaver. Although AOP provides a good module mechanism, it is not necessarily easy for a programmer to understand the overall ...
State-based testing of integration aspects
WTAOP '06: Proceedings of the 2nd workshop on Testing aspect-oriented programs

Aspect-oriented programming supports a variety of composition strategies, from the clearly acceptable to the questionable. One of the strategies is to make an aspect integrate separate concerns. Such integration aspects, like other aspects, may ...
Weaving temporal and reliability aspects into a schema tapestry

In aspect-oriented programming (AOP) a cross-cutting concern is implemented in an aspect. An aspect weaver blends code from the aspect into a program's code at programmer-specified cut points, yielding an aspect-enhanced program. In this paper, we apply ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

VMIL '08: Proceedings of the 2nd Workshop on Virtual Machines and Intermediate Languages for emerging modularization mechanisms

October 2008

41 pages

ISBN:9781605583846

DOI:10.1145/1507504

Conference Chair:
Hridesh Rajan
Iowa State University

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Sixth Framework Programme

Conference

OOPSLA08

Sponsor:

SIGPLAN

OOPSLA08: ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications

October 21 - 23, 2008

Tennessee, Nashville

Acceptance Rates

Overall Acceptance Rate 4 of 4 submissions, 100%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
181
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

De Borger WDe Win BLagaisse BJoosen WJezequel JSudholt M(2010)A permission system for secure AOPProceedings of the 9th International Conference on Aspect-Oriented Software Development10.1145/1739230.1739254(205-216)Online publication date: 15-Mar-2010
https://dl.acm.org/doi/10.1145/1739230.1739254

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents