AspectJAssessmentfromaSecurityPerspectiveDimaAlhadidi,NadiaBelblidia,MouradDebbabiConcordiaInstituteforInformationSystemsEngineeringConcordiaUniversity,Montreal,Quebec,CanadaEmail:dmalhad@cs.
concordia.
caEmail:nabel@ciise.
concordia.
caEmail:debbabi@ciise.
concordia.
caAbstract—1AspectJisausefulandexpressiveaspectorientedprogrammingextensiontotheJavaprogramminglanguage.
ThispaperaddressestheevaluationofAspectJfromasecurityper-spective.
Moreaccurately,wepresentanassessmentofAspectJprimitivesinordertocopewithsecurityhardeningofJavaapplications.
Moreover,weproposenewconstructsandshowtheirrelevanceandimportanceinhardeningthesecurityofJavaprograms.
I.
MOTIVATIONSANDBACKGROUNDComputersecurityisascienceconcernedwiththecontrolofrisksrelatedtocomputeruse.
Theacceleratingtrendsofin-terconnectedness,extensibility,andcomplexityareincreasingthethreatofsucharisk[1].
ApplicationsecurityhardeningbecomesapriorityandoneofthefastestgrowingeldsinITmarkettoday.
Themaingoalofapplicationsecurityhardeningistoreinforcetheapplicationsecurityandthereforetominimizethelikelihoodofviolatingsecurityproperties.
Alegitimatequestionthatonecouldaskis:"Whatisthemostappropriatecomputationstyleorprogrammingparadigmforsecurityhardening"Anaturalansweristoresorttoanaspectorientedlanguage.
Thisanswerisjustiedbythefactthataspectorientedlanguageshavebeencreatedtodealwiththeseparationofconcerns.
Thisisexactlywhatasecurityengineerneedswhenhardeninganapplication.
Hewouldliketoinjectandstrengthensecuritywithoutdigginginthelogicoftheapplication/middleware.
Aspectorientedprogramming(AOP)[2]hasbeenproposedasawaytoimprovemodularityofsoftwaresystemsbyallowingencapsulationofcrosscuttingconcerns.
Crosscuttingconcernsgenerallyrefertononfunctionalpropertiesofasoftwaresuchassecurity,synchronization,logging,etc.
Whenprogrammed,thesecrosscuttingconcernsresultintangledandscatteredcode.
Inthispaper,weaddressthesecurityhardeningofJavaapplications.
ThemostprominentAOPextensiontoJavaisdenitelyAspectJ[3].
ThebeautifultechnicaldesignisbehindthesuccessandthewideuseofAspectJintheAOPcommunity.
AspectJcomeswithnewconceptsandconstructssuchas:joinpoints,pointcuts,andadvices.
Ajoinpointis1ThisresearchisfundedbyNSERC(NaturalSciencesandEngineeringResearchCouncilofCanada)DND(DepartmentofNationalDefence)grantincollaborationwithBellCanadaandDRDC(DefenceResearchandDevelopmentCanada)atValcartier.
apointinthecontrolowgraphofanapplicationsuchasmethodcall,objectconstruction,oreldaccess.
Apointcutisaconceptthatclassiesjoinpointsinthesamewayatypeclassiesvalues.
Accordingly,AspectJdenesvariouspointcutconstructorstodesignatevariousjoinpoints.
Anadviceisacodefragmentexecutedwhenjoinpointssatisfyingitspointcutarereached.
Thisexecutioncanbedonebefore,after,oraroundaspecicjoinpoint.
Inthispaper,wepresentanassessmentofAspectJfromasecurityhardeningperspective.
Thisamountstoansweringthefollowingquestions:AreAspectJprimitivesexpressiveenoughtoformulateallthecommonsecurityhardeningpracticesIncasetheanswerisnegative,whatarethenewAOPlanguageconstructsthatneededtobeproposedTheremainderofthispaperisstructuredinthefollowingway.
TheappropriatenessofAspectJforsecurityhardeningisdiscussedinSectionII.
SectionIII,IV,andVaredevotedtothedescriptionofdataowpointcut,predicatedcontrolowpointcut,andlooppointcutrespectivelyandtheirusefulnessfromasecuritypointofview.
InSectionVI,wesuggestanewwildcardforpatternmatching.
SectionVIIdiscussestheneedforusingmodierpatternsuchaspublicintypepatternsyntax.
SectionVIIIpresentstheneedforapointcuttopickoutjoinpointsassociatedwithsettingandgettinglocalvariablesinsidelocalmethods.
SectionIXdiscussestheneedforsynchronizedblockpointcut.
SectionXintroducesthemostrelevantrelatedworks.
Finally,afewremarksandadiscussionoffutureresearchareultimatelysketchedasaconclusioninSectionXI.
II.
ASPECTJANDSECURITYThissectionassessesAspectJfromasecuritystandpoint.
AspectJisageneralaspectorientedlanguagethathasnotbeenengineeredwithsecurityinmind.
Inspiteofthis,thecurrentconstructsinAspectJareofagreatuseinsecurityhardening.
Becauseofthespacelimitation,wecannotexhibitpracticalexamplesthatcorroboratetheusefulnessofAspectJconstructs.
AspectJoffersthreekindsofadvicestodescribewhereaspectsaretobeapplied:Before,after,oraround.
Allofthemareimportantfromasecurityhardeningpointofview:Abefore-advicecanbeusedtoinjectsomesecuritycodeasauthenticationbeforeacriticaloperation.
Anafter-adviceismeanttoinjectsomesecuritycodeaftersomelocationsintheprogram.
Forinstance,onecanaddsomeintegritycheckingcode.
Anaround-advicecanbeusedtochangeanon-securemethodbyamoresecureoneatparticularpointsintheprogram.
AspectJhasacomprehensiveandexpressivepointcutspeci-cationlanguagethatallowstospecifyparticularpointsinthecontrolowoftheprogramwhereadvicesaretobeapplied.
Allofthemareimportantfromasecuritystandpoint.
TableIshowstheusefulnessoftheAspectJpointcutsaccordingtothesecuritytarget.
AlthoughAspectJsupportsthoseefcientandusefulpointcutdesignatorsforsecurityhardening,theyarenotenoughtoexpressallthesecurityhardeningpractices.
Indeed,weidentiedthefollowingpossibleextensionstoAspectJ:Dataowpointcut.
Predictedcontrolowpointcut.
Looppointcut.
Wildcardforpatternmatching.
Modiersintypepatternsyntax.
Pointcutsforgettingandsettinglocalvariables.
Synchronizedblockjoinpoints.
Thesesuggestedextensionswillbediscussedindetailsinthefollowingsections.
III.
DATAFLOWPOINTCUTMasuharaandKawauchi[6]havedenedadataowpoint-cutforsecuritypurposesbutthispointcuthasnotbeenimplementedyet.
Thepointcutidentiesjoinpointsbasedontheoriginsofvalues.
Cross-sitescripting(XSS)probleminweb-applicationsisanexamplepresentedbythemtoclarifytheneedforsuchapointcut.
AwebsitemightbevulnerabletoXSSattacksifitreectsinputbacktotheusersuchassearchenginesandshoppingsites.
Cross-sitescripting(XSS)isdescribedinFigure1.
Theydeneadowpointcuttosolvethisproblem.
Thepointcutinterceptsanyjointpointthatprintsanunauthorizedstringtoaclient.
Unauthorizedstringisastringthatiscreatedfromoneoftheclient'sinputparameters.
Sanitizingisusedtoreplacecharactersthatcomefromuntrustedprincipals,andreplacethemwithquotedcharacters.
Throughthispointcut,owofdatacanbetracedandactionscanbedoneaccordingly.
Hereisanotherexamplethatclariestheneedforsuchapointcutinspiredfrom[7].
Ifaprogramopensacondentialle,readsdatafromthisle,andthensendsdataoverthenet,thiswillbeconsidereddangerousfromasecuritypointofview.
Adata-owanalysisusingdowpointcutcantellwhetherthedatasentoverthenetactuallydependsontheinformationreadfromthecondentialle.
Nowarningisneededifthedatasentdonotdependonthedataextractedfromthecondentialle.
TableIIclariesourexample.
IV.
PREDICTEDCONTROLFLOWPOINTCUTKiczales[4]hasproposedthepredictedcontrolowpoint-cutpcflowbutthispointcuthasnotbeenimplementedyet.
Apointcutpcflow(p)matchesatajoinpointiftheremayFig.
1.
Cross-siteScriptingAttackexistapathtoanotherjoinpointwherepmatches.
Kiczaleshasdiscussedthisnewpointcutwithhisknowndrawingexample.
InhisexamplewhichappearsinTableIII,hehasusedpredictedcontrolowpointcuttoselectpointsintheexecutionthatmodifyvariablespreviouslyreadwithinthecontrolowofthemethodFigureElement+.
draw().
Wecangetbenetfromthisexampleusingthesameideabutinadifferentsituationtohardensecurityofapplications.
In[5],authorsspokeaboutdetectingintruderswithvisualdataanalysis.
Basedonthisidea,wecandrawsomechartsforsecurityimportantparameterssuchasleactivity(opening,reading,andwritingles),registryactivity(creating,reading,andwritingregistrykeys),ornetworktrafc.
Thesechartscanbeanalyzedtodiscoverifsomethingwronghappens.
ItispossibletousethesameconceptinKiczales'sexamplecombinedwiththeideaofdetectingintruderswithvisualdataanalysisasfollows.
Anychangesinsecuritychartsbysettingspecicparametersinawayoranotherwillnotonlybereectedinthedisplaybutalsosomenecessarystepsmustbetakeninresponsetosuchchangestoprotectthesystemandapplication.
SoKiczales'sexamplecanberewrittentoserveourpurposesasinTableIV.
V.
LOOPPOINTCUTHarbulotandGurdpresentin[8]aloopjoinpointmodelwhichdemonstratestheneedforamorecomplexjoinpointinAspectJ.
TheirapproachtorecognizeloopsisbasedonSecurityHardeningTargetPointcutMethodcall/executionoraconstructorcall/execution.
call,executionFieldread/write.
get,setSettingsecurityenvironmentduringtheinitializationinitialization,staticinitialization,ofaclassoranobject.
preinitializationExecutioncontext.
args,this,targetExecutingsecurityhardeningcodedependsonaparticularcondition.
ifWithinaparticularclassormethod.
within,withincodeInthecontrolowofotherparticularpoints.
cflow,pcflowLogexceptionsrelatedtosecurity.
handlerTABLEIASPECTJPOINTCUTSANDSECURITYOpenFile//ActionsotherthanOpenFile,ReadFile,orSend.
ReadFile//ActionsotherthanOpenFile,ReadFile,orSend.
//Before-Adviceusingadataowpointcuttotestifthe//datathatwillbesentdependsontheinformationread//fromthele.
SendTABLEIISECURITYDFLOWPOINTCUTpointcut*displayState():pcflow(execution(voidFigureElement+.
draw()))&&get(*FigureElement+.
*);afterset(update();}TABLEIIIKICZALES'SDRAWINGEXAMPLEpointcut*displayState():pcflow(execution(voidSecurityElement+.
draw()))&&get(*SecurityElement+.
*);afterset(update();//Takeanactionaccordingtothetypeofthechange}TABLEIVSECURITYVERSIONOFKICZALES'SEXAMPLEacontrol-owanalysisatthebytecodelevel.
TheyrestrictedtheirstudytoloopsiteratingoveranIteratororarangeofintegers.
Thisresearchlackstheanalysisofinniteloopsandloopsthatcontainbooleanconditions.
Throughpointcutsthatpickoutsuchloops,anexcessivesecurityproblemscanbesolvedeasily.
Aninniteloopisasetofinstructionsthatexecutedrepeatedly.
Thisisconsideredadesiredbehaviorinsomesituationsasindatabaseservers.
Databaseserversloopforeverwaitingforarequesttoprocessit.
Ontheotherhand,inniteloopisconsideredabugwhichismadebyprogrammersunintentionally.
Maliciouscodeisasetofinstructionsthatmakeyoursystemdosomethingthatanattackerwantstodo.
Malicious-codewritersexploitinniteloopstodotheirne-fariousjobsbylaunchingdenial-of-serviceattacks.
Denial-of-serviceattacksconsumesystemresourcesuntiltheapplicationortheentiresystembecomesunusable.
Haltingwebbrowserisanexampleofadenial-of-serviceattackbyrunningacodethatopensadialogwindowinnitenumberoftimes.
Thisattackrequirestherebootoftheworkstation.
Asanotherexample,thecodebelowcanlockthestatuslineatthebottomoftheHotJavabrowser,preventingitfromloadinganymorepages.
Strings="net.
www.
html.
MeteredStream";Objecto=Class.
forName(s);synchronized(o){while(true)Thread.
sleep(10000);}ThereisnogeneralmethodstospecifywhetheracodewilleverhaltorrunforeverbutAspectJmustincludemechanismstopredicttheexistenceofsuchinniteloopsandthennotiestheuserifshewantstocontinuewiththisworkornot.
Asasuggestion,itispossibletoaddapointcutthatisassociatedwiththeloopbody.
Throughanafter-advicewithsuchapointcut,wecanincrementacountereverytimethisbodyisexecuted.
Ifthecountervaluebecomesmorethanathresholdspeciedaccordingtothetypeoftheapplication,analertispoppedupgivingtheusertheoptiontoaborttheexecution.
Urgentneedstopointcutsthatarerelatedtoloopsmustpushtheresearchinthisarea.
VI.
PATTERNMATCHINGWILDCARDThereisaneedforanewwildcardinAspectJtoperformpatternmatching.
AlthoughpatternmatchingcanbedonebyplainAspectJ,itishoweverbettertodoitinadeclarativemannertosimplifythecode.
Weillustratethispointwithanexamplerelatedtosecurity.
Virusesalwaysinjectthemselvesinsideexecutablelesbyopeningandwritingtosuchles.
So,itisessentialtocontrolopeningandwritinglesthathavean"exe"extension.
Forexample,letuswriteapointcutthatpicksoutallconstructorcalljoinpointsoftheformFileWriter(x,y)wheretheparameterxisastringwhosevalueendswiththeword"exe".
UsingplainAspectJ,thepointcutwillhavethefollowingform:pointcutp:call(FileWriter.
new(String,String))&&args(x,*)&&if(isExtension(x));WhereisExtensionisabooleanmethodwithoneargumentdenedinsidetheaspecttotestifitsargumentvalueendswiththeword"exe".
AlthoughwewereabletowritethepointcutusingplainAspectJ,thishasbeendonewithaheavysyntaxandextramethodslikeisExtension.
WesuggestanotherwaythatusesthesamenotationsusedinSQLsuchaslikekeywordand"%"charactertoeasetheburdenontheuserandsimplifythecode.
Thepreviouspointcutdenitioncanberewrittenaccordingtooursuggestionas:pointcutp:call(FileWriter.
new(Stringlike"%exe%",String);Obviously,usingsuchwildcardsstatesdirectlytheprogram-mer'sintentwithouttheneedtoencodetheessentialidea.
Besides,itmakestheprogramclearandcrisp.
VII.
TYPEPATTERNMODIFIERSAspectJuses(asdescribedinAspectJquickreferenceontheeclipsesite[9])fourkindsofpatternsinthepointcutsyntax:Methodpattern,constructorpattern,eldpattern,andtypepattern.
Patternsareusedinsideprimitivepointcutdesignatorstomatchsignaturesandconsequentlytodeterminetherequiredjoinpoints.
Thesyntaxofallpatternscontainsthemodierskeywordexceptthetypepatternsyntax.
Thissectiondiscussestheneedforsuchakeywordinthetypepatternsyntaxtoenrichthematchingprocess.
AJavaclassdeclarationmayincludethefollowingmodierpatterns:public,abstract,ornal.
Apublicclassisaclassthatcanbeaccessedfromotherpackages.
Anabstractclassisaclassthathasatleastoneabstractmethodthatisnotimplemented.
Aclassthatisdeclaredasnalmaynotbeextendedbysubclasses.
Anyclass,method,object,orvariablethatisnotprivateisapotentialentrypointforanattack.
Hence,usingmodiersinthetypepatternsyntaxshouldbeveryusefulfromasecuritypointofview.
TheexampleinTableVdescribesacasewherethepublicmethodf()insidethepublicclassSensitivedeliverssensitiveinformation.
Inthiscase,itisessentialtoaddasecuritymechanismthatauthenticatestheclientsofsuchpublicclassesthatareexposedbytheapplicationtotheoutsideworld.
Hence,wewouldliketobeabletouseapublicmodierpatternintypepatternsyntaxtopickoutpublicclassesonly.
Thistechniquecanbealsousedtodetectnon-nalclassesthataredangeroussincetheycanoftenbeextendedinunseenways.
VIII.
LOCALVARIABLESSETANDGETAspectJallowstopickoutjoinpointswhereattributesarereferencedorassignedthroughgetandsetdesignatorsbutitdoesnotprovidesimilarpointcutstolocalvariablesdenedinsidemethods.
AspectJdoesnotallowlocalvariablesofamethodtobeexposedtotheadvicecode.
AtechniquethatdoessuchathingwillbehelpfulandincreasestheefciencyofAspectJespeciallyfromasecuritypointofview.
Forexample,securitydebuggersmayneedtotrackthevaluesoflocalvariablesinsidemethods.
Withsuchnewpointcuts,itwillbeeasytowriteadvicesbeforeoraftertheuseofthesevariablestoexposetheirvalues.
Condentialdatacanbeprotectedusingthesekindsofpointcutsbypreventingthemfrombeingusedimproperly.
Theproblemofprotectingsecretorcondentialinformationincomputersystemsisawellknownproblem.
Theproposedsolutionstosolvethisproblemaretoencryptdatasentontheinternetandtouseanaccesscontroltechniquestoprotectles.
However,thesesolutionsarenotenoughtopreventthepropagationofinformation.
Apromisingapproachforprotectingprivacyandintegrityofsensitivedataistostaticallycheckinformationowwithinprogramsthatmanipulatethatdata.
Thisapproachisdiscussedin[10].
Insteadofdoingstaticanalysis,wewilluseAOPtoperformcodeinstrumentationbyinsertingchecksbeforeoraftergettingorsettingeldsorlocalvariables.
ThefollowingexampleinTableVIclariestheidea.
Wecanseethatthesensitiveinformationstoredinthepri-vateeldsensitiveInfohasbeenexposedbytransferringitsvaluetothelocalvariablelocalstrdenedinsidethemethodf().
ThenthevalueoflocalstrisstoredinsidethepubliceldpublicInfowhichmadetheinformation1:importjava.
io.
*;2:publicclassSensitive{3:privateStringsensitiveInfo;4:publicvoidf(){5://.
.
.
.
6:System.
out.
println(sensitiveInfo);7://.
.
.
.
8:}9:}TABLEVTYPEPATTERNMODIFIERS1:importjava.
io.
*;2:classTest{3:privateStringsensitiveInfo;4:publicStringpublicInfo;5:privatevoidf(){6:Stringlocalstr;7:sensitiveInfo=/*SomeCalculation*/8:localstr=sensitiveinfo;9://.
.
.
.
10://.
.
.
11:publicInfo=localstr;12:}13:}TABLEVILOCALVARIABLESGETANDSETaccessiblefromoutsidetheclass.
Usingpointcutsthattrackeldsaswellaslocalvariablescanhelpustondsuchacaseandpreventit.
IX.
SYNCHRONIZEDBLOCKJOINPOINTThesynchronizedblockhasnotbeentreatedyetinAspectJorinanyotherAOPframework.
Therearenojoinpointsassociatedwithsuchablockuntilnow.
Thecurrentimple-mentationofAspectJallowspickingoutcallstosynchronizedmethodsbutdoesnotallowpickingoutsynchronizedblocks.
Theimportanceofthejoinpointsforsynchronizedcodehasbeenalreadydiscussedforthreadmanagement.
Borner[11]haspresentedanarticleontheseissuesandhasdiscussedtheusefulnessofcapturingsynchronizedblockssuchascalculat-ingthetimeacquiredbyalock.
IthasalsobeenpointedoutthatpointcutsforcapturingsynchronizedblockshavenotbeenprototypedyetinAspectJbecauseoftheweaving.
Accordingtothediscussion,theweavingisdonestaticallyinAspectJsoitwillbeverydifcultandpossiblyimpossibletohandlethesepointcutsatcompile-time.
Inthispaper,wedon'tcareabouttheimplementationbutwedocareabouttheimportanceofsuchpointcutsforsecurityissues.
Thenextexamplewilldiscussthisimportance.
Supposewehaveasynchronizedblockthatlaunchesadenial-of-serviceattackbycontainingacodethateatstheCPUcycleslikethecodethatimplementsAckermanfunctionin[12].
Ackermanfunctionisafunctionoftwoparameterswhosevaluegrowsveryfast.
Itisessentialtohaveajointpointatthebeginningofthesynchronizedblock.
Throughthisjoinpoint,wecanwriteabefore-advicethatlimitstheCPUusageorlimitthenumberofinstructionsthatcanrun.
Thislimitationwillfailtheattack.
LetustakeanotherexamplethatisshowninTableVII.
Weneedtoinsertadvicesbeforesynchronizedblocksbecausethesamethreadcanacquirethelocktwice.
Inthiscase,wesaythatthecodeisreentrant.
Thisbehaviorcancauseadenial-of-serviceattack.
Toclarifymore,ifthethreadwhoownsthelockmanipulateswithles,thiswillblockusersfromaccessinglestowhichtheyhaveaccessto.
Abefore-advicecanuseJavaassertionstocheckthatyouhavenotgotalockbeforeenteringasynchronizedblock.
X.
RELATEDWORKThemostrelevantrelatedworksarethosethatdiscusstheuseofAOPtoenforcesecurity.
However,researcheffortsthatareconsumedinthissubjectdonotequalizetheimportanceofit.
AmongtheattemptsistheDarpa-FundedprojectofCigitalLabs[13],[14],[15]thatappliesAOPtoenforcesecurityinsoftwaresystems.
ThemainoutcomeofthisprojectisasecuritydedicatedaspectextensionofCcalledCSAW[13]andaweavingtool.
CSAWaddressessmall-sizedproblemsasbufferoverowanddatalogging.
DeWinetal[16],[17],[18],[19],[20],[21]exploredtheuseofAOPtointegratesecurityaspectswithinapplicationsandappliedAspectJtoenforceaccesscontrol.
Huang,Wang,andZhanghaveim-plementedareusableandgenericaspectlibraryJSAL[22]thatprovidessecurityfunctions.
ThisaspectlibraryisbasedonAspectJandcommonJavasecuritypackages.
Inordertoenrichtheexpressivenessofpointcutstoenforcesecurityissues,MasuharaandKawauchi[6]presentanewpointcutpublicclassA{.
.
.
publicvoidf(){//Before-Advice:assert!
Thread.
holdsLock(this);synchronized(this){.
.
.
/*accessfiles*/.
.
.
}}}TABLEVIISYNCHRONIZEDBLOCKcalleddataowpointcut.
Itexpresseseasilysomesecurityconcernsthataresensitivetoowofinformationinaprogramexecution.
Bodkin[23]reportsasurveyincommonsecuritycrosscuttingconcernsforwebapplicationswritteninJava.
HeanalyzestherelevantjoinpointsthatcanbeusedinAOPsystemstoexpresssuchcrosscuttingconcerns.
HecitedtheneedforthepredicatedcontrolowandthedataowpointcutsinAspectJ-likelanguages.
Thiscontributionisveryclosetowhatwehavedone.
However,noneofthesepreviousworksexaminedanddis-cussedthecompletenessofAspectJfromasecurityperspectiveinacomprehensiveandextensivewayaswedid.
OurworkevaluatestheeffectivenessofAspectJsupportforsecurityhardeninginJavaapplicationsandexposesareas(especiallyinpointcutdenitions)forfurtherinvestigation.
XI.
CONCLUSIONANDFUTUREWORKThispaperdiscussestheneedsinAspectJtoenforcesecurityissuessuccessfully.
Wehaveshownthatsecurityaspectsmustgetbenetfromnewconceptsrelatedtopointcutdenitionsinordertoexpresssomesecurityhardeningpractices.
Hence,adescriptionofdataowpointcutandpredicatedcontrolowpointcutandtheirusefulnessfromasecuritypointofviewarepresented.
Besides,theimportanceoflooppointcuttopreventmaliciousattacksisexposed.
Anewwildcardforpatternmatchingissuggested.
Inaddition,wehavediscussedtheneedforusingmodierpatternlikepublickeywordintypepatternsyntax.
Theneedforapointcuttopickoutjoinpointsassociatedwithsettingandgettinglocalvariablesinsidelocalmethodsisalsodiscussedaswellasnewjoinpointsforsynchronizedblocks.
Inthefuture,weplantogiveimplementationsolutionstoalltheabovesuggestionsandcomeupwithacomprehensiveAOPsecuritylanguage.
REFERENCES[1]G.
McGrawandG.
Morrisett.
AttackingMaliciousCode:AReporttotheInfosecResearchCouncil.
IEEESoftware,17(5):33–41,2000.
[2]G.
Kiczales,J.
Lamping,A.
Menhdhekar,C.
Maeda,C.
Lopes,J.
M.
Loingtier,andJ.
Irwin.
Aspect-orientedprogramming.
InMehmetAksitandSatoshiMatsuoka,editors,ProceedingsEuropeanConferenceonObject-OrientedProgramming,volume1241,pages220–242.
Springer-Verlag,Berlin,Heidelberg,andNewYork,1997.
[3]G.
Kiczales,E.
Hilsdale,JimHugunin,MikKersten,JeffreyPalm,andWilliamGriswold.
AnOverviewofAspectJ.
Budapest,2001.
SpringerVerlag.
[4]G.
Kiczales.
TheFunhasJustBegun,KeynotetalkatAOSD2003.
http://www.
cs.
ubc.
ca/gregor/,2003.
[5]S.
TTeoh,T.
J.
Jankun-Kelly,K.
LMa,andF.
S.
Wu.
Visualdataanalysisfordetectingawsandintrudersincomputernetworksystems.
IEEEComputerGraphicsandApplications,specialissueonVisualAnalytics,2004.
[6]H.
MasuharaandK.
Kawauchi.
DataowPointcutinAspect-OrientedProgramming.
InAPLAS,pages105–121,2003.
[7]J.
Bergeron,M.
Debbabi,J.
Desharnais,M.
M.
Erhioui,Y.
Lavoie,andN.
Tawbi.
StaticDetectionofMaliciousCodeinExecutablePrograms.
InSymposiumonRequirementsEngineeringforInformationSecurity(SREIS'01),Indianapolis,Indiana,USA,2001.
SpringerVerlag.
[8]B.
HarbulotandJ.
R.
Gurd.
AJoinPointforLoopsinAspectJ.
InProceedingsofthe4thworkshoponFoundationsofAspect-OrientedLanguages(FOAL2005),March2005.
[9]AspectJQuickReference.
http://www.
eclipse.
org/aspectj/doc/released/quickA4.
pdf.
[10]A.
C.
Myers.
JFlow:PracticalMostly-StaticInformationFlowControl.
InSymposiumonPrinciplesofProgrammingLanguages,pages228–241,1999.
[11]J.
Borner.
SemanticsforaSynchronizedBlockJoinPoint.
http://jonasboner.
com/2005/07/18/semantics-for-a-synchronized-block-join-point/,July2005.
[12]G.
McGrawandE.
Felten.
SecuringJavaGettingDowntoBusinesswithMobileCode.
JohnWiley&Sons,1999.
[13]CigitalLabs.
AnAspect-OrientedSecurityAssuranceSolution.
Tech-nicalReportAFRL-IF-RS-TR-2003-254,CigitalLabs,Dulles,Virginia,USA,2003.
[14]V.
ShahandF.
Hill.
UsingAspect-OrientedProgrammingforAddressingSecurityConcerns.
InISSRE2002,pages115–119,2002.
[15]J.
Viega,J.
T.
Bloch,andC.
Pravir.
ApplyingAspect-OrientedProgram-mingtoSecurity.
CutterITJournal,14(2):31–39,2001.
[16]B.
DeWin.
AOSDisanEnablerforGoodEnoughSecurity.
http://citeseer.
ist.
psu.
edu/728786.
html,2003.
[17]B.
DeWin,F.
Piessens,W.
Joosen,andT.
Verhanneman.
OntheImportanceoftheSeparation-of-ConcernsPrincipleinSecureSoftwareEngineering.
WorkshopontheApplicationofEngineeringPrinciplestoSystemSecurityDesign,Boston,MA,USA,November6–8,2002,AppliedComputerSecurityAssociates(ACSA),2002.
[18]B.
DeWin,B.
Vanhaute,andB.
DeDecker.
HowAspect-OrientedPro-grammingCanHelptoBuildSecureSoftware.
Informatica,26(2):141–149,2002.
[19]B.
VanhauteandB.
DeWin.
AOP,SecurityandGenericity.
1stBelgianAOSDWorkshop,VrijeUniversiteitBrussels,Belgium,November8,2001,2001.
[20]B.
Vanhaute,B.
DeWin,andBartB.
DeDecker.
BuildingFrameworksinAspectJ.
WorkshoponAdvancedSeparationofConcerns,ECOOP2001.
[21]B.
DeWin,B.
Vanhaute,andB.
DeDecker.
SecurityThroughAspect-OrientedProgramming.
InB.
DeDecker,F.
Piessens,J.
Smits,andVanHerreweghen,editors,AdvancesinNetworkandDistributedSystemsSecurity,pages125–138,2001.
[22]M.
Huang,C.
Wang,andL.
Zhang.
TowardaReusableandGenericSecurityAspectLibrary.
InAOSDTechnologyforApplication-levelSecurity,March2004.
[23]R.
Bodkin.
EnterpriseSecurityAspects.
InAOSD2004Workshop,Lancaster,UK,2004.
BuyVM测评,BuyVM怎么样?BuyVM好不好?BuyVM,2010年成立的国外老牌稳定商家,Frantech Solutions旗下,主要提供基于KVM的VPS服务器,数据中心有拉斯维加斯、纽约、卢森堡,付费可选强大的DDOS防护(月付3美金),特色是1Gbps不限流量,稳定商家,而且卢森堡不限版权。1G或以上内存可以安装Windows 2012 64bit,无需任何费用,所有型号包括免费的...
CloudCone是一家成立于2017年的国外VPS主机商,提供独立服务器租用和VPS主机,其中VPS基于KVM架构,多个不同系列,譬如常规VPS、大硬盘VPS等等,数据中心在洛杉矶MC机房。商家2021年Flash Sale活动继续,最低每月1.99美元,支持7天退款到账户,支持使用PayPal或者支付宝付款,先充值后下单的方式。下面列出几款VPS主机配置信息。CPU:1core内存:768MB...
EtherNetservers是一家成立于2013年的英国主机商,提供基于OpenVZ和KVM架构的VPS,数据中心包括美国洛杉矶、新泽西和杰克逊维尔,商家支持使用PayPal、支付宝等付款方式,提供 60 天退款保证,这在IDC行业来说很少见,也可见商家对自家产品很有信心。有需要便宜VPS、多IP VPS的朋友可以关注一下。优惠码SUMMER-VPS-15 (终身 15% 的折扣)SUMMER-...
waitingforreboot为你推荐
me域名注册什么是ME域名,为什么注册ME域名独立ip主机独立IP虚拟主机是什么?有哪些优势?空间租用租用空间多少钱 1MB?虚拟主机代理紧急寻求好的虚拟主机代理商ip代理地址使用IP代理会有什么坏处吗?台湾vps台湾服务器租用托管那里好海外域名什么叫海外域名?网站空间购买哪里买网站空间好?网站空间商网站备案为什么是空间商备案?求解国内最好的虚拟主机国内虚拟主机哪家的好?
南通服务器租用 国外免费vps 美国主机评测 韩国俄罗斯 isatap 国外私服 12306抢票助手 福建天翼加速 qingyun 免费防火墙 1g内存 t云 德隆中文网 工信部网站备案查询 群英网络 海外加速 globalsign 标准机柜 此网页包含的内容将不使用安全的https winserver2008下载 更多