An aspect-oriented approach for the systematic security hardening of code
Autor: | Marc-André Laverdière, Azzam Mourad, Mourad Debbabi |
---|---|
Rok vydání: | 2008 |
Předmět: |
Card security code
Source code General Computer Science Computer science media_common.quotation_subject Aspect-oriented programming Hardware_PERFORMANCEANDRELIABILITY Computer security model Computer security computer.software_genre Security testing Security engineering Software security assurance Application security Law computer media_common Hardening (computing) |
Zdroj: | Computers & Security. 27:101-114 |
ISSN: | 0167-4048 |
DOI: | 10.1016/j.cose.2008.04.003 |
Popis: | In this paper, we present an aspect-oriented approach for the systematic security hardening of source code. It aims at allowing developers to perform software security hardening by providing an abstraction over the actions required to improve the security of the program. This is done by giving them the capabilities to specify high-level security hardening plans that leverage a priori defined security hardening patterns. These patterns describe the required steps and actions to harden security code, including detailed information on how and where to inject the security code. We show the viability and relevance of our approach by: (1) elaborating security hardening patterns and plans to common security hardening practices, (2) realizing these patterns by implementing them into aspect-oriented languages, (3) applying them to secure applications, (4) testing the hardened applications. Furthermore, we discuss, in this paper, our insights on the appropriateness, strengths and limitations of the aspect-oriented paradigm for security hardening. |
Databáze: | OpenAIRE |
Externí odkaz: |