ABSTRACT
Various aspect-oriented languages, e.g., AspectJ, Aspect-Werkz, and JAsCo, have been proposed as extensions to one particular object-oriented base language, namely Java. But these extensions do not fully take the interactions with the Java 2 security model into account. In particular, the implementation technique of advice weaving gives rise to two security issues: the erroneous assignment of aspects to protection domains and the violation of namespace separation. Therefore, a comprehensive discussion of the design choices available with respect to interactions with the dynamic class loading facilities of the Java VM is provided.
- B. Alpern, C. R. Attanasio, A. Cocchi, D. Lieber, S. Smith, T. Ngo, J. J. Barton, S. F. Hummel, J. C. Sheperd, and M. Mergen. Implementing Jalapeño in Java. In Proceedings of the 14th Conference on Object-oriented Programming, Systems, Languages, and Applications, 1999. Google ScholarDigital Library
- The AspectJ Project. The AspectJ Development Environment Guide. http://www.eclipse.org/aspectj/doc/released/devguide/.Google Scholar
- The AspectJ Project. The AspectJ Programming Guide. http://www.eclipse.org/aspectj/doc/released/progguide/.Google Scholar
- P. Avgustinov, A. S. Christensen, L. J. Hendren, S. Kuzins, J. Lhoták, O. Lhoták, O. de Moor, D. Sereni, G. Sittampalam, and J. Tibbie. Optimising AspectJ. ACM SIGPLAN Notices, 40(6), 2005. Google ScholarDigital Library
- O. Barzilay, Y. A. Feldman, S. Tyszberowicz, and A. Yehudai. Call and execution semantics of AspectJ. In Proceedings of the 3rd Workshop on Foundations of Aspect-oriented Languages, 2004.Google Scholar
- C. Bockisch, M. Haupt, and M. Mezini. Dynamic virtual join point dispatch. In Proceedings of the 4th Workshop on Software Engineering Properties of Languages and Aspect Technologies, 2006.Google Scholar
- J. Bonér. AspectWerkz. In Proceedings of the 3rd Conference on Aspect-oriented Software Development, 2004.Google Scholar
- B. de Win, F. Piessens, and W. Joosen. How secure is AOP and what can we do about it? In Proceedings of the 2006 Workshop on Software Engineering for Secure Systems, 2006. Google ScholarDigital Library
- L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers. Going beyond the sandbox: An overview of the new security architecture in the Java development kit 1.2. In Proceedings of the USENIX Symposium on Internet Technologies and Systems, 1997. Google ScholarDigital Library
- J. Gosling, W. N. Joy, G. L. Steele, and G. Bracha. The Java Language Specification. Addison-Wesley, 3rd edition, 2005. Google ScholarDigital Library
- E. Hilsdale and J. Hugunin. Advice weaving in AspectJ. In Proceedings of the 3rd Conference on Aspect-oriented Software Development (AOSD), 2004. Google ScholarDigital Library
- G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. G. Griswold. An overview of AspectJ. In Proceedings of the 15th European Conference on Object-oriented Programming, 2001. Google ScholarDigital Library
- G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. V. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-oriented programming. In Proceedings of the 11th European Conference on Object-oriented Programming, 1997.Google ScholarCross Ref
- S. Liang and G. Bracha. Dynamic class loading in the Java virtual machine. In Proceedings of the 13th Conference on Object-oriented Programming, Systems, Languages, and Applications, 1998. Google ScholarDigital Library
- T. Lindholm and F. Yellin. The Java Virtual Machine Specification. The Java Series. Prentice Hall, 2nd edition, 1999. Google ScholarDigital Library
- H. Masuhara and G. Kiczales. Modeling crosscutting in aspect-oriented mechanisms. In Proceedings of the 17th European Conference on Object-oriented Programming, 2003.Google ScholarCross Ref
- Sun Microsystems. The Java HotSpot Server VM. http://java.sun.com/products/hotspot/docs/general/hs2.html.Google Scholar
- D. Suvée, W. Vanderperren, and V. Jonckers. JAsCo: an aspect-oriented approach tailored for component based software development. In Proceedings of the 2nd Conference on Aspect-oriented Software Development, 2003. Google ScholarDigital Library
- System and Software Engineering Lab, Vrije Universiteit Brussel. JAsCo language reference 0.8.6. http://ssel.vub.ac.be/jasco/lib/exe/fetch.php?media=documentation%3Ajasco.pdf.Google Scholar
Index Terms
- Aspects and class-based security: a survey of interactions between advice weaving and the Java 2 security model
Recommendations
An interface mechanism for encapsulating weaving in class-based AOP
SPLAT '07: Proceedings of the 5th workshop on Software engineering properties of languages and aspect technologiesAspect-oriented programming (AOP) separates crosscutting concerns from primary concerns. These concerns are woven together by a weaver. Although AOP provides a good module mechanism, it is not necessarily easy for a programmer to understand the overall ...
State-based testing of integration aspects
WTAOP '06: Proceedings of the 2nd workshop on Testing aspect-oriented programsAspect-oriented programming supports a variety of composition strategies, from the clearly acceptable to the questionable. One of the strategies is to make an aspect integrate separate concerns. Such integration aspects, like other aspects, may ...
Weaving temporal and reliability aspects into a schema tapestry
In aspect-oriented programming (AOP) a cross-cutting concern is implemented in an aspect. An aspect weaver blends code from the aspect into a program's code at programmer-specified cut points, yielding an aspect-enhanced program. In this paper, we apply ...
Comments