Opening (unintended) covered channels Prevent leakage Example: sharing information between authentication and authorization module…
Our focus… Intended attacks: not our focus now Unintentional attacks. –Because of aspect interference… –Security solution Probably multiple aspects, to be composed Can this be a (sort of) sand-box?
Headlines of what we need… 1. Principle of least privilige –State what privilige any aspect would have on a given aspect –Then explicitly allow more privilige To certain classes, or instances 2. Order of composition –E.g. Log before decrypt… 3. Aspects sharing state (communicate) –Do not allow leaking/interception.
Adoption Evolution of the applications: –If I compose the new version of the application with the security aspect: –Who confirms that the result is right? Is it worse then what we are used to (without aspects)? Lots of psycho?