Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security through AOSD may harm… Discussion report.

Similar presentations

Presentation on theme: "Security through AOSD may harm… Discussion report."— Presentation transcript:

1 Security through AOSD may harm… Discussion report

2 AOSD composition and security How can we know whether a composition (Base + securityA + otherA) is acceptable: Really effectively delivering the expected security Not harming the base application?

3 Can I express order… Limit the specification of orders…. Is this a new problem? –Cfr. Mixin based inheritance

4 Knowing the exact meaning of composition waaaaw

5 Opening (unintended) covered channels Prevent leakage Example: sharing information between authentication and authorization module…

6 Our focus… Intended attacks: not our focus now Unintentional attacks. –Because of aspect interference… –Security solution Probably multiple aspects, to be composed Can this be a (sort of) sand-box?

7 Headlines of what we need… 1. Principle of least privilige –State what privilige any aspect would have on a given aspect –Then explicitly allow more privilige To certain classes, or instances 2. Order of composition –E.g. Log before decrypt… 3. Aspects sharing state (communicate) –Do not allow leaking/interception.

8 Adoption Evolution of the applications: –If I compose the new version of the application with the security aspect: –Who confirms that the result is right? Is it worse then what we are used to (without aspects)? Lots of psycho?

9 Side-track Business rules in aspects?

10 Core problem Declarative semantics for composition Compiler support.

Download ppt "Security through AOSD may harm… Discussion report."

Similar presentations

Ads by Google