Presentation is loading. Please wait.

Presentation is loading. Please wait.

Applying Aspect-Orientation in Designing Security Systems Shu Gao Florida International University Center for Advanced Distributed Systems Engineering.

Published byJoanna Hart Modified over 8 years ago

Similar presentations

Presentation on theme: "Applying Aspect-Orientation in Designing Security Systems Shu Gao Florida International University Center for Advanced Distributed Systems Engineering."— Presentation transcript:

1 Applying Aspect-Orientation in Designing Security Systems Shu Gao Florida International University Center for Advanced Distributed Systems Engineering

2 Outline Motivation A design case study Aspect-oriented design approach Design product Analysis Conclusion and future work

3 Motivation To design adaptable security systems. To handle the complexity incurred by various requirements. To apply aspect-orientation at design level (AOD).

4 Case Study CORBA Access Control Supporting RBAC Model Family –CORBA is for corporate enterprises. –RBAC is suited for enterprise wide applications. –CORBA specification only defines the essential and general access control interfaces. –How to design a CORBA AC system, which can flexibly support different RBAC models?

5 Role-Based Access Control

6 RBAC96 RBAC 0 : Core RBAC model RBAC 1 : Hierarchical RBAC model RBAC 2 : Constrained RBAC model RBAC 3 : Consolidated RBAC model RBAC X : Other variants of RBAC model

7 Evolution of RBAC model a. The RBAC96 Model Hierarchy b. The RBAC Model Hierarchy with Time and Context Concerns

8 Challenges How to make the design help reuse? allow evolution? be well modularized?

9 Aspect-Oriented Software Development Support separation of concerns by encapsulating crosscutting concerns. Crosscutting concerns: the implementation for which cannot be well localized into common procedures, functions, or classes. Provide methods to –Identify crosscutting concerns, i.e. aspects. –Represent aspects. –Compose aspects.

10 Aspect-Oriented Design Design level aspects identification Design notation Composition rules

11 Aspects Identification Main concern: the design –of basic functionality –which is stable –to be reused Aspect: the design –for functional or non-functional properties which are orthogonal to each other. –crosscutting the main concern and other aspects

12 Design Notation UML class diagrams Extended to support aspect-oriented design using stereotype New stereotypes: >, >, >, >, >, >

13 Composition rules Adopt the composition rules used by AspectJ [1] Join point Pointcut Advice Inter-type declaration Aspect

14 Design Steps Define aspects Define inter-type declarations Identify join points Define pointcuts Define advice – before, after, and around

15 Aspects Main concern: the design supporting RBAC 0 Aspect 1 - RH: supports role hierarchy Aspect 2 - CheckConstraints: supports static constraints Aspect x : reserved for other extensions to RBAC.

16 Aspect RH – Support Role Hierarchy

17 Design Diagrams – Support Static Constraints

18 Design Diagrams – A Consolidated Design

19 Analysis Traditional object-oriented design approaches will lead to tangled and scattered code By using our design approach, –we solved the code tangling and scattering problem; –concerns that crosscuts the main concern is encapsulated into the newly introduced aspects; –the design to be incremented is oblivious to the changes; –the design product is well modularized, easier to understand, reuse, maintain and evolve.

20 Related Work [4] shows how CORBA security architecture can support RBAC 0~3 [2,3,5] give some extensions to UML for AOD use. [6,7] discusses the application of aspect- oriented design in the security domain.

21 Conclusion We proposed an aspect-oriented design approach to designing security systems. A design of CORBA access control system supporting various RBAC models is presented as a case study. We showed that aspect-orientation, if properly used, can help to design adaptable security systems

22 Future Research Introduce formalism to AOD. Expand aspect-orientation to early stages in the software development cycle. Explore AOD’s power in minimizing crosscutting caused by non-functional requirements to a security system.

23 References [1] AspectJ homepage. http://eclipse.org/aspectj/http://eclipse.org/aspectj/ [2] O. Aldawud, T. Elrad and A. Bader. UML Profile for Aspect-Oriented Software Development. In Proceedings of Third International Workshop on Aspect-Oriented Modeling, March 2003. [3] M. Basch and A. Sanchez. Incorporating Aspects into the UML. In Proceedings of Third International Workshop on Aspect-Oriented Modeling, March 2003. [4] K. Beznosov and Y. Deng. A Framework for Implementing Role-Based Access Control Using CORBA Security Service. In the Fourth ACM Workshop on Role- Based Access Control, Fairfax, Virginia, USA, Octorber, 1999.

24 [5] R. Pawlak, L. Duchien, G. Florin, F. Legond-Aubry, L. Seinturier and L. Martelli. A UML Notation for Aspect- Oriented Software Design. In Aspect-Oriented Modeling with UML Workshop at AOSD 2002, Enschede, the Netherlands, 2002. [6] J. Viega, J.T. Bloch and P. Chandra. Applying Aspect- Oriented Programming to Security. Cutter IT Journal, vol.14, no. 2, pp. 31-39, 2001. [7] B.D. Win, F. Piessens, W. Joosen and T. Verhanneman. On the Importance of the Separation-of- Concerns Principle in Secure Software Engineering. In Workshop on the Application of Engineering Principles to System Security Design, December 22, 2002.

Download ppt "Applying Aspect-Orientation in Designing Security Systems Shu Gao Florida International University Center for Advanced Distributed Systems Engineering."

Similar presentations

Full life cycle support for security concerns minutes topics Wouter Joosen.

Full life cycle support for security concerns minutes topics Wouter Joosen.
Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
Awais Rashid, Steffen Zschaler

Awais Rashid, Steffen Zschaler
Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.

Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.
Object-Oriented Software Development CS 3331 Fall 2009.

Object-Oriented Software Development CS 3331 Fall 2009.
Chapter 3 Process Models

Chapter 3 Process Models
An Aspect-Oriented Approach For Web Application Access Control Presented by: Mohamed Hassan Carleton University Carleton University

An Aspect-Oriented Approach For Web Application Access Control Presented by: Mohamed Hassan Carleton University Carleton University
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.
Aspect-Oriented Programming In Eclipse ® Aspect-Oriented Programming in Eclipse with AspectJ Dr Helen Hawkins and Sian January.

Aspect-Oriented Programming In Eclipse ® Aspect-Oriented Programming in Eclipse with AspectJ Dr Helen Hawkins and Sian January.
Aspect-Oriented Modeling Workshop March 14, 2005 Chicago, IL

Aspect-Oriented Modeling Workshop March 14, 2005 Chicago, IL
Enterprise development reference architecture (EDRA) -Deepti Seelamsetti.

Enterprise development reference architecture (EDRA) -Deepti Seelamsetti.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
ASPECT ORIENTED SOFTWARE DEVELOPMENT Prepared By: Ebru Doğan.

ASPECT ORIENTED SOFTWARE DEVELOPMENT Prepared By: Ebru Doğan.
An Aspect-Oriented Approach to Dynamic Adaptation August 8, 2002 Presented by: Sherri Goings Advisors: Dr. Dillon, Dr. Cheng, Dr. Stirewalt SENS Lab www.cse.msu.edu/sens.

An Aspect-Oriented Approach to Dynamic Adaptation August 8, 2002 Presented by: Sherri Goings Advisors: Dr. Dillon, Dr. Cheng, Dr. Stirewalt SENS Lab
Distributed Communication Kick-Off Presentation by António Rito Silva at EDO 2000 November 2-3, 2000 Davis, California.

Distributed Communication Kick-Off Presentation by António Rito Silva at EDO 2000 November 2-3, 2000 Davis, California.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development 2.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development 2.
1 Model Interface Implementation for Two-Way Obliviousness in Aspect-Oriented Modeling Presented by Wuliang Sun Department of Computer Science Baylor University.

1 Model Interface Implementation for Two-Way Obliviousness in Aspect-Oriented Modeling Presented by Wuliang Sun Department of Computer Science Baylor University.
Basic Concepts The Unified Modeling Language (UML) SYSC 3100 - System Analysis and Design.

Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
Deriving AO Software Architectures using the AO-ADL Tool Suite Luis Fernández, Lidia Fuentes, Mónica Pinto, Juan A. Valenzuela Universidad de Málaga

Deriving AO Software Architectures using the AO-ADL Tool Suite Luis Fernández, Lidia Fuentes, Mónica Pinto, Juan A. Valenzuela Universidad de Málaga
 Introduction  Terms  Design – Modeling  Requirements  Languages  Maintenance  Comparison to Object Oriented  Applications 2.

 Introduction  Terms  Design – Modeling  Requirements  Languages  Maintenance  Comparison to Object Oriented  Applications 2.

Similar presentations

Ads by Google