by Fan Yang,
Hidehiko Masuhara,
Tomoyuki Aotani, Flemming Nielson and Hanne Riis Nielson
Abstract:
Enforcing security policies to distributed systems is difficult, in particular, to a system containing untrusted components. We designed AspectKE*, an aspect-oriented programming language based on distributed tuple spaces to tackle this issue. One of the key features in AspectKE* is the program analysis predicates and functions that provide information on future behavior of a program. With a dual value evaluation mechanism that handles results of static analysis and runtime values at the same time, those functions and predicates enable the users to specify security policies in a uniform manner. Our two-staged implementation strategy gathers fundamental static analysis information at load-time, so as to avoid performing all analysis at runtime. We built a compiler for AspectKE*, and successfully implemented security aspects for a distributed chat system and an electronic healthcare record workflow system.
Reference:
Combining Static Analysis and Runtime Checking in Security Aspects for Distributed Tuple Spaces (Fan Yang, Hidehiko Masuhara, Tomoyuki Aotani, Flemming Nielson and Hanne Riis Nielson), In Proceedings of the 13th International Conference on Coordination Models and Languages, volume 6721, 2011.
Bibtex Entry:
@inproceedings{yang2011coordination,
pdf = {coordination2011.pdf},
author = {Fan Yang and Hidehiko Masuhara and Tomoyuki Aotani and Flemming Nielson and Hanne Riis Nielson},
title = {Combining Static Analysis and Runtime Checking in Security Aspects for Distributed Tuple Spaces},
booktitle = {Proceedings of the 13th International Conference on Coordination Models and Languages},
opturl = {http://discotec.ru.is/coordination/main},
pages = {202--218},
series = {Lecture Notes in Computer Science},
location = {Reykjavik, Iceland},
volume = 6721,
year = 2011,
month = jun # { 6-8},
doi = {10.1007/978-3-642-21464-6_14},
acceptanceratio = {40% (14/35)},
abstract = {Enforcing security policies to distributed systems is difficult, in particular, to a system containing untrusted components. We designed AspectKE*, an aspect-oriented programming language based on distributed tuple spaces to tackle this issue. One of the key features in AspectKE* is the program analysis predicates and functions that provide information on future behavior of a program. With a dual value evaluation mechanism that handles results of static analysis and runtime values at the same time, those functions and predicates enable the users to specify security policies in a uniform manner. Our two-staged implementation strategy gathers fundamental static analysis information at load-time, so as to avoid performing all analysis at runtime. We built a compiler for AspectKE*, and successfully implemented security aspects for a distributed chat system and an electronic healthcare record workflow system.}
}