by Fan Yang,
Hidehiko Masuhara,
Tomoyuki Aotani, Flemming Nielson and Hanne Riis Nielson
Abstract:
Enforcing security policies to distributed systems is difficult, in particular, when a system contains untrusted components. We designed AspectKE*, a distributed AOP language based on a tuple space, to tackle this issue. In AspectKE*, aspects can enforce access control policies that depend on future behavior of running processes. One of the key language features is the predicates and functions that extract results of static program analysis, which are useful for defining security aspects that have to know about future behavior of a program. AspectKE* also provides a novel variable binding mechanism for pointcuts, so that pointcuts can uniformly specify join points based on both static and dynamic information about the program. Our implementation strategy performs fundamental static analysis at load-time, so as to retain runtime overheads minimal. We implemented a compiler for AspectKE*, and demonstrate usefulness of AspectKE* through a security aspect for a distributed chat system.
Reference:
AspectKE*: Security Aspects with Program Analysis for Distributed Systems (Fan Yang, Hidehiko Masuhara, Tomoyuki Aotani, Flemming Nielson and Hanne Riis Nielson), In Proceedings of the 9th Workshop on Aspects, Components, and Patterns for Infrastructure Software (ACP4IS'10), (published as Technical Report No. 33, Hasso-Plattner Institut, University of Potsdam) (Bram Adams, Michael Haupt, Daniel Lohmann, eds.), 2010.
Bibtex Entry:
@inproceedings{fanyang2010acp4is,
pdf = {acp4is2010.pdf},
author = {Fan Yang and Hidehiko Masuhara and Tomoyuki Aotani and Flemming Nielson and Hanne Riis Nielson},
title = {{AspectKE*}: Security Aspects with Program Analysis for Distributed Systems},
booktitle = {Proceedings of the 9th Workshop on Aspects, Components, and Patterns for Infrastructure Software (ACP4IS'10), (published as Technical Report No.~33, Hasso-Plattner Institut, University of Potsdam)},
editor = {Bram Adams and Michael Haupt and Daniel Lohmann},
isbn = {978-3-86956-043-4},
issn = {1613-5652},
pages = {27--31},
year = 2010,
month = mar # { 16},
pdf = {acp4is2010.pdf},
url = {http://publishup.uni-potsdam.de/opus4-ubp/files/3946/tbhpi33.pdf},
abstract = {Enforcing security policies to distributed systems is difficult, in particular, when a system contains untrusted components. We designed AspectKE*, a distributed AOP language based on a tuple space, to tackle this issue. In AspectKE*, aspects can enforce access control policies that depend on future behavior of running processes. One of the key language features is the predicates and functions that extract results of static program analysis, which are useful for defining security aspects that have to know about future behavior of a program. AspectKE* also provides a novel variable binding mechanism for pointcuts, so that pointcuts can uniformly specify join points based on both static and dynamic information about the program. Our implementation strategy performs fundamental static analysis at load-time, so as to retain runtime overheads minimal. We implemented a compiler for AspectKE*, and demonstrate usefulness of AspectKE* through a security aspect for a distributed chat system.}
}