Modularizing security concerns by means of aspect oriented software development

Project supervisors: Wouter Joosen, Frank Piessens

Researchers: Bart De Win, Tine Verhanneman

Aspect-Oriented Software Development (AOSD) represents a (if not the most) promising approach to improve the software development process in cases where application requirements that seem to be well-separated result in software behavior that crosscuts the basic decomposition of the application. The domain of software security is an excellent real-world concern that requires sophisticated solutions to this well-known challenge of separation of concerns.

In several substantial case studies, we have investigated the strengths and limitations of AOSD technologies in dealing with security concerns in software.

The following papers are representative of this research track:

• B. De Win, F. Piessens, W. Joosen, and T. Verhanneman, On the importance of the separation-of-concerns principle in secure software engineering, ACSA Workshop on the Application of Engineering Principles to System Security Design - Final Report (Serban, C., ed.), pp. 1-10, 2003 
  
• B. De Win, W. Joosen, and F. Piessens, Developing secure applications through aspect-oriented programming, Aspect-Oriented Software Development, (Filman, R.E. and Elrad, T. and Clarke, S. and Aksit, M., eds.), Addison-Wesley, October, 2004, pp.633-650 
  
• T. Verhanneman, F. Piessens, B. De Win, and W. Joosen, Uniform application-level access control enforcement of organizationwide policies, Twenty-First Annual Computer Security Applications Conference (Cantarella, JD, ed.), pp. 389-398, 2005