Secure Application Development
Home faculty program location registration subscribe related past events	Joys and horrors of aspect-oriented programming Learning objectives appreciate the cross-cutting nature of security operations; know how to address them by aspect-oriented programming; understand the vulnerabilities aspect-oriented programming introduces. Overview Over the last decade, Aspect Oriented Programming (AOP), a development paradigm that focuses on improving the modularisation of cross-cutting concerns, has received a great deal of attention from both the academic and the industrial community. AOP has been shown to bring a number of software engineering benefits. However, the security characteristics of AOP have been studied less. Whether AOP can be used to build secure software is the key questions addressed in this session. In this presentation we elaborate on a number of security implications of AOP. Risks will be shown to originate from the core concepts of AOP, as well as from tool-specific implementation strategies. In the tool arena, we specifically focus on AspectJ. The presentation concludes by indicating how these risks can be mitigated, both from a theoretical and from a practical perspective.

Secure Application Development

Joys and horrors of aspect-oriented programming

Learning objectives

appreciate the cross-cutting nature of security operations;
know how to address them by aspect-oriented programming;
understand the vulnerabilities aspect-oriented programming introduces.

Overview

Over the last decade, Aspect Oriented Programming (AOP), a development paradigm that focuses on improving the modularisation of cross-cutting concerns, has received a great deal of attention from both the academic and the industrial community. AOP has been shown to bring a number of software engineering benefits. However, the security characteristics of AOP have been studied less. Whether AOP can be used to build secure software is the key questions addressed in this session.

In this presentation we elaborate on a number of security implications of AOP. Risks will be shown to originate from the core concepts of AOP, as well as from tool-specific implementation strategies. In the tool arena, we specifically focus on AspectJ. The presentation concludes by indicating how these risks can be mitigated, both from a theoretical and from a practical perspective.