To view a recording of this session Get Adobe Flash player

Dr. Bart De Win

Bart De Win has over 15 years of experience in software security. He has an extensive background in the field, including his Ph.D. and research work on methods and techniques for software protection.  Since 2009, Bart has been responsible for all application security services within Ascure & PwC Belgium.  He has extensive project experience in software testing and in assisting companies improving their secure software development practices. 

 

Bart is member of the OWASP Belgium Chapter board and he is a co-leader of the OpenSAMM Software Assurance Model. Bart is SABSA, Prince 2 and CSSLP certified.

 


 description

AOP

Learning objectives

  • understand the cross-cutting nature of security;
  • know how to implement security functionality by aspect-oriented programming techniques;
  • understand potential vulnerabilities aspect-oriented programming introduces.

Overview

Aspect Oriented Programming (AOP) is a development paradigm that focuses on improving the modularization of cross-cutting concerns. Over the last decade, it has received a great deal of attention from both the academic and the industrial community. AOP has been shown to bring a number of software engineering benefits. However, the security implications of AOP are less clear. Whether AOP can be used to build secure software is the key question addressed in this session.

In this presentation we first discuss how AOP can be used to implement security controls. Thereafter, we elaborate on a number of security implications of AOP. Risks will be shown to originate from the core concepts of AOP, as well as from tool-specific implementation strategies. In the tool arena, we specifically focus on AspectJ. The presentation concludes by indicating how these risks can be mitigated, both from a theoretical and from a practical perspective.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS STREWS
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.