Secure Coding mailing list archives
Re: Security ramifications of AOP and AspectJ
From: Yves Younan <Yves.Younan () cs kuleuven ac be>
Date: Tue, 18 May 2004 16:28:42 +0100
On Tue, 2004-05-18 at 06:53, Jared W. Robinson wrote:
Does anyone know the security ramifications of using Aspect Oriented Programming such as AspectJ? (http://eclipse.org/aspectj/) Seems like it might make code injection and behavior modification easier, but it doesn't, by itself, make it easier to inject hostile code remotely as with SQL injection or buffer overflows.
AspjectJ is a compile-time AOP language. Why would it make injecting code at run-time easier? AOSD is actually considered to improve security when designing and implementing an application, because security is generally a crosscutting concern. The PHD thesis of Bart De Win, Engineering Application-level Security through Aspect-Oriented Software Development http://www.cs.kuleuven.ac.be/cwis/research/distrinet/resources/publications/41140.pdf' covers the use of AOSD for security extensively. There's many more "AOSD and security" related publications listed on his website: http://www.cs.kuleuven.ac.be/cwis/research/distrinet/public/showperson.php?ID=3D25 - YY
Current thread:
- Security ramifications of AOP and AspectJ Jared W. Robinson (May 18)
- Re: Security ramifications of AOP and AspectJ Yves Younan (May 18)