Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security ramifications of AOP and AspectJ

From: Yves Younan <Yves.Younan () cs kuleuven ac be>
Date: Tue, 18 May 2004 16:28:42 +0100
On Tue, 2004-05-18 at 06:53, Jared W. Robinson wrote:

Does anyone know the security ramifications of using Aspect Oriented
Programming such as AspectJ? (http://eclipse.org/aspectj/)
Seems like it might make code injection and behavior modification
easier, but it doesn't, by itself, make it easier to inject hostile code
remotely as with SQL injection or buffer overflows.


AspjectJ is a compile-time AOP language. Why would it make injecting
code at run-time easier? AOSD is actually considered to improve security
when designing and implementing an application, because security is
generally a crosscutting concern.

The PHD thesis of Bart De Win, Engineering Application-level Security
through Aspect-Oriented Software Development
http://www.cs.kuleuven.ac.be/cwis/research/distrinet/resources/publications/41140.pdf&apos;
covers the use of AOSD for security extensively.
There's many more "AOSD and security" related publications listed on his
website:
http://www.cs.kuleuven.ac.be/cwis/research/distrinet/public/showperson.php?ID=3D25

- YY
Previous By Date Next
Previous By Thread Next

Current thread: