Re-engineering Security as a Crosscutting Concern
نویسندگان
چکیده
We have re-engineered a third-party application using a reflective security architecture that allows security to be treated as a crosscutting concern. This has resulted in a considerable reduction in tangling between application code and security code. Prior to the re-engineering, the application was secured using a conventional approach based upon the application of inheritance and the proxy pattern, and we are thus able to compare both approaches. Our experience highlights some general points that are applicable to any attempt to engineer security using advanced separation of concerns technology and some possible improvements to Kava, used to implement the crosscutting concerns.
منابع مشابه
Comparing Requirement Engineering Approaches for Handling Crosscutting Concerns
A number of requirements engineering (RE) approaches have focused on addressing broadly scoped (non-functional) properties such as security, availability, etc. More recently, several aspect-oriented requirements engineering (AORE) approaches have been proposed to tackle both functional and non-functional requirements of a crosscutting nature. In this paper, we analyse how some well-known RE app...
متن کاملA Multi-Dimensional, Model-Driven Approach to Concern Identification and Traceability
1. Introduction The separation of concerns principle [3], i.e., modularising concerns so that they may be realised and reasoned about in isolation, is a fundamental principle in software engineering. Recent years have seen increasing interest in aspect-oriented software development (AOSD) techniques [1, 4]. These focus on treatment of crosscutting concerns, i.e., concerns of a broadly scoped na...
متن کاملSecurity and Aspects: A Metaobject Protocol Viewpoint
In this paper we reflect upon the results of experiments that have attempted to use Metaobject Protocols to implement security as a crosscutting concern. As security is often cited as a crosscutting concern that could be implemented using Aspects we would like to point the way to some of the requirements that should be met by any aspect language used to implement security as a crosscutting conc...
متن کاملWhat is an Aspect in Aspect-oriented Requirements Engineering?
Addressing the issue of crosscutting concerns within a software system, the notion of an aspect has been introduced, first for so-called AspectOriented Programming (AOP) and then, more generally, for Aspect-Oriented Software Development (AOSD). Unfortunately, this notion is used with two different meanings: one as a synonym for “crosscutting concern”, and the other as a means to deal with a cro...
متن کاملAOSD is an enabler for good enough security
The idea of business driven, good enough security for distributed software applications is promising, but many challenges remain. In this paper, we discuss some of the essential requirements, and focus in detail on one of the key technological challenges: how to engineer secure applications so that they support easy evolution of the security measures. Traditional (object-oriented) software engi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Comput. J.
دوره 46 شماره
صفحات -
تاریخ انتشار 2003