Common weaving approach in mainstream languages for software security hardening
In this paper, we propose a novel aspect-oriented approach based on GIMPLE, a language-independent and a tree-based representation generated by the GNU Compiler Collection (GCC), for the systemization of application security hardening. The security solutions are woven into GIMPLE representations in...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | , , |
| التنسيق: | article |
| منشور في: |
2013
|
| الوصول للمادة أونلاين: | http://hdl.handle.net/10725/2677 http://dx.doi.org/10.1016/j.jss.2013.05.044 http://www.sciencedirect.com/science/article/pii/S0164121213001325 |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| _version_ | 1864513459056541696 |
|---|---|
| author | Alhadidi, Dima |
| author2 | Mourad, Azzam Kaitouni, Hakim Idrissi Debbabi, Mourad |
| author2_role | author author author |
| author_facet | Alhadidi, Dima Mourad, Azzam Kaitouni, Hakim Idrissi Debbabi, Mourad |
| author_role | author |
| dc.creator.none.fl_str_mv | Alhadidi, Dima Mourad, Azzam Kaitouni, Hakim Idrissi Debbabi, Mourad |
| dc.date.none.fl_str_mv | 2013 2015-11-24T13:05:45Z 2015-11-24T13:05:45Z 2015-11-24 |
| dc.identifier.none.fl_str_mv | 1873-1228 http://hdl.handle.net/10725/2677 http://dx.doi.org/10.1016/j.jss.2013.05.044 Alhadidi, D., Mourad, A., Kaitouni, H. I., & Debbabi, M. (2013). Common weaving approach in mainstream languages for software security hardening. Journal of Systems and Software, 86(10), 2654-2674. http://www.sciencedirect.com/science/article/pii/S0164121213001325 |
| dc.language.none.fl_str_mv | en |
| dc.relation.none.fl_str_mv | Journal of Systems and Software |
| dc.rights.*.fl_str_mv | info:eu-repo/semantics/openAccess |
| dc.title.none.fl_str_mv | Common weaving approach in mainstream languages for software security hardening |
| dc.type.none.fl_str_mv | Article info:eu-repo/semantics/publishedVersion info:eu-repo/semantics/article |
| description | In this paper, we propose a novel aspect-oriented approach based on GIMPLE, a language-independent and a tree-based representation generated by the GNU Compiler Collection (GCC), for the systemization of application security hardening. The security solutions are woven into GIMPLE representations in a systematic way, eliminating the need for manual hardening that might generate a considerable number of errors. To achieve this goal, we present a formal specification for GIMPLE weaving and the implementation strategies of the proposed weaving semantics. Syntax for a common aspect-oriented language that is abstract and multi-language support together with syntax for a core set for GIMPLE constructs are presented to express the weaving semantics. GIMPLE weaving accompanied by a common aspect-oriented language (1) allows security experts providing security solutions using this common language, (2) lets developers focus on the main functionality of programs by relieving them from the burden of security issues, (3) unifies the matching and the weaving processes for mainstream languages, and (4) facilitates introducing new security features in AOP languages. We handle the correctness and the completeness of GIMPLE weaving in two different ways. In the first approach, we prove them according to the rules and algorithms provided in this paper. In the second approach, we accommodate Kniesel's discipline that ensures that security solutions specified by our approach are applied at all and only the required points in source code, taking into consideration weaving interactions and interferences. Finally, we explore the viability and the relevance of our propositions by applying the defined approach for systematic security hardening to develop case studies. |
| eu_rights_str_mv | openAccess |
| format | article |
| id | LAURepo_10acfbbbad5bd547e447e32b3f74fa4f |
| identifier_str_mv | 1873-1228 Alhadidi, D., Mourad, A., Kaitouni, H. I., & Debbabi, M. (2013). Common weaving approach in mainstream languages for software security hardening. Journal of Systems and Software, 86(10), 2654-2674. |
| language_invalid_str_mv | en |
| network_acronym_str | LAURepo |
| network_name_str | Lebanese American University repository |
| oai_identifier_str | oai:laur.lau.edu.lb:10725/2677 |
| publishDate | 2013 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| spelling | Common weaving approach in mainstream languages for software security hardeningAlhadidi, DimaMourad, AzzamKaitouni, Hakim IdrissiDebbabi, MouradIn this paper, we propose a novel aspect-oriented approach based on GIMPLE, a language-independent and a tree-based representation generated by the GNU Compiler Collection (GCC), for the systemization of application security hardening. The security solutions are woven into GIMPLE representations in a systematic way, eliminating the need for manual hardening that might generate a considerable number of errors. To achieve this goal, we present a formal specification for GIMPLE weaving and the implementation strategies of the proposed weaving semantics. Syntax for a common aspect-oriented language that is abstract and multi-language support together with syntax for a core set for GIMPLE constructs are presented to express the weaving semantics. GIMPLE weaving accompanied by a common aspect-oriented language (1) allows security experts providing security solutions using this common language, (2) lets developers focus on the main functionality of programs by relieving them from the burden of security issues, (3) unifies the matching and the weaving processes for mainstream languages, and (4) facilitates introducing new security features in AOP languages. We handle the correctness and the completeness of GIMPLE weaving in two different ways. In the first approach, we prove them according to the rules and algorithms provided in this paper. In the second approach, we accommodate Kniesel's discipline that ensures that security solutions specified by our approach are applied at all and only the required points in source code, taking into consideration weaving interactions and interferences. Finally, we explore the viability and the relevance of our propositions by applying the defined approach for systematic security hardening to develop case studies.PublishedN/A2015-11-24T13:05:45Z2015-11-24T13:05:45Z20132015-11-24Articleinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/article1873-1228http://hdl.handle.net/10725/2677http://dx.doi.org/10.1016/j.jss.2013.05.044Alhadidi, D., Mourad, A., Kaitouni, H. I., & Debbabi, M. (2013). Common weaving approach in mainstream languages for software security hardening. Journal of Systems and Software, 86(10), 2654-2674.http://www.sciencedirect.com/science/article/pii/S0164121213001325enJournal of Systems and Softwareinfo:eu-repo/semantics/openAccessoai:laur.lau.edu.lb:10725/26772020-05-17T10:44:36Z |
| spellingShingle | Common weaving approach in mainstream languages for software security hardening Alhadidi, Dima |
| status_str | publishedVersion |
| title | Common weaving approach in mainstream languages for software security hardening |
| title_full | Common weaving approach in mainstream languages for software security hardening |
| title_fullStr | Common weaving approach in mainstream languages for software security hardening |
| title_full_unstemmed | Common weaving approach in mainstream languages for software security hardening |
| title_short | Common weaving approach in mainstream languages for software security hardening |
| title_sort | Common weaving approach in mainstream languages for software security hardening |
| url | http://hdl.handle.net/10725/2677 http://dx.doi.org/10.1016/j.jss.2013.05.044 http://www.sciencedirect.com/science/article/pii/S0164121213001325 |