A High-level Aspect-oriented-based Framework for Software Security Hardening
In this paper, we present an aspect-oriented approach and propose a high-level language called SHL (Security Hardening Language) for the systematic security hardening of software. The primary contribution of this proposition is providing the software architects with the capabilities to perform secur...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , |
| Format: | article |
| Published: |
2008
|
| Online Access: | http://hdl.handle.net/10725/2689 http://dx.doi.org/10.1080/19393550801911230 http://www.tandfonline.com/doi/abs/10.1080/19393550801911230 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | In this paper, we present an aspect-oriented approach and propose a high-level language called SHL (Security Hardening Language) for the systematic security hardening of software. The primary contribution of this proposition is providing the software architects with the capabilities to perform security hardening by applying well-defined solutions and without the need to have expertise in the security solution domain. At the same time, the security hardening is applied in an organized and systematic way in order not to alter the original functionalities of the software. This is done by providing an abstraction over the actions required to improve the security of a program and adopting aspect-oriented programming to build and develop the solutions. SHL allows the developers to describe and specify the security hardening plans and patterns needed to harden systematically security into open source software. It is a minimalist language built on top of the current aspect-oriented technologies that are based on advice-poincut model and can also be used in conjunction with them. We explore the viability and relevance of our proposition by applying it into several security hardening case studies and presenting their experimental results. |
|---|