Aspects and Class-based Security: A Survey of Interactions between Advice Weaving and the Java 2 Security Model.

Andreas Sewe; Christoph Bockisch; Mira Mezini

doi:10.1145/1507504.1507507

Aspects and Class-based Security: A Survey of Interactions between Advice Weaving and the Java 2 Security Model.

Andreas Sewe
, Christoph Bockisch
, Mira Mezini

Research output: Contribution to conference › Paper › peer-review

4 Citations (Scopus)

4 Downloads (Pure)

Abstract

Various aspect-oriented languages, e.g., AspectJ, Aspect-Werkz, and JAsCo, have been proposed as extensions to one particular object-oriented base language, namely Java. But these extensions do not fully take the interactions with the Java 2 security model into account. In particular, the implementation technique of advice weaving gives rise to two security issues: the erroneous assignment of aspects to protection domains and the violation of namespace separation. Therefore, a comprehensive discussion of the design choices available with respect to interactions with the dynamic class loading facilities of the Java VM is provided.

Original language	Undefined
Pages	3
Number of pages	7
DOIs	https://doi.org/10.1145/1507504.1507507
Publication status	Published - Oct 2008
Event	2nd Workshop on Virtual Machines and Intermediate Languages, VMIL 2008 - Nashville, TN, USA Duration: 19 Oct 2008 → 19 Oct 2008

Workshop

Workshop	2nd Workshop on Virtual Machines and Intermediate Languages, VMIL 2008
Period	19/10/08 → 19/10/08
Other	19 October 2008

Keywords

EWI-17731
CR-D.3
Aspect Oriented Programming
Advice weaving
IR-79905
Java security model
dynamic class loading

Access to Document

10.1145/1507504.1507507

http://eprints.eemcs.utwente.nl/secure2/17731/01/sewe2008.pdf

Cite this

@conference{ae684345117b4bf7b87b0c5b45940f9a,

title = "Aspects and Class-based Security: A Survey of Interactions between Advice Weaving and the Java 2 Security Model.",

abstract = "Various aspect-oriented languages, e.g., AspectJ, Aspect-Werkz, and JAsCo, have been proposed as extensions to one particular object-oriented base language, namely Java. But these extensions do not fully take the interactions with the Java 2 security model into account. In particular, the implementation technique of advice weaving gives rise to two security issues: the erroneous assignment of aspects to protection domains and the violation of namespace separation. Therefore, a comprehensive discussion of the design choices available with respect to interactions with the dynamic class loading facilities of the Java VM is provided.",

keywords = "EWI-17731, CR-D.3, Aspect Oriented Programming, Advice weaving, IR-79905, Java security model, dynamic class loading",

author = "Andreas Sewe and Christoph Bockisch and Mira Mezini",

year = "2008",

month = oct,

doi = "10.1145/1507504.1507507",

language = "Undefined",

pages = "3",

note = "2nd Workshop on Virtual Machines and Intermediate Languages, VMIL 2008 ; Conference date: 19-10-2008 Through 19-10-2008",

}

TY - CONF

T1 - Aspects and Class-based Security: A Survey of Interactions between Advice Weaving and the Java 2 Security Model.

AU - Sewe, Andreas

AU - Bockisch, Christoph

AU - Mezini, Mira

PY - 2008/10

Y1 - 2008/10

N2 - Various aspect-oriented languages, e.g., AspectJ, Aspect-Werkz, and JAsCo, have been proposed as extensions to one particular object-oriented base language, namely Java. But these extensions do not fully take the interactions with the Java 2 security model into account. In particular, the implementation technique of advice weaving gives rise to two security issues: the erroneous assignment of aspects to protection domains and the violation of namespace separation. Therefore, a comprehensive discussion of the design choices available with respect to interactions with the dynamic class loading facilities of the Java VM is provided.

AB - Various aspect-oriented languages, e.g., AspectJ, Aspect-Werkz, and JAsCo, have been proposed as extensions to one particular object-oriented base language, namely Java. But these extensions do not fully take the interactions with the Java 2 security model into account. In particular, the implementation technique of advice weaving gives rise to two security issues: the erroneous assignment of aspects to protection domains and the violation of namespace separation. Therefore, a comprehensive discussion of the design choices available with respect to interactions with the dynamic class loading facilities of the Java VM is provided.

KW - EWI-17731

KW - CR-D.3

KW - Aspect Oriented Programming

KW - Advice weaving

KW - IR-79905

KW - Java security model

KW - dynamic class loading

U2 - 10.1145/1507504.1507507

DO - 10.1145/1507504.1507507

M3 - Paper

SP - 3

T2 - 2nd Workshop on Virtual Machines and Intermediate Languages, VMIL 2008

Y2 - 19 October 2008 through 19 October 2008

ER -