Strategies for Landing an Oracle DBA Job as a Fresher
20120709 cyber patterns2012
1. Extending AOP Principles for the
Description of Network Security
Patterns
David Llewellyn-Jones, Qi Shi, Madjid Merabti
Cyberpatterns 2012, Abingdon, Oxfordshire, UK, 10th July 2012
PROTECT
Research Centre for Critical Infrastructure Computer Technology and Protection
School of Computing and Mathematical Sciences
Liverpool John Moores University, Byrom Street, Liverpool L3 3AF, UK
Email: D.Llewellyn-Jones@ljmu.ac.uk
Web: http://www.ljmu.ac.uk/cmp/
3. • Ensuring Trustworthiness and Security in Service
Composition
• http://www.aniketos.eu/
• The research leading to these results has received
funding from the European Union Seventh
Framework Programme (FP7/2007-2013) under
grant no 257930 (Aniketos)
4. • Monitoring; trust and security analysis; recomposition and adaptation
5. Aspect Oriented Programming
• Programming or development paradigm
• Object Oriented Programming
– Encapsulates related data and
functionality all in one place
– Hierarchical classes
• Inheritance
• Generalisation
• Class attribute
– Hard to capture cross-cutting concerns
7. Aspect Oriented Programming
• Orthogonal to Object Oriented
Programming
• Cross-Cutting Concerns
– Similar functionality
– Multiple places throughout
• Example
– Data logging
8. Security Concerns
• Security
– Classic cross-cutting concern
– Apply in many places throughout code
– Requires consistent approach
• Examples
– Authorisation
– Access control
– Data tagging
9. AOP Glossary
• Aspect
– The feature to be added
• Join-Point
– Potential
• Point-Cut
– Actual
• Advice
– Code to be injected
• Aspect weaving
– The process of adding advice to code
10. Join-Points
• Join-points
– Method calls
– Initialisation
– Get/set
• Application
– Before
– After
– Around
• Dictates power of AOP technique
12. Reflection
• Aspects can be inserted at compile time
– Static aspect weaving
• Introspection
– Allow analysis of code at runtime
• Intercession
– Allow code to be altered at runtime
– Insert new code, redefine language
• Allows aspects inserted at runtime
– Dynamic aspect weaving
13. Network Security
• Ideal, in theory
– Apply aspects to services at runtime
– Improve security based on dynamic
composition and policy
• Problematic, in practice
– Point-cuts apply to single codebase
– Applied universally
– Distributed systems need different but
related techniques in different places
14. Encryption Aspects
Communication
Encrypt Decrypt
Communication
• Often need to apply to multiple systems
– Different related aspects
– Not naturally covered by existing join-point
definition languages
• Need language to define this
15. Join-Point Language Requirements
1. Capture sequences of more than two systems
2. Match multiple sets of networked systems
3. Be determinate
4. Based on code and relationship between systems
5. Aspect code related to join-point and existing code
19. Patterns
• We aim to define a language for defining
patterns
• Combine with existing in-code join-point
definitions
• Allow complex relationships between
networked systems to be defined
• Both global and distributed application
25. AOP Applied to Security
• Client-Server chat application
– Cleartext communication
• Encryption/Decryption service
• Aspects re-route data flow
Communication
– Different aspects for client
and server
Miguel García, David Llewellyn-Jones, Francisco Ortin, Madjid
Merabti, "Applying dynamic separation of aspects to distributed
systems security: a case study", IET Software, Volume 6, Issue
3, pp. 165-282, June 2012.
26. AOP Applied to Security
Communication
Communication
Communication
27. Discussion
• Why choose this method?
– Flexibility
– Aim for all computable sets of networks
– Distributed or centralised
• Practical application
– Definition and aspects still to be combined
• Challenges
– Difficult to define
– Aspects are specialised, not generalised
28. Future Work
• Practical
– Restatement in XML format
– Integrate with join-point definition language
– Reason and apply to real code
• Theoretical
– Measure expressivity of the language
– Formalise currently unspecified aspects
– Define security patterns
29. Conclusion
• Security is a cross-cutting concern
• Existing AOP point-cuts are not designed for
networked systems
• A way of relating aspects to distributed
systems is needed for security
• Propose initial method for defining point-cut
patterns