1. Extending AOP Principles for the
Description of Network Security
Patterns
David Llewellyn-Jones, Qi Shi, Madjid Merabti
Cyberpatterns 2012, Abingdon, Oxfordshire, UK, 10th July 2012
PROTECT
Research Centre for Critical Infrastructure Computer Technology and Protection
School of Computing and Mathematical Sciences
Liverpool John Moores University, Byrom Street, Liverpool L3 3AF, UK
Email: D.Llewellyn-Jones@ljmu.ac.uk
Web: http://www.ljmu.ac.uk/cmp/

2. Overview
• Aspect Oriented Programming
• Security concerns
• Specifying network security point-cuts
– Requirements
– Examples
– Language
• Application Example
• Conclusion

3. • Ensuring Trustworthiness and Security in Service
Composition
• http://www.aniketos.eu/
• The research leading to these results has received
funding from the European Union Seventh
Framework Programme (FP7/2007-2013) under
grant no 257930 (Aniketos)

4. • Monitoring; trust and security analysis; recomposition and adaptation

5. Aspect Oriented Programming
• Programming or development paradigm
• Object Oriented Programming
– Encapsulates related data and
functionality all in one place
– Hierarchical classes
• Inheritance
• Generalisation
• Class attribute
– Hard to capture cross-cutting concerns

6. Cross-Cutting Concerns

7. Aspect Oriented Programming
• Orthogonal to Object Oriented
Programming
• Cross-Cutting Concerns
– Similar functionality
– Multiple places throughout
• Example
– Data logging

8. Security Concerns
• Security
– Classic cross-cutting concern
– Apply in many places throughout code
– Requires consistent approach
• Examples
– Authorisation
– Access control
– Data tagging

9. AOP Glossary
• Aspect
– The feature to be added
• Join-Point
– Potential
• Point-Cut
– Actual
• Advice
– Code to be injected
• Aspect weaving
– The process of adding advice to code

10. Join-Points
• Join-points
– Method calls
– Initialisation
– Get/set
• Application
– Before
– After
– Around
• Dictates power of AOP technique

11. Join-Point Example
<pointcut_definition id="c1">
<time>after</time>
<joinpoint_type>
<constructorcall>
<constructor_signature>
<qualified_class_name>
<namespace><type_name>*</type_name></namespace>
<class><identifier_name>FormCipher</identifier_name></class>
</qualified_class_name>
</constructor_signature>
</constructorcall>
</joinpoint_type>
</pointcut_definition>
<advice_definition idAdvice="DandelionAspectAddClient" idTypeOfInjection="StaticInjection">
<assembly>Gryffindor.Aspect.Dandelion.dll</assembly>
<type>Gryffindor.Aspect.Dandelion.DandelionAspect</type>
<behaviour>AddEncrypter</behaviour>
<priority>1</priority>
<pointcut_definitionRef idRef="c1"/>
</advice_definition>

12. Reflection
• Aspects can be inserted at compile time
– Static aspect weaving
• Introspection
– Allow analysis of code at runtime
• Intercession
– Allow code to be altered at runtime
– Insert new code, redefine language
• Allows aspects inserted at runtime
– Dynamic aspect weaving

13. Network Security
• Ideal, in theory
– Apply aspects to services at runtime
– Improve security based on dynamic
composition and policy
• Problematic, in practice
– Point-cuts apply to single codebase
– Applied universally
– Distributed systems need different but
related techniques in different places

14. Encryption Aspects
Communication
Encrypt Decrypt
Communication
• Often need to apply to multiple systems
– Different related aspects
– Not naturally covered by existing join-point
definition languages
• Need language to define this

15. Join-Point Language Requirements
1. Capture sequences of more than two systems
2. Match multiple sets of networked systems
3. Be determinate
4. Based on code and relationship between systems
5. Aspect code related to join-point and existing code

16. Secure Data Forwarding
H H
L L
H L H

17. End-to-End Security
A B B B B A
A B B B B A

18. Separation of Duty
B
A
B
B
A
B

19. Patterns
• We aim to define a language for defining
patterns
• Combine with existing in-code join-point
definitions
• Allow complex relationships between
networked systems to be defined
• Both global and distributed application

20. Multiple Join-Point Definition
• Notation

21. Patterns
• Single template
• Pattern of templates

22. Secure Data Forwarding
H L H

23. End-to-End Security
A B B B B A

24. Separation of Duty
B
A
B

25. AOP Applied to Security
• Client-Server chat application
– Cleartext communication
• Encryption/Decryption service
• Aspects re-route data flow
Communication
– Different aspects for client
and server
Miguel García, David Llewellyn-Jones, Francisco Ortin, Madjid
Merabti, "Applying dynamic separation of aspects to distributed
systems security: a case study", IET Software, Volume 6, Issue
3, pp. 165-282, June 2012.

26. AOP Applied to Security
Communication
Communication
Communication

27. Discussion
• Why choose this method?
– Flexibility
– Aim for all computable sets of networks
– Distributed or centralised
• Practical application
– Definition and aspects still to be combined
• Challenges
– Difficult to define
– Aspects are specialised, not generalised

28. Future Work
• Practical
– Restatement in XML format
– Integrate with join-point definition language
– Reason and apply to real code
• Theoretical
– Measure expressivity of the language
– Formalise currently unspecified aspects
– Define security patterns

29. Conclusion
• Security is a cross-cutting concern
• Existing AOP point-cuts are not designed for
networked systems
• A way of relating aspects to distributed
systems is needed for security
• Propose initial method for defining point-cut
patterns