guest lecture for software architecture course –ht2009 ...€¦ · guest lecture for software...
TRANSCRIPT
![Page 1: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/1.jpg)
Guest lecture for Software Architecture course – HT2009
Phu H. Phung, [email protected]
October 09th 2009
Acknowledgements: Erik Hilsdale, Gregor Kiczales, Martin Giese
![Page 2: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/2.jpg)
ASPECTASPECT--ORIENTED PROGRAMMINGORIENTED PROGRAMMING
� This lecture is to
introduce the overview
concept of AOP, the
language/tools and the
speaker’s research
related to AOP
Why AOP?
Key points
Language & Tools
AOP and Security
Summary
![Page 3: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/3.jpg)
![Page 4: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/4.jpg)
A modularized function example: A modularized function example:
XML parsing in Apache TomcatXML parsing in Apache Tomcat
All in one class
![Page 5: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/5.jpg)
A nonA non--modularized function example: modularized function example:
Logging in Apache TomcatLogging in Apache Tomcat
Logging is not modularized and appears in almost every class
![Page 6: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/6.jpg)
A nonA non--modularized function example: modularized function example:
Session Session ExpirationExpiration in Apache Tomcatin Apache Tomcat
Logging and Session Expiration in Tomcat are examples of tangled code
![Page 7: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/7.jpg)
Tangled code Tangled code difficultiesdifficulties
� Redundant
� Repeated code in many places
� Difficult to reason about� non-explicit structure
� the big picture of the tangling isn’t clear
� Difficult to change� have to find all the code involved
� and be sure to change it consistently
� and be sure not to break it by accident
![Page 8: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/8.jpg)
Software concernsSoftware concerns
Separation of concerns Crosscutting concerns
� A complex system consists of distinct parts call
concerns
� Represented by new
abstractions such as
modules, classes
� These abstractions are separate and independent
� Implementations cut across multiple
abstractions in a system
� Code is tangled in almost
everywhere in a system
![Page 9: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/9.jpg)
The goal of AOPThe goal of AOPis to capture the structure of crosscutting concerns is to capture the structure of crosscutting concerns explicitlyexplicitly
Aspects are well-modularized crosscutting concerns
Aspects
![Page 10: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/10.jpg)
AOP benefitsAOP benefits
� good modularity, even for crosscutting concerns
� less tangled code
� more natural code
� shorter code
� easier maintenance and evolution
� easier to reason about, debug, change
� more reusable
� library aspects
� plug and play aspects when appropriate
![Page 11: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/11.jpg)
![Page 12: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/12.jpg)
AOP ideaAOP idea
� Capture the structure of crosscutting
concerns explicitly
� implementation cutting cross multiple abstractions in a system, e.g. logging
� Embed additional code at execution points
matching certain conditions
� i.e. adding function name when logging a system call
![Page 13: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/13.jpg)
A new concept: Join pointA new concept: Join point
� A dynamic execution point of the program,
e.g:
� Method calls
� Constructor calls
� Property access (read/write)
� Exceptions
� …
![Page 14: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/14.jpg)
Join point examplesJoin point examples
a Figure
a Line
and returns or throws
a method is called
dispatch
dispatch
a method is called
and a returns or throws
a method executes
and returnsor throws
![Page 15: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/15.jpg)
ConstructsConstructs
� Point-cut
� Collections of joint points and values at points
� Advice
� declare that certain code should execute at each of the join points in the pointcut
� The additional code can be inserted before, after or even instead of existing code
� Aspect
� point-cut + advice + member declarations
![Page 16: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/16.jpg)
before( {target: window, method: 'alert'},
function() {
log('AOP test: window.alert is invoked');
}
);
A simple AOP exampleA simple AOP example
A point cut
Advice(additional code at an
execution point)
Advice types:before, after, around
![Page 17: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/17.jpg)
More about AdviceMore about Advice
![Page 18: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/18.jpg)
![Page 19: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/19.jpg)
ImplementationImplementation
� Using a tool called aspect weaver to weave
the advice code into the main program code.
Main program
Aspects
Woven program with the aspects
Aspect
weaver
![Page 20: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/20.jpg)
Hello World ExampleHello World Example
//file Hello.javapublic class Hello{
void greeting(){System.out.println(“Hello World!”);
}public static void main(String[] args){
new Hello.greeting();}
}
javac Hello.java
java Hello
Hello World!
C:\>
C:\>
C:\>
![Page 21: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/21.jpg)
An aspect example (An aspect example (AspectJAspectJlanguage)language)
//file HelloAspect.javapublic aspect GreetingAspect{
void before(): call(void Hello.greeting()){System.out.print(“AOP test: ”);
}}
ajc Hello.java HelloAspect.java
java Hello
AOP test: Hello World!
C:\>
C:\>
C:\>
AspectJ compiler
![Page 22: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/22.jpg)
AspectJAspectJlanguagelanguage
� An aspect-oriented language for Java� Legal AspectJ programs run on standard Java runtime environment
� The concept of AOP was originated by Gregor Kiczalesand his team at Xerox PARC� AspectJ was originally developed by the team, launched in 1998
� First versions in 2000
� http://eclipse.org/aspectj since 2002
� The original Xerox AspectJ implementation used source weaving
� AspectJ was re-implemented using the Eclipse Java compiler and a byte-code weaver based on The Byte Code Engineering Library (BCEL)
![Page 23: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/23.jpg)
AOP development toolsAOP development tools
� AspectJ - aspect-oriented extension to Java
� Eclipse IDE support for AspectJ
� IDE support for emacs, Netbeans, and Jbuilder
� AspectWerkz� Dynamic, lightweight and high-performance AOP/AOSD framework for
Java. (from March 2005 Aspectwekz has been merged with AspectJ)
� JBoss-AOP � Java AOP architecture used for the JBOSS application server.
� Spring� provide a close integration between AOP implementation and Spring IoC
to help solve common problems in enterprise applications.
� Glassbox� open source application troubleshooting tool for application monitoring.
![Page 24: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/24.jpg)
Other AOP implementationsOther AOP implementations
� Flash ActionScript 2.0
� C/C++
� C#/VB.NET
� Cobol
� Cocoa
� ColdFusion
� Common Lisp
� Delphi
� UML 2.0
� Java
� JavaScript
� Perl
� PHP
� Python
� …
More on www.aosd.net
![Page 25: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/25.jpg)
Summary from the speaker’s research
![Page 26: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/26.jpg)
Conventional security mechanismsConventional security mechanisms
� Firewall
� Cryptography
� Access control
� System calls/
privileged mode
Treat programs as black box,Treat programs as black box,Treat programs as black box,Treat programs as black box,cannot address vuneralbilities inside a programcannot address vuneralbilities inside a programcannot address vuneralbilities inside a programcannot address vuneralbilities inside a program
Melissa (1999)in Ms Outlook
Samy (2005)in MySpace
![Page 27: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/27.jpg)
LanguageLanguage--based securitybased security
� Looking inside a program to enforce security
� Before execution
� analyze the code to ensure it is safe
� rewrite the code to avoid potential harm
� During execution
� monitor security-relevant events and stop the event violating security
� audit the code and take policing action if it did harm
![Page 28: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/28.jpg)
Security Policy Enforcement by Security Policy Enforcement by Program TransformationProgram Transformation
� New code will be added in security-relevant actions or events to check the program respects the security policies� the modified program is guaranteed not to violate the policy
![Page 29: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/29.jpg)
Research questionsResearch questions
� Can AOP be applied into security policy enforcement?
� What classes of security policies that the
AOP technique can be defined and
enforced?
� How mature is the security assurance
provided by the approach?
![Page 30: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/30.jpg)
Study in the context of vehicle softwareStudy in the context of vehicle software
� Study the application of fine-grained security
policy enforcement in vehicle systems� Using AOP technique and deploying the approach in the
vehicle systems
� Considering the application in the context of vehicle telematics/infotainment systems under the OSGi standard
� a telematics client application can be downloaded and
installed over the air from a control centre
� OSGi: Open Services Gateway initiative
![Page 31: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/31.jpg)
A motivating exampleA motivating example
� “A third party service (in an on-board vehicle computer) needs to be able to send SMS messages in order to function properly”� possible problems of the application
� could be malicious, e.g. send to many messages
� may has bugs, e.g. repeatedly send messages
� high cost when abroad
� Need for more fire-grained security policy, e.g.� allow a third party application to access SMS service but
restricted receipt address, with a limit on the number of messages per day, and depending on the vehicle’s location
![Page 32: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/32.jpg)
The deployment modelThe deployment model
![Page 33: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/33.jpg)
Study resultsStudy results
� How various sorts of security policies are categorised and described in AspectJ has been illustrated
� Resulted in the first study of security policy enforcement using an aspect-oriented programming language in an open system like the OSGi framework� based on the more industrially well-know language without defining
any new policy languages
![Page 34: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/34.jpg)
Study in the context of JavaScript securityStudy in the context of JavaScript security
� The concern problems� Injected (untrusted) JavaScript code (e.g.
Cross-Site Scritping-XSS) � A malicious user (the attacker) injects
potentially dangerous JavaScript code into a webpage via data entry in the webpage, e.g.: blog, forum, webmail
� Third party scripts (e.g. advertisement, mashup web applications)
� Buggy code
![Page 35: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/35.jpg)
Previous solutionsPrevious solutions
Server Filtering for Script Detection� detect and remove potential malicious scripts
Problems
� Parser mismatch problem: filter does not always parse in the same way as browser
c.f. Samy / MySpace
� Dynamic scripts problematic...
![Page 36: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/36.jpg)
Dynamic scripts problematicDynamic scripts problematic
<script>
document.write(‘<scr’);
document.write(‘ipt> malic’);
var i= 1;
document.write(‘ious code; </sc’);
document.write(‘ript>’);
</script>
<script> malicious code; </script>
![Page 37: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/37.jpg)
Dynamic scripts problematicDynamic scripts problematic
%61%6C%65%72%74%28%27%58%5
3%53%27%29%3B%0A%0A
alert(‘XSS’)
var abcxyz = window.alert;
abcxyz(‘XSS’);
eval(“alert(‘XSS’)”);
(function(){
return this;})().alert(‘XSS’);
![Page 38: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/38.jpg)
Previous solutionsPrevious solutions
Behavioural Control:Don’t try to detect bad scripts, just prevent bad behaviour
• Modify browser with reference monitor
•Transform code at runtime to make it safe
• Requires browser modification, e.g. BEEP
• Limited policies
• Parser mismatch problem
• Dynamic code
⇒ runtime transformation
⇒high overhead
e.g. BrowserShield
![Page 39: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/39.jpg)
Our solution: Our solution: Lightweight SelfLightweight Self--Protecting JavaScriptProtecting JavaScript
� “inline” the policy into the JavaScript code so
that the code becomes self-protecting
� The policy enforcement is implemented in a
lightweight manner � does not require browser modification
� non invasive: the original code (and any dynamically generated code) is not syntactically modified
� its implementation is a small and simple adaptation of an aspect-oriented programming library
![Page 40: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/40.jpg)
var wrap = function(pointcut, Policy) {
var source = (typeof(pointcut.target.prototype) != 'undefined‘)?
pointcut.target.prototype : pointcut.target;
var method = pointcut.method;
var original = source[method];
var aspect = function() {
var invocation = { object: this, args: arguments };
return Policy.apply(invocation.object,
[{ arguments: invocation.args,
method: method,
proceed : function(){ return original.apply(
invocation.object, invocation.args);}}] );
};
source[method] = aspect;
return aspect;
};
JavaScript AOP weaving JavaScript AOP weaving ( Adapt ( Adapt jQueryjQueryAOP)AOP)
Store the original method
Apply the policy
Control the original method
![Page 41: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/41.jpg)
Enforcement methodEnforcement method
alert implementation
JavaScript execution environment(e.g. browsers)
Native implementations
code pointers User functions
alert(..) window.alert
alert wrapper(+policy code)
Attacker code
alert = function(){...};
alert wrapper
unique
![Page 42: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/42.jpg)
A realizationA realization
� Structure of a webpage containing policy enforcement code
� Policies are located in the first script tag
� Policy enforcement is applied for the rest of code
The enforcement code can be deployed in any sides: server side, proxy or plug-in
![Page 43: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/43.jpg)
EffectivenessEffectiveness
� Defend real-world exploits� phpBB 2.0.18 vulnerabilities – a stored XSS attack
(see demo)
� WebCal vulnerabilities –a reflected XSS attack
� Can enforce application-specific policies� Using building blocks, i.e. security policy patterns
![Page 44: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/44.jpg)
Summary about AOPSummary about AOP
� Motivation for AOP
� Remember: is not to replace (but to supplement) the existing programming paradigms e.g. OOP
� Crosscutting concerns
� Aspects
� Joint-point, point-cut, and advice
� AOP implementations
![Page 45: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/45.jpg)
Further research directionsFurther research directions
� Security policy enforcement for multi-
threads, e.g. in OSGi
� Case studies for particular web
application security
� Securing AOP
![Page 46: Guest lecture for Software Architecture course –HT2009 ...€¦ · Guest lecture for Software Architecture course –HT2009 PhuH. Phung, phu.phung@chalmers.se October 09th 2009](https://reader030.vdocuments.site/reader030/viewer/2022041111/5f11eb1342b3d37a4a31a211/html5/thumbnails/46.jpg)