Dynamic matching and weaving semantics for executable UML models

To develop more secure software, security concerns should be considered as an essential part of all phases of software development lifecycle. It has been observed that incorporation of security concerns after the completion of software development may result in conflicts between functional and security requirements and leads to severe security vulnerabilities. On the other hand, security is a crosscutting concern and consequently the integration of security solutions at the software design phase may result in scattering and tangling of security features throughout the entire design. Therefore, in the case of large scale software (e.g., hundreds of UML classes), the resulting UML design models may become more complex and difficult to understand. Moreover, adding security manually is tedious and may lead to additional security flaws. Aspect-Oriented Modeling is an appropriate approach to systematically integrate security at the design phase as it allows the separation of crosscutting concerns from the core functionality. In this research work, we provide formal semantics for aspect matching and weaving on executable UML models, particularly for activity diagrams. The semantics is based on a defunctionalized continuation-passing style since it provides a concise and elegant description of aspect-oriented mechanisms. In addition, we have extended our framework and provided semantics for control and data flow pointcuts as these pointcuts are beneficial from a security perspective and are used to detect vulnerabilities related to information flow

Model-Driven Aspect-Oriented Software Security Hardening

Security is of paramount importance in software engineering. Nevertheless, security solutions are generally fitted into existing software as an afterthought phase of the development process. However, given the complexity and the pervasiveness of today's software systems, adding security as an afterthought leads to huge cost in retrofitting security into the software and further can introduce additional vulnerabilities. Furthermore, security is a crosscutting concern that pervades the entire software. Consequently, the manual addition of security solutions may result in the scattering and the tangling of security features throughout the entire software design. Additionally, adding security manually is tedious and generally may lead to other security flaws. In this context, the need for a systematic approach to integrate security practices into the early phases of the software development process becomes crucial. In this thesis, we elaborate an aspect-oriented modeling framework for software security hardening at the UML design level. More precisely, the main contributions of our research are the following: (i) We define a UML profile for the specification of security hardening mechanisms as aspects. (ii) We design and implement a weaving framework for the systematic injection of security aspects into UML design models. (iii) We explore the theoretical foundations for aspect matching and weaving. (iv) We conduct real-life case studies to demonstrate the viability and the scalability of the proposed framework

Pluggable AOP: Designing Aspect Mechanisms for Third-party Composition

Studies of Aspect-Oriented Programming (AOP) usually focus on a language in which a specific aspect extension is integrated with a base language. Languages specified in this manner have a fixed, non-extensible AOP functionality. In this paper we consider the more general case of integrating a base language with a set of domain specific third-party aspect extensions for that language. We present a general mixin-based method for implementing aspect extensions in such a way that multiple, independently developed, dynamic aspect extensions can be subject to third-party composition and work collaboratively

FOAL 2002 Proceedings: Foundations of Aspect-Oriented Langauges Workshop at AOSD 2002

Aspect-oriented programming is a new area in software engineering and programming languages that promises better support for separation of concerns. The first Foundations of Aspect-Oriented Languages (FOAL) workshop was held at the 1st International Conference on Aspect-Oriented Software Development in Enschede, The Netherlands, on April 22, 2002. This workshop was designed to be a forum for research in formal foundations of aspect-oriented programming languages. The call for papers announced the areas of interest for FOAL as including, but not limited to: formal semantics, formal specification, verification, theory of testing, aspect management, theory of aspect composition, and aspect translation and rewriting. The call for papers welcomed all theoretical and foundational studies of this topic. The goals of this FOAL workshop were to: • Explore the formal foundations of aspect-oriented programming. • Exchange ideas about semantics and formal methods for aspect-oriented programming languages. • Foster interest in the programming language theory communities concerning aspects and aspect- oriented programming languages. • Foster interest in the formal methods community concerning aspects and aspect-oriented programming. In addition, we hoped that the workshop would produce an outline of collaborative research topics and a list of areas for further exploration. The papers at the workshop, which are included in the proceedings, were selected from papers submitted by researchers worldwide. Due to time limitations at the workshop, not all of the submitted papers were selected for presentation

Doctor of Philosophy

dissertationDomain-specific languages (DSLs) are increasingly popular, and there are a variety of ways to create a DSL. A DSL designer might write an interpreter from scratch, compile the DSL to another language, express DSL concepts using only the existing forms of an existing language, or implement DSL constructs using a language's extension capabilities, including macros. While extensible languages can offer the easiest opportunity for creating a DSL that takes advantage of the language's existing infrastructure, existing tools for debugging fail to adequately adapt the debugging experience to a given domain. This dissertation addresses the problem of debugging DSLs defined with macros and describes an event-oriented approach that works well with a macro-expansion view of language implementation. It pairs the mapping of DSL terms to host terms with an event mapping to convert primitive events back to domain-specific concepts. Domain-specific events can be further inspected or manipulated to construct domain-specific debuggers. This dissertation presents a core model of evaluation and events and also presents a language design-analogous to pattern-based notations for macros, but in the other direction-for describing how events in a DSL's expansion are mapped to events at the DSL's level. The domain-specific events can enable useful, domain-specific debuggers, and the dissertation introduces a design for a debugging framework to help with debugger construction. To validate the design of the debugging framework, a debugging framework, Ripple, is implemented, and this dissertation demonstrates that with a modest amount of work, Ripple can support building domain-specific debuggers

An Expressive Stateful Aspect Language

Abstract Stateful aspects can react to a program execution; they support modular implementations of several crosscutting concerns like error detection, security, event handling, and debugging. However, most proposed stateful aspect languages have specifically been tailored to address a particular concern. Indeed, most of these languages differ in their pattern languages and semantics. As a consequence, developers need to tweak aspect definitions in contortive ways or create new specialized stateful aspect languages altogether if their specific needs are not supported. In this paper, we describe ESA, an expressive stateful aspect language, in which the pattern language is Turing-complete and patterns themselves are reusable, composable first-class values. In addition, the core semantic elements of every aspect in ESA is open to customization. We describe ESA in a typed functional language. We use this description to develop a concrete and practical implementation of ESA for JavaScript. With this implementation, we illustrate the expressiveness of ESA in action with examples of diverse scenarios and expressing semantics of existing stateful aspect languages

Un interpréteur extensible pour le prototypage des langages d'aspects

The value of using different (possibly domain-specific) aspect languages to deal with a variety of crosscutting concerns in the development of complex software systems is well recognized. One should be able to use several of these languages together in a single program. However, on the one hand, developing a new Domain-Specific Aspect Language (DSAL) in order to capture all common programming patterns of the domain takes a lot of time, and on the other hand, the designer of a new language should manage the interactions with the other languages when they are used together. In this thesis, we introduce support for rapid prototyping and composing aspect languages based on interpreters. We start from a base interpreter of a subset of Java and we analyze and present a solution for its modular extension to support AOP based on a common semantics aspect base defined once and for all. The extension, called the aspect interpreter, implements a common aspect mechanism and leaves holes to be defined when developing concrete languages. The power of this approach is that the aspect languages are directly implemented from their operational semantics. This is illustrated by implementing a lightweight version of AspectJ. To apply the same approach and the same architecture to full Java without changing its interpreter (JVM), we reuse AspectJ to perform a first step of static weaving, which we complement by a second step of dynamic weaving, implemented through a thin interpretation layer. This can be seen as an interesting example of reconciling interpreters and compilers. We validate our approach by describing prototypes for AspectJ, EAOP, COOL and a couple of other DSALs and demonstrating the openness of our AspectJ implementation with two extensions, one dealing with dynamic scheduling of aspects and another with alternative pointcut semantics. Different aspect languages implemented with our framework can be easily composed. Moreover, we provide support for customizing this composition.L'intérêt de l'utilisation de différents langages d'aspects pour faire face à une variété de préoccupations transverses dans le développement de systèmes logiciels complexes est reconnu. Il faudrait être capable d'utiliser plusieurs de ces langages dans un seul logiciel donné. Cependant, d'une part la phase de développement d'un nouveau langage dédié capturant tous les patrons de programmation du domaine prend beaucoup de temps et, d'autre part, le concepteur doit gérer les interactions avec les autres langages quand ils sont utilisés simultanément. Dans cette thèse, nous introduisons un support pour le prototypage rapide et la composition des langages d'aspects, basé sur des interpréteurs. Nous partons d'un interpréteur d'un sous-ensemble de Java en étudiant et en définissant son extension modulaire afin de supporter la programmation par aspects en se basant sur une sémantique d'aspects partagée. Dans l'interpréteur d'aspects, nous avons implémenté des mécanismes communs aux langages d'aspects en laissant des trous à définir pour implémenter des langages d'aspects concrets. La puissance de cette approche est de permettre d'implémenter directement les langages à partir de leur sémantique. L'approche est validée par l'implémentation d'une version légère d'AspectJ. Pour appliquer la même approche et la même architecture à Java sans modifier son interpréteur (JVM), nous réutilisons AspectJ pour effectuer une première étape de tissage statique, qui est complétée par une deuxième étape de tissage dynamique, implémentée par une mince couche d'interprétation. C'est un exemple montrant l'intérêt qu'il peut y avoir à concilier interprétation et compilation. Des prototypes pour AspectJ, EAOP, COOL et des langages dédiés simples, valident notre approche. Nous montrons le caractère ouvert de notre implémentation d'AspectJ en décrivant deux extensions: la première permet l'ordonnancement dynamique des aspects, la deuxième propose des sémantiques alternatives pour les points de coupe. Les langages d'aspects implémentés avec notre approche peuvent être facilement composés. En outre, cette composition peut être personnalisée