Model-Driven Aspect-Oriented Software Security Hardening

Security is of paramount importance in software engineering. Nevertheless, security solutions are generally fitted into existing software as an afterthought phase of the development process. However, given the complexity and the pervasiveness of today's software systems, adding security as an afterthought leads to huge cost in retrofitting security into the software and further can introduce additional vulnerabilities. Furthermore, security is a crosscutting concern that pervades the entire software. Consequently, the manual addition of security solutions may result in the scattering and the tangling of security features throughout the entire software design. Additionally, adding security manually is tedious and generally may lead to other security flaws. In this context, the need for a systematic approach to integrate security practices into the early phases of the software development process becomes crucial. In this thesis, we elaborate an aspect-oriented modeling framework for software security hardening at the UML design level. More precisely, the main contributions of our research are the following: (i) We define a UML profile for the specification of security hardening mechanisms as aspects. (ii) We design and implement a weaving framework for the systematic injection of security aspects into UML design models. (iii) We explore the theoretical foundations for aspect matching and weaving. (iv) We conduct real-life case studies to demonstrate the viability and the scalability of the proposed framework

Uniform support for modeling crosscutting structure

We propose bottom-up support for modeling crosscutting structure in UML by adding a simple join point model to the meta-model. This supports built-in crosscutting modeling constructs such as class and sequence diagrams, collaborations, and state machines. It also facilitates adding new kinds of crosscutting modeling constructs such inter-type declarations and advice. A simple planner tool produces a uniform representation of the crosscutting structure, which can then be displayed or analyzed in a variety of ways. We demonstrate a couple of simple automated analysis tools which take advantage of the exposed crosscutting structure. We also discuss how support for advice could be added to the meta-model and planner, and the semantic differences between advice in UML and AspectJ. ii Content

Uniform support for modeling crosscutting structure

We propose bottom-up support for modeling crosscutting structure in UML by adding a simple join point model to the meta-model. This supports built-in crosscutting modeling constructs such as class and sequence diagrams, collaborations, and state machines. It also facilitates adding new kinds of crosscutting modeling constructs such inter-type declarations and advice. A simple planner tool produces a uniform representation of the crosscutting structure, which can then be displayed or analyzed in a variety of ways. We demonstrate a couple of simple automated analysis tools which take advantage of the exposed crosscutting structure. We also discuss how support for advice could be added to the meta-model and planner, and the semantic differences between advice in UML and Aspect J.Science, Faculty ofComputer Science, Department ofGraduat

Uniform Support for Modeling Crosscutting Structure

A simple join point model supports crosscutting among different perspectives of a model, including class diagrams, sequence diagrams, advice, inter-type declarations and role-bindings. A simple weaver works to coordinate the crosscutting structure across the model elements. Coordination involves resolving the separate crosscutting structures to find all interactions between join points. This woven structure is represented as a simple extension to the UML meta-model, which makes it easily accessible to the modeling environment and other tools. Simple and uniform access to the woven structure enables aggregate analysis and reasoning about the crosscutting in the model. This can range from simple visual hyperlinks between crosscutting model elements to more elaborate structures such as net sequence diagrams. The woven structure can also be opened to direct queries from the user, to aid in model development. 1