Modular and secure access control with aspects

Abstract

It is inevitable that some concerns crosscut a sizable application, resulting in code scattering and tangling. This issue is particularly severe for security-related concerns: it is difficult to be confident about the security of an application when the implementation of its security related concerns is scattered all over the code and tangled with other concerns, making global reasoning about security precarious. In this thesis work, we consider the case of access control, a cornerstone of every security architecture, which turns out to be a crosscutting concern with a non-modular implementation based on runtime stack inspection in mainstream languages such as Java and C#. We make use of aspect orientation for the modular definition of access control. More precisely, we design and implement access control, including the advanced features associated to it, in a modular way. We demonstrate that this modular implementation is secure, even in the presence of untrusted aspects. A modular implementation alleviates maintenance and evolution issues produced by the crosscutting nature of access control, and, more importantly, paves the way to global reasoning about access control.