One step closer to modularizing security code

Eric | January 29, 2013

In my group we worry a lot about what the future of secure software engineering is going to look like, and we are trying to shape that future for the better by developing tools, methods and programming languages that support a secure software design and implementation. One thing we have noticed over the past years is that many current applications and frameworks suffer from the fact that their security-related code is scattered throughout the program, and tangled with other code that is not at all related to security. From all the talk about AOP, we know that scattering and tangling can have detrimental effects, but this is especially true when talking about security. The repeated news reports about zero-day vulnerabilities in the JDK, for example, are just one instance of that problem.

Aspects are meant to modularize crosscutting concerns. So why not just use AspectJ to modularize all security code? In principle yes, I guess that would be a step into the right direction. But it cannot solve the whole problem. One problem is the well-known fragile pointcut problem. As base logic changes, pointcuts need to be updated. One of the problems with the JDK, for instance, was that new code was added without putting appropriate security checks in place. That’s pretty much the same problem we are talking about. Someone still needs to say where checks need to go! Read the rest of this entry »

Comments Off on One step closer to modularizing security code