An aspect-oriented framework for systematic security hardening of software

In this thesis, we address the problems related to the security hardening of open source software. Accordingly, we first propose an aspect-oriented and pattern-based approach for systematic security hardening. It is based on the full separation between the roles and duties of the security experts an...

Full description

Bibliographic Details
Main Author: Mourad, Azzam
Format: Others
Published: 2008
Online Access:http://spectrum.library.concordia.ca/976216/1/NR63365.pdf
Mourad, Azzam <http://spectrum.library.concordia.ca/view/creators/Mourad=3AAzzam=3A=3A.html> (2008) An aspect-oriented framework for systematic security hardening of software. PhD thesis, Concordia University.
id ndltd-LACETR-oai-collectionscanada.gc.ca-QMG.976216
record_format oai_dc
spelling ndltd-LACETR-oai-collectionscanada.gc.ca-QMG.9762162013-10-22T03:47:51Z An aspect-oriented framework for systematic security hardening of software Mourad, Azzam In this thesis, we address the problems related to the security hardening of open source software. Accordingly, we first propose an aspect-oriented and pattern-based approach for systematic security hardening. It is based on the full separation between the roles and duties of the security experts and the developers performing the hardening. Such proposition constitutes a bridge that allows the security experts to provide the best solutions to particular security problems with the details on why, how and where to apply them. Moreover, it allows the developers to use these solutions to harden open source software without the need to have high security expertise. We realize the proposed approach by elaborating a programming independent and aspect-oriented based language for security hardening called SHL, developing its corresponding parser, compiler and facilities and integrating all of them into a framework for software security hardening. We also illustrate the feasibility of the elaborated framework by developing several security hardening case studies that deal with known security requirements and vulnerabilities and applying them on large scale software. Second, we enrich SHL and the aspect-oriented languages with new pointcut and primitive constructs ( GAFlow, GDFlow, ExportParameter and ImportParameter ) that provide features missing in the current AOP proposals and needed for systematic security hardening concerns. We also explore the viability of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies. Finally, we improve the proposed framework by proposing a new approach for applying security hardening on the Gimple representation of software and elaborating formal syntax for SHL and Gimple together with an operational semantics for SHL weaving based on Gimple. We realize our proposition by integrating into the GCC compiler few features described in the SHL weaving semantics and developing a demonstrative case study 2008 Thesis NonPeerReviewed application/pdf http://spectrum.library.concordia.ca/976216/1/NR63365.pdf Mourad, Azzam <http://spectrum.library.concordia.ca/view/creators/Mourad=3AAzzam=3A=3A.html> (2008) An aspect-oriented framework for systematic security hardening of software. PhD thesis, Concordia University. http://spectrum.library.concordia.ca/976216/
collection NDLTD
format Others
sources NDLTD
description In this thesis, we address the problems related to the security hardening of open source software. Accordingly, we first propose an aspect-oriented and pattern-based approach for systematic security hardening. It is based on the full separation between the roles and duties of the security experts and the developers performing the hardening. Such proposition constitutes a bridge that allows the security experts to provide the best solutions to particular security problems with the details on why, how and where to apply them. Moreover, it allows the developers to use these solutions to harden open source software without the need to have high security expertise. We realize the proposed approach by elaborating a programming independent and aspect-oriented based language for security hardening called SHL, developing its corresponding parser, compiler and facilities and integrating all of them into a framework for software security hardening. We also illustrate the feasibility of the elaborated framework by developing several security hardening case studies that deal with known security requirements and vulnerabilities and applying them on large scale software. Second, we enrich SHL and the aspect-oriented languages with new pointcut and primitive constructs ( GAFlow, GDFlow, ExportParameter and ImportParameter ) that provide features missing in the current AOP proposals and needed for systematic security hardening concerns. We also explore the viability of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies. Finally, we improve the proposed framework by proposing a new approach for applying security hardening on the Gimple representation of software and elaborating formal syntax for SHL and Gimple together with an operational semantics for SHL weaving based on Gimple. We realize our proposition by integrating into the GCC compiler few features described in the SHL weaving semantics and developing a demonstrative case study
author Mourad, Azzam
spellingShingle Mourad, Azzam
An aspect-oriented framework for systematic security hardening of software
author_facet Mourad, Azzam
author_sort Mourad, Azzam
title An aspect-oriented framework for systematic security hardening of software
title_short An aspect-oriented framework for systematic security hardening of software
title_full An aspect-oriented framework for systematic security hardening of software
title_fullStr An aspect-oriented framework for systematic security hardening of software
title_full_unstemmed An aspect-oriented framework for systematic security hardening of software
title_sort aspect-oriented framework for systematic security hardening of software
publishDate 2008
url http://spectrum.library.concordia.ca/976216/1/NR63365.pdf
Mourad, Azzam <http://spectrum.library.concordia.ca/view/creators/Mourad=3AAzzam=3A=3A.html> (2008) An aspect-oriented framework for systematic security hardening of software. PhD thesis, Concordia University.
work_keys_str_mv AT mouradazzam anaspectorientedframeworkforsystematicsecurityhardeningofsoftware
AT mouradazzam aspectorientedframeworkforsystematicsecurityhardeningofsoftware
_version_ 1716608111165308928