Login | Register

An aspect-oriented framework for systematic security hardening of software


An aspect-oriented framework for systematic security hardening of software

Mourad, Azzam (2008) An aspect-oriented framework for systematic security hardening of software. PhD thesis, Concordia University.

[thumbnail of NR63365.pdf]
Text (application/pdf)
NR63365.pdf - Accepted Version


In this thesis, we address the problems related to the security hardening of open source software. Accordingly, we first propose an aspect-oriented and pattern-based approach for systematic security hardening. It is based on the full separation between the roles and duties of the security experts and the developers performing the hardening. Such proposition constitutes a bridge that allows the security experts to provide the best solutions to particular security problems with the details on why, how and where to apply them. Moreover, it allows the developers to use these solutions to harden open source software without the need to have high security expertise. We realize the proposed approach by elaborating a programming independent and aspect-oriented based language for security hardening called SHL, developing its corresponding parser, compiler and facilities and integrating all of them into a framework for software security hardening. We also illustrate the feasibility of the elaborated framework by developing several security hardening case studies that deal with known security requirements and vulnerabilities and applying them on large scale software. Second, we enrich SHL and the aspect-oriented languages with new pointcut and primitive constructs ( GAFlow, GDFlow, ExportParameter and ImportParameter ) that provide features missing in the current AOP proposals and needed for systematic security hardening concerns. We also explore the viability of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies. Finally, we improve the proposed framework by proposing a new approach for applying security hardening on the Gimple representation of software and elaborating formal syntax for SHL and Gimple together with an operational semantics for SHL weaving based on Gimple. We realize our proposition by integrating into the GCC compiler few features described in the SHL weaving semantics and developing a demonstrative case study

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Electrical and Computer Engineering
Item Type:Thesis (PhD)
Authors:Mourad, Azzam
Pagination:xvi, 201 leaves : ill. ; 29 cm.
Institution:Concordia University
Degree Name:Ph. D.
Program:Electrical and Computer Engineering
Thesis Supervisor(s):Debbabi, Mourad
Identification Number:LE 3 C66E44P 2008 M68
ID Code:976216
Deposited By: Concordia University Library
Deposited On:22 Jan 2013 16:21
Last Modified:13 Jul 2020 20:09
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top