Software Security via Aspect-Oriented Programming?
Jens Palsberg - CERIAS
Sep 19, 1997
AbstractAspect-oriented programming (AOP) aims at improving the quality of software by decreasing the level of code tangling. It has been successfully used for image processing, sparse matrix algorithms, and distributed programming. The observation motivating AOP is that there are design decisions that cannot be captured by writing a function, object, or module. Such design decisions lead to pieces of code that are spread all over the program. For example, the coordination of distributed processes often requires a little bit of code "everywhere". The idea of AOP is write such design decisions as separate so-called aspects, and then use a weaver to produce the actual woven code. Thus, an aspect-oriented program looks like:
For example, an image processing system was first programmed as 756 lines of nice, slow code. Then a highly efficient version was programmed as 35213 lines of code. Third, an AOP version was done by adding 352 lines of aspect code to the nice and slow program. The woven version was only about four times slower than the hand-optimized version, and it allocated much fewer intermediate images. The inventors of AOP claim that:
- an optimizing compiler is unlikely to do as good a job as the aspects
- plus the weaver,
- the weaver is a simple piece of software (in the case studies so far), and
- the basic part of the code stays the same, more or less, when aspects are added. So the message is:
Don't do tangled code and complicated optimizing compilers; instead do separate aspects and simple weavers.
How about software security? Are there security aspects that we can program separately and then weave in afterwards? In this talk I will present aspect-oriented programming with the aim of generating discussion.
Aspect-oriented programming is being developed at Xerox PARC by Gregor Kiczales, John Lamping, Cristina Lopes, and others. The AOP webpage is at: www.parc.xerox.com/aop
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.