Jens Palsberg - CERIAS
Sep 19, 1997
"Software Security via Aspect-Oriented Programming?"
Aspect-oriented programming (AOP) aims at improving the quality of software by decreasing the level of code tangling. It has been successfully used for image processing, sparse matrix algorithms, and distributed programming. The observation motivating AOP is that there are design decisions that cannot be captured by writing a function, object, or module. Such design decisions lead to pieces of code that are spread all over the program. For example, the coordination of distributed processes often requires a little bit of code "everywhere". The idea of AOP is write such design decisions as separate so-called aspects, and then use a weaver to produce the actual woven code. Thus, an aspect-oriented program looks like:
basic code + one or more aspects
For example, an image processing system was first programmed as 756 lines of nice, slow code. Then a highly efficient version was programmed as 35213 lines of code. Third, an AOP version was done by adding 352 lines of aspect code to the nice and slow program. The woven version was only about four times slower than the hand-optimized version, and it allocated much fewer intermediate images. The inventors of AOP claim that:
Don't do tangled code and complicated optimizing compilers; instead do separate aspects and simple weavers.
- an optimizing compiler is unlikely to do as good a job as the aspects
- plus the weaver,
- the weaver is a simple piece of software (in the case studies so far), and
- the basic part of the code stays the same, more or less, when aspects are added. So the message is:
How about software security? Are there security aspects that we can program separately and then weave in afterwards? In this talk I will present aspect-oriented programming with the aim of generating discussion.
Aspect-oriented programming is being developed at Xerox PARC by Gregor Kiczales, John Lamping, Cristina Lopes, and others. The AOP webpage is at: www.parc.xerox.com/aop
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...