||Aspect-oriented programming (AOP) has been touted as a promising paradigm for managing complex software-security concerns. Roughly, AOP allows the security-sensitive events in a system to be speci ed separately from core functionality. The events of interest are specified in a pointcut. When a pointcut triggers, control is redirected to advice, which intercepts the event, potentially redirecting it to an error handler. |
Many interesting security properties are history-dependent; however, currently deployed pointcut languages cannot express history-sensitivity. (Mechanisms like cflow in AspectJ capture only the current call stack.) We present a language of pointcuts with past-time temporal operators and discuss their implementation using a variant of security automata. The main result is a proof that the implementation is correct.
AOP is usually presented as an extension of an underlying computational mechanism, but the extension is in no sense conservative. For program analysis, this is in some sense this is the worst of both worlds. We adopt a different approach: refining our earlier work, we de ne a minimal language of events and aspects in which everything is an aspect. The minimalist approach serves to clarify the issues and may be of independent interest.