Advertisement

Adding Secure Communication Mechanism to Existing Distributed Applications by means of AOP

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 214)

Abstract

The object-oriented programming paradigm is a process of implementing a program by means of ‘Objects’ into which separate concerns are grouped. However, it does not map some types of concerns such as security, logging and exception handling, which should be implemented in each object separately. As most of the security goals, reliable communication is a non-functional requirement in a distributed system development process, and it typically crosscuts many objects in the distributed architecture. Program codes to realize this secure communication goal is generally spread in different code places throughout the application. Aspect-oriented programming (AOP) is a new programming paradigm that improves program modularity by enabling the separation of concerns from the main logic of the application. For example, in the context of security, developers should not need to encode security logic in the main program; instead, it can be grouped into a separate and independent unit, called as aspects. This paper presents a case study to illustrate how aspect oriented approach can be used to resolve the scattered and tangled concerns, like secure communication, in a previously developed distributed system in which objects communicate with each other via Java RMI. As a java-based aspect oriented tool, AspectJ is used to encapsulate the security related crosscutting concerns like communication. Performance evaluations are tested for adding security aspect to a distributed application. As a result, usage of aspects is a good choice for enhancing system to achieve high cohesion and low coupling, which are one of the main the software engineering requirements. It also enhances the readability of the system and makes system easier to maintain.

References

  1. 1.
    Yang, F., Aotani, T., Masuhara, H., Nielson, F., Nielson, H.R.: Combining static analysis and runtime checking in security aspects for distributed tuple spaces. In: Proceedings of the 13th İnternational Conference on Coordination Models and Languages (COORDINATION’11), Reykjavik, Iceland, pp. 202–218 (2011)Google Scholar
  2. 2.
    Stevenson, A., MacDonald, S.: Smart proxies in Java RMI with dynamic aspect-oriented programming. In: IEEE International Symposium on Parallel and Distributed Processing-IPDPS 2008, pp. 1–6 (2008)Google Scholar
  3. 3.
    Bostrom, G.: Database Encryption as an Aspect. In: Proceedings of the Workshop on AOSD Technology for Application-level Security, UK (2004)Google Scholar
  4. 4.
    Kotrappa, S., Kulkarni, P.J.: Multilevel security using Aspect oriented programming AspectJ. In: International Conference on Advances in Recent Technologies in Communication and Computing (ARTCom), pp. 369–373 (2010)Google Scholar
  5. 5.
    Yang, F., Masuharab, H., Aotanib, T., Nielsona, F., Nielsona, H.R.: AspectKE*: Security Aspects with Program Analysis for Distributed Systems. In: Demonstration Track of the 9th International Conference on Aspect-Oriented Software Development (AOSD’10), Rennes and Saint Malo, France (2010)Google Scholar
  6. 6.
    Sahingoz, O.K.: Secure communication with aspect Oriented approach in distributed system programming. In: Academic IT Conference 2012—Usak, Turkey. 1–3 Feb 2012 (in Turkish)Google Scholar
  7. 7.
    Kiczales, G., Lamping, J., Menhdhekar, A., Maeda, C., Lopes, C., Loingtier, J.-M., Irwin, J.: Aspect-oriented programming. In: Proceedings of the 11th European Conference on Object-Oriented Programming, pp 220—242 (1997)Google Scholar
  8. 8.
    Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An overview of AspectJ, in ECOOP 2001—Object-Oriented Programming 15th European Conference, pp. 327–353. Budapest Hungary, Springer (2001)Google Scholar
  9. 9.
    Toledo, R., Nunez, A., Tanter, E., Noye, J.: Aspectizing Java access control. IEEE Trans. Softw. Eng. 38(1), 101–117 (2012)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2013

Authors and Affiliations

  1. 1.Turkish Air Force AcademyComputer Engineering DepartmentIstanbulTurkey

Personalised recommendations