Abstract

Aspect Oriented Programming (AOP) provides new modularization of software systems through encapsulation of crosscutting functionalities, providing a clear isolation and utilization thereof. The trade-offs are typically a consequence of technical contradictions in requirements. We employ a data structure called a lazy counting based splay tree to analyze the trade-off between the conflicting quality attributes. These contradictions must be conquered in order to achieve breakthrough. The performance of this data structure is verified after considering Cross Site Request Forgery (CSRF) which could be prevented by same-origin policy. The results are promising and show good potential for lazy counting-based splaying, which is capable of analyzing the overall performance of a splay tree compared with a lazy counting-based splay tree and providing interesting results about both.

Keywords:

Aspect-oriented programming, crosscutting functionalities, cross-site request forgery, lazy countingbased splay tree, same-origin policy, trade-off analysis,

References

1. Afek, Y., H. Kaplan, B. Korenfeld, A. Morrison and R.E. Tarjan, 2012. CBTree: A practical concurrent self-adjusting search tree. Proceeding of the 26th International Conference on Distributed Computing (DISC, 2012), pp: 1-15.
   CrossRef    
2. Bell, D.E., 2005. Looking back at the bell-la padula model. Proceeding of the 21st Annual Computer Security Applications Conference, pp: 15-351.
   CrossRef    
3. Boström, G., 2004. A case study on estimating the software engineering properties of implementing database encryption as an aspect. Proceeding of the 3rd International Conference on Aspect-oriented Software Development. Lancaster, UK, pp: 1-6.
   
4. Bronson, N.G., J. Casper, H. Chafi and K. Olukotun, 2010. A practical concurrent binary search tree. Proceeding of the 15th ACM SIGPLAN Symposium on Principals of Parallel Programming.
   CrossRef    
5. De Win, B., B. Vanhaute and B. Decker, 2001. Security through aspect-oriented programming. Proceeding of the IFIP TC11 WG11.4 1st Working Conference on Network Security Advances in Network and Distributed Systems Security. Leuven, Belgium, pp: 125-138.
   
6. De Win, B., B. Vanhaute and B. De Decker, 2002. How aspect oriented programming can help to build secure software. Informatica, 26(2): 141-149.
   
7. Hermosillo, G., R. Gomez, L. Seinturier and L. Duchien, 2007. AProSec: An aspect for programming secure web applications. Proceeding of the 2nd International Conference on Availability, Reliability and Security (ARES'07), pp: 1026-1033.
   CrossRef    
8. Huang, Y.W., F. Yu, C. Hang, C.H. Tsai, D.T. Lee and S.Y. Kuo, 2004. Securing web application code by static analysis and runtime protection. Proceeding of the 13th International Conference on World Wide Web, pp: 40-52.
   CrossRef    
9. Izaki, K., K. Anaka and M. Takizawa, 2001. Information flow control in role- based model for distributed objects. Proceeding of the 8th International Conference on Parallel and Distributed Systems. Kyongju City, Korea, pp: 363-370.
   CrossRef    
10. Kawauchi, K. and H. Masuhara, 2004. Dataflow pointcut for integrity concern. Proceeding of AOSD 2004 Workshop on AOSD Technology for Application Level Security (AOSDSEC).
    
11. Kiczales, G., E. Hilsdale, J. Hugunin, M. Kersten and J. Palm, 2001. Getting started with aspect J. Commun. ACM, 44(10): 59-65.
    CrossRef    
12. Lee, J., K.H. Hsu, S.J. Lee and W. T. Lee, 2012. Discovering early aspects through goals interactions. Proceeding of the 19th Asia-Pacific Software Engineering Conference (APSEC, 2012), 1: 97-106.
    CrossRef    
13. Mourad, A., M.A. Laverdiére and M. Debbabi, 2008. An aspect-oriented approach for the systematic security hardening of code. Comput. Secur., 27(3-4): 101-114.
    CrossRef    
14. Ramachandran, R., D.J. Pearce and I. Welch, 2006. Aspect j for multilevel security. Proceeding of the 5th AOSD Workshop on Aspects, Components and Patterns for Infrastructure Software (ACP4IS). Bonn, Germany.
    
15. Sabelfeld, A. and A.C. Myers, 2003. Language-based information-flow security. IEEE J. Sel. Area. Comm., 21(1): 5-9.
    CrossRef    
16. Simic, B. and J. Walden, 2013. Eliminating SQL injection and cross site scripting using aspect oriented programming. In: Jurjens, J., B. Livshits and R. Scandariato (Eds.), ESSOS 2013. LNCS 7781, Springer-Verlag, Berlin, Heidelberg, pp: 213-228.
    CrossRef    
17. Sleator, D.D. and E.T. Robert, 1985. Self-adjusting binary search trees. J. ACM (JACM), 32(3): 652-686.
    CrossRef    
18. Stewart, J.M., E. Tittel and M. Chapple, 2005. CISSP: Certified Information Systems Security Professional Study Guide. 3rd Edn., Sybex Inc., San Francisco.
    
19. Viega, J., J.T. Bloch and P. Chandra, 2001. Applying aspect-oriented programming to security. Cutter IT J., 14(2): 31-39.
    
20. Wand, M., G. Kiczales and C. Dutchyn, 2004. Semantics for advice and dynamic join points in aspect oriented programming. ACM T. Progr. Lang. Sys. (TOPLAS), 26(5): 890-910.
    CrossRef    
21. Win, B.D., F. Piessens, W. Joosen and T. Verhanneman, 2002. On the importance of the separation-of-concerns principle in secure software engineering. Department of Computer Science, Katholieke Universiteit, Leuven.
    
22. Zdancewic, S., 2004. Challenges for information-flow security. Proceeding of the 1st International Workshop on Programming Language Interference and Dependence (PLID, 2004). Verona, pp: 1-5.
    

Competing interests

The authors have no competing interests.

Open Access Policy

This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Copyright

The authors have no competing interests.