Skip to main content
Springer Nature Link
Log in

Combining Static Analysis and Runtime Checking in Security Aspects for Distributed Tuple Spaces

  • Conference paper
Coordination Models and Languages (COORDINATION 2011)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6721))

Included in the following conference series:

Abstract

Enforcing security policies to distributed systems is difficult, in particular, to a system containing untrusted components. We designed AspectKE*, an aspect-oriented programming language based on distributed tuple spaces to tackle this issue. One of the key features in AspectKE* is the program analysis predicates and functions that provide information on future behavior of a program. With a dual value evaluation mechanism that handles results of static analysis and runtime values at the same time, those functions and predicates enable the users to specify security policies in a uniform manner. Our two-staged implementation strategy gathers fundamental static analysis information at load-time, so as to avoid performing all analysis at runtime. We built a compiler for AspectKE*, and successfully implemented security aspects for a distributed chat system and an electronic healthcare record workflow system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Allan, C., Avgustinov, P., Christensen, A., Hendren, L., Kuzins, S., Lhoták, O., de Moor, O., Sereni, D., Sittampalam, G., Tibble, J.: Adding trace matching with free variables to AspectJ. In: OOPSLA 2005, p. 364. ACM, New York (2005)

    Google Scholar 

  2. Aotani, T., Masuhara, H.: SCoPE: an AspectJ compiler for supporting user-defined analysis-based pointcuts. In: AOSD 2007, pp. 161–172. ACM, New York (2007)

    Google Scholar 

  3. Bauer, L., Ligatti, J., Walker, D.: Composing security policies with Polymer. In: PLDI 2005, pp. 305–314. ACM, New York (2005)

    Google Scholar 

  4. Bettini, L., De Nicola, R.: A Java Middleware for Guaranteeing Privacy of Distributed Tuple Spaces. In: Guelfi, N., Astesiano, E., Reggio, G. (eds.) FIDJI 2002. LNCS, vol. 2604, pp. 175–184. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. Bettini, L., De Nicola, R.: Mobile Distributed Programming in X-Klaim. In: Bernardo, M., Bogliolo, A. (eds.) SFM-Moby 2005. LNCS, vol. 3465, pp. 29–68. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  6. Bettini, L., De Nicola, R., Pugliese, R.: Klava: a Java package for distributed and mobile applications. Software-Practice and Experience 32(14), 1365–1394 (2002)

    Article  MATH  Google Scholar 

  7. Bodden, E., Havelund, K.: Aspect-oriented Race Detection in Java. IEEE Transactions on Software Engineering (2010)

    Google Scholar 

  8. Bruneton, E., Lenglet, R., Coupaye, T.: ASM: a code manipulation tool to implement adaptable systems. In: Proceedings of the ASF (ACM SIGOPS France) Journees Composants 2002: Adaptable and Extensible Component Systems (2002)

    Google Scholar 

  9. Canadian Institutes of Health Research. Secondary Use of Personal Information in Health Research: Case Studies. Public Works and Government Services Canada (2002)

    Google Scholar 

  10. Cannon, B., Wohlstadter, E.: Enforcing security for desktop clients using authority aspects. In: AOSD 2009, pp. 255–266. ACM, New York (2009)

    Google Scholar 

  11. Chiba, S., Nakagawa, K.: Josh: an open AspectJ-like language. In: AOSD 2004, pp. 102–111. ACM, New York (2004)

    Google Scholar 

  12. De Nicola, R., Ferrari, G.L., Pugliese, R.: KLAIM: A kernel language for agents interaction and mobility. IEEE Transactions on Software Engineering 24(5), 315–330 (1998)

    Article  Google Scholar 

  13. De Nicola, R., Ferrari, G.L., Pugliese, R., Venneri, B.: Types for access control. Theoretical Computer Science 240(1), 215–254 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  14. De Nicola, R., Gorla, D., Hansen, R.R., Nielson, F., Riis Nielson, H., Probst, C.W., Pugliese, R.: From flow logic to static type systems for coordination languages. In: Wang, A.H., Tennenholtz, M. (eds.) COORDINATION 2008. LNCS, vol. 5052, pp. 100–116. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. de Oliveira, A.S., Wang, E.K., Kirchner, C., Kirchner, H.: Weaving rewrite-based access control policies. In: FMSE 2007, pp. 71–80. ACM, New York (2007)

    Google Scholar 

  16. Department of Health, UK. NHS Code of Practice-Confidentiality (2003)

    Google Scholar 

  17. Evered, M., Bögeholz, S.: A case study in access control requirements for a health information system. In: ACSW Frontiers 2004, pp. 53–61. Australian Computer Society, Inc. (2004)

    Google Scholar 

  18. Freeman, E., Arnold, K., Hupfer, S.: JavaSpaces principles, patterns, and practice. Addison-Wesley, Reading (1999)

    Google Scholar 

  19. Gelernter, D.: Generative communication in Linda. ACM Trans. Program. Lang. Syst. 7(1), 80–112 (1985)

    Article  MATH  Google Scholar 

  20. Gorrieri, R., Lucchi, R., Zavattaro, G.: Supporting secure coordination in SecSpaces. Fundamenta Informaticae 73(4), 479–506 (2006)

    MATH  MathSciNet  Google Scholar 

  21. Handorean, R., Roman, G.: Secure sharing of tuple spaces in ad hoc settings. ENTCS 85(3), 122–141 (2003)

    Google Scholar 

  22. Kiczales, G.: The fun has just begun. Keynote AOSD (2003)

    Google Scholar 

  23. Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.G.: An overview of aspectJ. In: Lee, S.H. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 327–353. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  24. Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.-M., Irwin, J.: Aspect-oriented programming. In: Liu, Y., Auletta, V. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  25. Kniesel, G., Rho, T., Hanenberg, S.: Evolvable pattern implementations need generic aspects. In: RAM-SE 2004, pp. 111–126. Universität Magdeburg (2004)

    Google Scholar 

  26. Hansen, K.A., Kawauchi, K.: Dataflow pointcut in aspect-oriented programming. In: Ohori, A. (ed.) APLAS 2003. LNCS, vol. 2895, pp. 105–121. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  27. Navarro, L.D.B., Südholt, M., Vanderperren, W., Fraine, B.D., Suvée, D.: Explicitly distributed AOP using AWED. In: AOSD 2006, pp. 51–62. ACM, New York (2006)

    Google Scholar 

  28. Nishizawa, M., Chiba, S., Tatsubori, M.: Remote pointcut: a language construct for distributed AOP. In: AOSD 2004, pp. 7–15. ACM, New York (2004)

    Google Scholar 

  29. Ostermann, K., Mezini, M., Bockisch, C.: Expressive pointcuts for increased modularity. In: Gao, X.-X. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 214–240. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  30. Sadat-Mohtasham, H., Hoover, H.: Transactional pointcuts: designation reification and advice of interrelated join points. In: GPCE 2009, pp. 35–44. ACM, New York (2009)

    Google Scholar 

  31. Tanter, É., Noyé, J.: A versatile kernel for multi-language AOP. In: Glück, R., Lowry, M. (eds.) GPCE 2005. LNCS, vol. 3676, pp. 173–188. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  32. Vitek, J., Bryce, C., Oriol, M.: Coordinating processes with secure spaces. Science of Computer Programming 46(1-2), 163–193 (2003)

    Article  MATH  Google Scholar 

  33. Win, B.D., Joosen, W., Piessens, F.: Developing secure applications through aspect-oriented programming. In: Aspect-Oriented Software Development, pp. 633–650. Addison-Wesley, Reading (2002)

    Google Scholar 

  34. Yang, F.: Aspects with program analysis for security policies. Phd Dissertation, Technical University of Denmark (2010)

    Google Scholar 

  35. Yang, F., Hankin, C., Nielson, F., Nielson, H.R.: Aspect-oriented access control of tuple spaces (submitted to a journal)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DTU Informatics, Technical University of Denmark, Denmark

    Fan Yang, Flemming Nielson & Hanne Riis Nielson

  2. School of Information Science, Japan Advanced Institute of Science and Technology, Japan

    Tomoyuki Aotani

  3. Graduate School of Arts and Sciences, University of Tokyo, Japan

    Hidehiko Masuhara

Authors
  1. Fan Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tomoyuki Aotani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hidehiko Masuhara
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Flemming Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hanne Riis Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Sciences, Vrije Universiteit Brussel, Pleinlaan 2, 1050, Brussles, Belgium

    Wolfgang De Meuter

  2. Department of Computer Science and Engineering, Washington University, Campus Box 1045, One Brookings Drive, 63130-4899, St. Louis, MO, USA

    Gruia-Catalin Roman

Rights and permissions

Reprints and permissions

Copyright information

© 2011 IFIP International Federation for Information Processing

About this paper

Cite this paper

Yang, F., Aotani, T., Masuhara, H., Nielson, F., Nielson, H.R. (2011). Combining Static Analysis and Runtime Checking in Security Aspects for Distributed Tuple Spaces. In: De Meuter, W., Roman, GC. (eds) Coordination Models and Languages. COORDINATION 2011. Lecture Notes in Computer Science, vol 6721. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21464-6_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21464-6_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21463-9

  • Online ISBN: 978-3-642-21464-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics