Aspect%20Oriented%20Programming

1
Aspect Oriented Programming

• Carlos Oviedo
• Secure Systems Research Group

2
Introduction

• Late 90s PARC (Palo Alto Research Center)
• Object Oriented Programming Meta-object
  modeling protocols
• Capture cross-cutting concerns
• AspectJ ? Java
• Under constant development

3
Cross-cutting concerns

• Not encapsulated by imperative object oriented
  programming languages (C, C, Java, Pascal. Etc)

Cac04
4
Cross-cutting concerns

• Sometimes requirements relating to a particular
  concern are spread among multiple requirement
  sources.
• Example Logging
• The consequence ? Code spread across several
  modules

5
Cross-cutting concerns

• A specific concern spread along multiple classes

6
Cross-cutting concerns

• Security is a concern that has impact on each
  design unit.
• Modifying the affected design units accordingly
  can be fault prone and a tedious task.
• Other examples
• ?identity management
• ?transaction integrity
• ?authentication
• ?performance

7
Aspects Outline

• Cross cutting concerns are not reusable (cannot
  be refined or inherited)
• AOP ? Modularizes cross cutting concerns
• Pointcut (dynamic)
• Advice (dynamic)
• Inter-type declarations (static)
• Aspects (encapsulates constructions)

8
Aspects Outline

• JOIN POINT
• A specific execution point in the program flow
• POINT CUT
• Selects certain join points and values at those
  points

9
Point Cuts

• Call join point ? actions of an object receiving
  a call
• pointcut move()
• call(void FigureElement.setXY(int,int))
• call(void Point.setX(int))
• call(void Point.setY(int))
• call(void Line.setP1(Point))
• call(void Line.setP2(Point))

10
Advices

• To implement the cross cutting behaviors we use
  advices
• before() move()
• System.out.println("about to move")
• after() returning move()
• System.out.println("just successfully
• moved")

11
Aspects

• Aspects are wrappers
• Very similar to object oriented classes
• aspect Logging
• OutputStream logStream System.err
• before() move()
• logStream.println("about to move")

12
Aspects in security

• Example Control access to a specific resource ?
  Account access by a bank officer

13
Aspects in security

• public aspect AccountAuthorization
• OutputStream logStream System.err
• boolean grantAccess(string id)
• if(id ! guest)
• return true
• else return false
• Pointcut change()
• call(void Account.MakeWithDrawal())
• before() change()
• logStream.println("Change in
  progress...")
• if(!grantAccess(context.id)) throw new
• UnauthorizedAccessException()

14
Aspects in security

• Pointcut change()
• call( MakeWithdrawal(..))

15
Aspects in security

• abstract aspect SimpleAuthorization
• OutputStream logStream System.err
• public static boolean grantAccess(string id)
• if(id ! guest)
• return true
• else return false
• abstract pointcut change()
• call( Make(..))
• before() change()
• logStream.println("Change in
  progress...")
• if(!grantAccess(context.id)) throw new
• UnauthorizedAccessException()

16
Aspects in security

• A specialization of the aspect
• public aspect TransactionAuthorization extends
• SimpleAuthorization
• pointcut change() within(Transaction)
• within(SecureTransaction)
• //...

17
Conclusions

• Aspects are capable abstract structures to
  capture cross cutting concerns such as security
  and can be applied to a system after it has been
  written.
• Security concerns can be maintained in one place
• Another example track who did what on a system
  ? Non-repudiation
• Currently this field is under constant expansion
  and it is worth to exploring its potential due
  its ability to encapsulate concerns

18
AOP Aspect Oriented Programming

• Theserverside.com