A Practical Framework for The Dataflow Pointcut in AspectJ Amine Boukhtouta, Dima Alhadidi and Mourad Debbabi Computer Security Laboratory (CSL) Concordia Institute for Information Systems Engineering Concordia University Email: {a boukh,dm alhad,debbabi}@encs.concordia.ca Abstract—In this paper, we present the design and the imple- mentation of the dataflow pointcut in AspectJ compiler ajc 1.5.0. Some security concerns are sensitive to flow of information in a program execution. The dataflow pointcut has been proposed by Masuhara and Kawauchi in order to easily implement such security concerns in aspect-oriented programming languages. The pointcut identifies join points based on the origins of values. The dataflow pointcut can detect and fix a lot of vulnerabilities that result from not validating input effectively, e.g., web application vulnerabilities, process injection, log forging, and path injection. AspectJ extends the Java programming language to implement crosscutting concerns modularly in general. The implementation methodology of the dataflow pointcut which depends in define- use analysis is described in detail together with case studies that demonstrate how the implemented dataflow pointcut can detect a considerable number of vulnerabilities. I. I NTRODUCTION Security is taking an increasingly predominant role in today’s computing world. The industry is facing challenges in public confidence at the discovery of vulnerabilities, and customers are expecting security to be delivered out of the box, even on programs that have not been designed with security in mind. The challenge is even greater when legacy systems must be adapted to high-risk environments, while they are not originally designed to fit into such ones. In some cases, little can be done to improve the situation, especially for Commercial-Off-The-Shelf (COTS) software products that are no longer supported, or their source code is lost. However, whenever the source code is available, as it is the case for Free and Open-Source Software (FOSS), a wide range of security improvements could be applied once a focus on security is decided. As a result, integrating security into software becomes a very challenging and interesting domain of research. A security of an application is an attribute that permeates the whole system. As such, any attempt to address security concerns must be global in nature. Besides, security solu- tions must be applied consistently at every relevant location. One way of achieving these objectives is by separating out security concerns from the rest of the application concerns, such that they can be addressed independently and applied globally. A methodology that would encompass separation of security concerns and consistent implementation of security solutions, would pave the road towards secure applications, enable a security expert to specify security properties, and facilitate the correctness verification of security solutions. More recently, several proposals have been advanced for the injection of security code into an application using Aspect- oriented Programming (AOP) [6] which appears to be a very promising paradigm for software security hardening since it allows separation of security concerns [7]. The most prominent AOP approach is the pointcut-advice model. It is adopted in this paper because it appears to be the most appropriate one to harden security into applications [3]. The fundamental concepts of this model are: join points, pointcuts, and advices. However, AOP has not been initially engineered with se- curity in mind which resulted in many shortcomings in this technology. There are some contributions that suggest new pointcuts for security purposes such as the one of Masuhara and Kawauchi [9]. They have presented the design of the dataflow pointcut with a web-application example, and its prototype implementation. It has been implemented as an extension to Aspect SandBox (ASB) [10], which is a mod- eling framework for AOP mechanisms based on the pointcut- advice model. In this paper, we design and implement the dataflow pointcut as an extension to AspectJ compiler ajc- 1.5.0. AspectJ is a seamless aspect-oriented extension to the Java programming language that enables clean modularization of crosscutting concerns. This pointcut identifies join points based on the origins of values. The dataflow pointcut can detect and fix a lot of vulnerabilities that result from not validating input effectively, e.g., process injection, log forging, path injection, and web application vulnerabilities. There’s no doubt that web applications have become the attackers’ target of choice. Web vulnerabilities are ”the new buffer overflow” plaguing the information security community. Almost every day, Bugtraq and other sites record new flaws in commercial or open source web applications. The security of web applications has become increasingly important in the last decade. More and more web applications deal with sensitive financial and medical data, which if compromised, in addition to downtime can mean millions of dollars in damages. This highlights the need for the design and the implementation of the dataflow pointcut. The rest of the paper is organized as follows. In Section II, an overview of the current literature is presented on the subjects that are related to the contribution of this paper: AOP and AOP for securing software. Some of input validation vul- 2009 International Conference on Availability, Reliability and Security 978-0-7695-3564-7/09 $25.00 © 2009 IEEE DOI 10.1109/ARES.2009.86 835 2009 International Conference on Availability, Reliability and Security 978-0-7695-3564-7/09 $25.00 © 2009 IEEE DOI 10.1109/ARES.2009.86 835 Authorized licensed use limited to: CONCORDIA UNIVERSITY LIBRARIES. Downloaded on September 30, 2009 at 16:54 from IEEE Xplore. Restrictions apply.