AOSD Conference  
AOSD.05
Registration
Program
Program Overview
Technical Program
Industry Track
Exhibitions
Keynotes
Workshops
Tutorials
Demonstrations
BOFs
Call For Contributions
Student Extravaganza
Local Information
Conference Venue
Maps
Chicago Photos
Chicago History
Students
Student Volunteers
AOSD-Europe Sponsorships
Organization
Past Conferences
  

Industry track

Invited Talk: Application Security Aspects

Wednesday, March 16, 5:00 pm – 5:30 pm

Ron Bodkin, New Aspects of Software

Abstract

Application security is becoming increasingly important topic, and as application complexity continues to increase, systematic enforcement of this crosscutting requirement is becoming critical.

AOP provides a mechanism to separate policy from implementation and to provide confidence in correct implementation. It allows expressing access control in terms of uniform rules instead of scattering access checks through out a code base. However, there are also challenges in writing effective pointcuts and concerns about how AOP affects security policies.

We examine the benefits and risks of using AOP for application security, by looking at examples of using it for:

  • enforcing role-based access control, by checking permissions wherever necessary
  • data-level access control, in which access to resources is based on the relationship of a user to the data. For example, only an employee's manager can look at the employee's salary, not any manager in the company.
  • filtering displays, by limiting the display of information or controls based on user entitlement
  • auditing sensitive operations whenever access is made

Click here for the slides: Security_Aspects.ppt


 
 
Edited by the AOSD Conference Committee.  Send comments to: webmasteraosd.net