Learn More
Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet dedicated(More)
Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet complete,(More)
The combination of aspect-oriented programming and framework technology boosts software reuse and brings separation of concerns to a new, more generic level. On the one hand, AOP enables the separate implementation of crosscutting concerns. Frameworks, on the other hand, allow us to reuse and customize a particular implementation in different applications.(More)
Programming languages and environments that support AOP lack expressive power to manage the interference between components and aspects. We illustrate this problem in an example and identify the needed expressive power. We propose aspect integration contracts to fill the gap. These contracts specify the permitted interference between an aspect and a base(More)
Aspect-oriented programming represents a –if not the most– promising approach to improve the software development process. It seems particularly appropriate when application requirements that seem well-separated require software behaviour that crosscuts the basic decomposition of the application. The domain of software security is an excellent example of a(More)
The separation-of-concerns principle is one of the essential principles in software engineering. It says that software should be decomposed in such a way that different " concerns " or aspects of the problem at hand are solved in well-separated modules or parts of the software. Yet, many security experts feel uneasy about trying to isolate security-related(More)
Fine-grained and expressive access control policies on application resources need to be enforced in application-level code. Uniformly enforcing a single policy (referred to as the organizationwide policy) in diverse applications is challenging with current technologies. This is due to a poor delimitation of the responsibilities of application deployer and(More)