Campus Access Only
All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.
Date of Award
Dissertation - NSU Access Only
Doctor of Philosophy in Computer Information Systems (DCIS)
Graduate School of Computer and Information Sciences
Frank J Mitropoulos
Following the success of software engineering design patterns, security patterns are a promising approach to aid in the design and development of more secure software systems. At the same time, recent work on aspect-oriented programming (AOP) suggests that the cross-cutting nature of software security concerns makes it a good candidate for AOP techniques. This work uses a set of software metrics to evaluate and compare object-oriented and aspect-oriented implementations of five security patterns--Secure Base Action, Intercepting Validator, Authentication Enforcer, Authorization Enforcer, and Secure Logger.
Results show that complete separation of concerns was achieved with the aspect-oriented implementations and the modularity of the base application was improved, but at a cost of increased complexity in the security pattern code. In most cases the cohesion, coupling, and size metrics were improved for the base application but worsened for the security pattern package. Furthermore, a partial aspect-oriented solution, where the pattern code is decoupled from the base application but not completely encapsulated by the aspect, demonstrated better modularity and reusability than a full aspect solution.
This study makes several contributions to the fields of aspect-oriented programming and security patterns. It presents quantitative evidence of the effect of aspectization on the modularity of security pattern implementations. It augments four existing security pattern descriptions with aspect-oriented solution strategies, complete with new class and sequence diagrams based on proposed aspect-oriented UML extensions. Finally, it provides a set of role-based refactoring instructions for each security pattern, along with a proposal for three new basic generalization refactorings for aspects.
Crystal Edge. 2010. Quantitative Assessment of the Modularization of Security Design Patterns with Aspects. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (142)