International Conference on Control, Automation and Systems 2008 Oct. 14-17, 2008 in COEX, Seoul, Korea
Establishment of a Security System using Aspect Oriented Programming (ICCAS 2008) Taeho Kim1 and Hongchul Lee1 1
Division of Information Management Engineering, Korea University, Seoul, Korea (Tel : +82-2-3290-3774; E-mail:
[email protected],
[email protected])
Abstract: Security systems are complex systems that perform multiple functions such as position locating of personnel, entry/exit management of personnel, entrance management, monitoring, logging, tracing, authentication, and authorization. This paper attempts to establish a security system using Aspect Oriented Programming (AOP). Because it is possible to establish a system by completely separating the business logic and security logic of a system using AOP, there is the advantage of being able to clearly identify the roles of each module. Also, doing so enables the establishment of a more flexible system through leveraging the innate advantages of AOP, which are expansion of code reusability and implementation of efficient features. Keywords: Security System, Aspect Oriented Programming
1. INTRODUCTION As technology and industry develop, numerous state-of-the-art products are being introduced which is causing technology-concentrated, state-of-the-art, and large corporations to reap huge profits. In such an environment, companies can collapse should their core technology leak out, so companies are focusing on corporate security management in order to protect their proprietary and unique core technologies. Security systems are complex systems that perform multiple functions such as position locating of personnel, entry/exit management of personnel, entrance management, monitoring, logging, tracing, authentication, and authorization. Until now it has been common to use Object Oriented Programming (OOP) when establishing such systems. However, despite the many advantages of OOP, it has proven to be encumbered with many hindrances and shortcomings such as repetitive codes, disorderly codes, low productivity, low reusability, and difficulty to change. For these reasons it is difficult to design and implement an efficient system by clearly identifying all the features needed using only OOP. Therefore, it makes sense to explore a new approach using AOP. This study has established a security system using AOP and its effectiveness has been studied.
2. OVERVIEW OF ASPECT ORIENTED PROGRAMMING AOP is a program development methodology proposed by Gregor Kiczales in "Aspect-Oriented Programming"[1], published in 1997. In AOP, the
requirements (requests) of the program are termed ‘concerns’. Concerns are divided into core concerns and cross-cutting concerns. An example that is used most frequently to explain core and cross-cutting concerns is the banking system. In a bank, core concerns are the main functions of the bank, which are transfer of funds, deposits, and withdrawals. However, other features required by a bank, such as logging, security, and transactions are cross-cutting concerns. Although OOP is currently the most widely used methodology for dealing with core concerns, it comes up short in processing cross-cutting concerns. This becomes more so for complex applications. AOP is a new methodology that enables separation of cross-cutting concerns and their implementation through a new module termed the ‘aspect’. 2.1 AspectJ AspectJ is an AOP development language based on Java, the most widely known OOP language. AspectJ was created by researchers at Xerox, of which Gregor Kiczales was a member, in the late 1990s. Since then, Xerox has transferred the AspectJ project to the open source community eclips.org where it is being supported and developed. AspectJ provides the following advantages: cleaner delineation of responsibilities of individual modules, higher modularization, easier system evolution, late binding of design decisions, more code reuse, improved time-to-market, reduced costs of feature implementation [2]. Dynamic crosscutting in AspectJ is based on a small but powerful set of constructs.
Join points are well-defined points in the execution of the program; pointcuts are a means of referring to collections of join points and certain values at those join points; advice are method-like constructs used to define additional behavior at join points; and aspects are units of modular crosscutting implementation, composed of pointcuts, advice, and ordinary Java member declarations[3]. 2.1.1 Aspect Like a class, an aspect is a unit of modularity, encapsulation, and abstraction; and although clases and aspects have many similarities, there are also some important differences. Unlike classes, aspects can be used to implement crosscutting concerns in a modular fashion. 2.1.1 Join Points and Pointcuts Programs live to excute, and when they excute, stuff happens. Methods get called, objects get initialized, fields are accessed and updated, constructors are executed, and so on. AspectJ calls these events that happen when a program is join points. A pointcut is used to select join points. It acts as a filter, matching join points that meet its specification, and blocking all others. 2.1.1 Advice Pointcuts are predicates that match join points, and advice specifies what to do at those join points. Each piece of advice is associated with a pointcut and specifies behavior that it want to execute before, after, or around, the join points that the pointcut matches[4].
3. Relative Research Geri George et. al.[5] defined a security system and actually designed one using Aspect methodology, but went only so far as to combine the Aspect methodology in the design stages. He did not venture out to the actual implementation stages. Bart De Win et. al.[6] established a security system using AOP, but limited its’ establishment to the personal information management system and the FTP system.
4. ESTABLISHMENT OF SECURITY SYSTEM The three main security objectives are: (1) Confidentiality (sometimes termed privacy or secrecy) protection against unauthorized disclosure of information. (2) Integrity - protection against unauthorized modification of information. (3) Availability - protection against unauthorized withholding of information or resources[7]. Security systems are complex systems that perform multiple features. Therefore, it is the system that has the optimal conditions for establishment using AOP, which supports many cross-cutting concerns. In order to effectively apply AOP to a system, the following should be considered. First, the structure of the corresponding system should be defined well from an Object Oriented viewpoint. A structure that is well defined using Object Oriented yields maximum effects when applied with AOP. Second, the developer should progress the development with full knowledge of the AOP concept in all stages of system development such as requirements analysis and implementation, and not only for designing. Third, the developer should be fully aware of and understand precisely the changes that occur in design through the introduction of AOP. Sufficient preliminary tests and a full understanding of AOP provide a springboard for effective application of AOP methodology.[8] Therefore, in order to effectively establish a system using AOP, the corresponding system should be analyzed thoroughly to identify the cross-cutting concerns. Among the requirements of a security system, position locating of personnel, entry/exit management of personnel, and entrance management correspond to the core concerns of the system, whereas monitoring, logging, tracing, authentication, and authorization are cross-cutting concerns that exist throughout the system. With regards to entrance security, the structure depicted in the diagram below seems to be well defined from an Object Oriented viewpoint. However, related codes need to be inserted in each class in order to create a login or authority related codes. In this case, the function of each class becomes unclear. Also, the structure becomes inflexible after being developed, making it difficult to change system codes to accommodate additional user demands. To address this issue, codes related to cross-cutting concerns such as login and authority have been separated into aspect
modules for implementation. By separating the aspect modules in the existing object oriented environment, the responsibilities of each class becomes clear, and it becomes flexible enough to cope with additional demands of users. JXStatusBar ControlBar
interface RealTimeListener
-fLink:RealTimeListener -fFilterText:JTextField -fLlocaionState:Hashtable -fPlay:IfnButton -fPause:IfnButton
+play:void +pause:void locationFilter:Hashtable tableFilter:String
+ControlBar -initComponents:void -createMenuBar:JMenuBar -play:void -pause:void CheckBoxActionListener locationFilter:Hashtable checkBoxChecked:boolean
JPanel AlarmPanel -fName:String -fTablemodel:IfnTableMode -fFilter:MultiColPatternFilter -fTable:JXTable -leftPane:JScrollPane -isPlay:boolean -isCreateTable:boolean -isFisrt:boolean -fSql:StringBuffer -fAuthSql:StringBuffer -colName:String[] +AlarmPanel -initComponents:void -createTableData:void -makeSql:void -makeAuthSql:String +play:void +pause:void
JPanel ManageAlarm
-fName:String -fTablemodel:IfnTableMode -fFilter:MultiColPatternFilter -fTable:JXTable -leftPane:JScrollPane -fSql:StringBuffer -fAuthSql:StringBuffer -colName:String[] -isFisrt:boolean -isCreateTable:boolean -isPlay:boolean -fRowCount:int -fyyMM:String -fAuth:String
+ManageAlarm -initComponents:void -createTableData:void -makeSql:String -makeAuthSql:String +play:void +pause:void
+ManageGate -initComponents:void -createTableData:void -makeSql:String -makeAuthSql:String +play:void +pause:void
EaterThread
EaterThread TableMouseAdapter
Cross cutting concern EaterThread locationFilter:Hashtable tableFilter:String
JPanel ManageGate
-fName:String -fTablemodel:IfnTableMode -fFilter:MultiColPatternFilter -fTable:JXTable -leftPane:JScrollPane -fSql:StringBuffer -fAuthSql:StringBuffer -colName:String[] -isFisrt:boolean -isCreateTable:boolean -isPlay:boolean -fRowCount:int -fyyyy:String -fAuth:String
locationFilter:Hashtable tableFilter:String
locationFilter:Hashtable tableFilter:String
JXFrame MainOperatePanel -fDesktop:IfnDesktopPane -fInOut:InOutPanel -fAlarm:AlarmPanel -fManageGate:ManageGate -fManageAlarm:ManageAlarm -in_fInOut:IfnInternalFrame -in_fAlarm:IfnInternalFrame -in_fManageGate:IfnInternalF -in_fManageAlarm:IfnInternalF -fMenuListener:MenuListener -fuserRoot:Preferences -fPrefs:Preferences +MainOperatePanel -saveLocation:void -initComponents:void -makeToolBar:JToolBar -createMenuBar:JMenuBar +showMenu:void MenuListener BtnListener visible:JInternalFrame
Fig. 1 Class Diagram.
JPanel InOutPanel -fName:String -fTablemodel:IfnTableMode -fFilter:MultiColPatternFilter -fTable:JXTable -leftPane:JScrollPane -isPlay:boolean -isCreateTable:boolean -fSql:StringBuffer -fAuthSql:StringBuffer -colName:String[] -isFisrt:boolean
Fig. 2 Visualization view.
+InOutPanel -initComponents:void -createTableData:void -makeSql:void -makeAuthSql:String +play:void +pause:void EaterThread locationFilter:Hashtable tableFilter:String
5. CONCLUSION A security system has been developed using AOP. The greatest advantage of AOP is that it provides full separation of business and security logics because cross-cutting concerns can be separated into modules. This full separation of business and security logics has several significant advantages. The developer can embed system features into modules much easier than when using OOP. Doing so enables implementation of sources that are better classified by more clearly delineated roles. The developer can also respond more flexibly to requests for changes. AOP also enables establishment of a more flexible system through leveraging its innate advantages which are the expansion of code reusability and implementation of efficient features.
Acknowledgment This work was supported by the Second Brain Korea 21 Project.
[1]
[2]
REFERENCES Gregor Kiczales, John Lamping, Anurag Mendhekar, Chris Maeda, Cristina Videira Lopes, Jean-Marc Loingtier, and John Irwin, "Aspect-Oriented Programming", ECOOP, pp.220-242, 1997. Ramnivas Laddad, “AspectJ in Action Practical Aspect-Oriented Programming”, Manning Publications, 2003.
[3]
[4]
[5]
[6]
[7] [8]
Gregor Kiczales, Erik Hilsdale, Jim Hugunin, Mik Kersten, Jeffrey Palm and William G. Griswold, "An Overview of AspectJ", ECOOP 2001, LNCS 2072, pp. 327-353, 2001. Adrian Colyer, Andy Clement, George Harley, and Matthew Webster, "Eclipse AspectJAspect-Oriented Programming with AspectJ and the Eclipse AspectJ Development Tools", Pearson Enducation, Inc., 2005. Geri Georg, Indrakshi Ray, Robert France , “Using Aspects to Design a Secure System”, Proceedings of the Eighth IEEE international Conference on Engineering of Complex Computer Systems(ICECCS’02), 2002. Bart De Win, Wouter Joosen and Frank Piessens, “Developing secure applications through aspect-oriented programming”, In Aspect-Oriented Software Development, pp. 633–650, Addison-Wesley, Boston, 2005. C.P.Pfleegler, “Security in Computing, 2nd Edition”, Prentice-Hall, 1997. Roger Alexander, "The Real Costs of Aspect-Oriented Programming", IEEE software, Vol. 20, No. 6, pp. 92-93, 2003.
