Capturing Returned Computable Values in AspectJ for Security Hardening

Abstract

ABSTRACT The main contribution of this paper is to present an extension to AspectJ compiler ajc-1.5.0 for security hardening. The extension consists of two pointcuts that can capture the returned computable values of methods in both the execution scope and following a method invocation. The returned values in programs are the results of operations done in the execution scope of methods. They are significant for the intra- and inter-procedural dataflow analysis where they represent the context transitivity between the caller and the called methods in a given program. Any misuse of them can allow the reflection of important data and the disclosure of secret information. Moreover, any alteration of these values can violate the integrity of programs and conduct to their misbehavior. In this paper, we detail the design and the implementation of these two pointcuts. Finally, we present a case study to demonstrate how the data integrity property can be satisfied in distributed systems using the newly implemented pointcuts.