Runtime Detection and Prevention of Attacks Enabled By Aspect-Oriented Programming
Through the Application of the Information Flow Control Model 

By

Bradley C. Watson, Ph.D.

Nova Southeastern University, Projected Date: December, 2015

Dr. Francisco Mitropoulos, Adviser

 


ABSTRACT

Aspect code from third parties dynamically woven at runtime poses significant security vulnerabilities for code running in environments that support aspects. The proposed research aims to address vulnerabilities that exist at the language interpreter level of operations within a computer system. Effective solutions to vulnerabilities that exist outside the interpreter or within the code running in the interpreter either already exist and/or are being actively explored in research laboratories. The language interpreter itself, however, still needs attention. The proposed research will use real-time analysis of the information flow of executing programs within an interpreter for unexpected, abnormal behaviors that might signal intrusion through third party aspects loaded into the interpreter. The analysis results will trigger enforcement of policies of appropriate aspect execution given explicit assigned roles and permissions for known aspects.