Funded by: Defense Advanced Research Projects Agency
The goal of this project is to research and build an Aspect-Oriented programming language that will add security primitives to traditional programming languages. This language will allow developers to design applications in a security conscious way from the ground up, instead of applying security in an ad hoc manner during and after development. Our approach is designed to meet the following goals:
The security aspect language will be used to specify security properties of a primary program. An "Aspect weaver" will take the primary program and the security specification, automatically weaving them into a single program. The specification language will be designed so that the same syntax can be used no matter the language (or set of languages) used to author the primary program. However, the aspect weaver will need to have specific knowledge of the syntax for each target language. Without a specification for a particular program, a default security policy will be used, which will be very restrictive. The philosophy of this language is "security by default." For example, if the programmer doesn't want buffer overflow protection by default for efficiency reasons, it must be explicitly stated in the security specification. This tool will have several benefits. First, it helps promote separation of concerns. That is, security issues can be handled separately from the core functionality of a program. Second, the tool will automate much of the work required to successfully secure a program. Third, it will enable developers without extensive expertise in the security domain to design more secure software. Finally, it will allow security measures to be applied to legacy code that may not have been developed in a security conscious manner.