Background literature

Rationale and Motivation

• Bart De Win, Frank Piessens, Wouter Joosen, and Tine Verhanneman, On the importance of the separation-of-concerns principle in secure software engineering. In Workshop on the Application of Engineering Principles to System Security Design (WAEPSSD) , Boston, Masachussetts, November 2002.
• Premkumar Devanbu and Stuart Stubblebine, Software Engineering for Security: a Roadmap, In The Future of Software Engineering (ICSE2000), pages 227-239, Limerick, Ireland, June 2000.

Using AOSD for Security

• John Viega, J.T. Bloch, and Pravir Chandra, Applying Aspect-Oriented Programming to Security, Cutter IT Journal, 14(2):31-39, February 2001.
• Viren Shah, Using Aspect-Oriented Programming to Address Security Concerns, International Symposium on Software Reliability Engineering, November 2002.
• Bart De Win, Bart Vanhaute, and Bart De Decker, How aspect-oriented programming can help to build secure software, Informatica, 26(2):141-149, 2002.
• Bart De Win, Engineering Application-level Security using Aspect-Oriented Software Development, PhD thesis, Department of Computer Science, K.U.Leuven, March 2004.
• Ian S. Welch and Robert J. Stroud, Re-engineering Security as a Crosscutting Concern, The Computer Journal, 46(5):578-589, September 2003.

Support for Modular Security in Commercial Systems

• CORBA
  • The Object Management~Group (OMG), CORBAServices: Security Service Specification, Version 1.8, http://www.omg.org/technology/documents/formal/security_service.htm, March 2002.
  • Konstantin Beznosov, Yi~Deng, Carol Burt, and John Barkley, A Resource Access Decision Service for CORBA-based Distributed Systems, In 15th Annual Computer Security Applications Conference (ACSAC), pages 310-319, Phoenix, Arizona, December 1999. IEEE Computer Society.
  • Konstantin Beznosov, Object Security Attributes: Enabling Application-specific Access Control in Middleware, In 4th International Symposium on Distributed Objects & Applications (DOA), pages 693-710, Irvine, October 2002.
  • Robert E. Filman, Stu Barrett, Diana Lee, and Ted Linden, Inserting Ilities by Controlling Communications, Communications of the ACM, 45(1):116-122, January 2002.
• Enterprise JavaBeans
• Linda G. and DeMichiel, Enterprise JavaBeans Specification Version 2.1, http://java.sun.com/products/ejb/docs.html, June 2003.
• JBoss Application Server, http://www.jboss.org/, September 2003.
• Microsoft COM+ and .NET
• Keith Brown, Programming Windows Security, Developmentor series. Addison-Wesley, 1st edition, July 2000.
• Juval Lowy, Decouple Components by Injecting Custom Services into your Object's Interception Chain, MSDN Magazine, March 2003.
• Dharma Shukla, Simon Fell, and Chris Sells, Aspect-Oriented Programming Enables Better Code Encapsulation and Reuse, MSDN Magazine, March 2002.
• Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, and Kevin T. Price, .NET Framework Security, Addison Wesley, April 2002.
• Gunther Karjoth, Access Control with IBM Tivoli Access Manager, ACM Transactions on Information and System Security (TISSEC), 6(2):232-257, May 2003.

Related Work

• David Evans and Andrew Twyman, Flexible Policy-Directed Code Safey, In IEEE Symposium on Security and Privacy, pages 32-45, Oakland, California, May 1999. IEEE Computer Society.
• Raju Pandey and Brant Hashii, Providing Fine-Grained Access Control for Java Programs, In 13th European Conference on Object-Oriented Programming (ECOOP), volume 1628 of LNCS, pages 449-473, June 1999.
• U. Erlingsson and F. B. Schneider, Enforcement of Security Policies: A Retrospective, In New Security Paradigms Workshop (WNSP), September 2000.
• Markus Schumacher and Utz Roedig, Security Engineering with Patterns, In 8th Conference on Pattern Languages of Programs, July 2001.
• Security Patters website, http://www.securitypatterns.org, April 2002.