PI: G. Bruns co-PI: R. Jagadeesan, J.Riely
The objective of this proposal is a means of updating the functionality and security policies of high-confidence computer systems in a way that is both dynamic (can be accomplished while the system runs) and safe (does not compromise the trustworthiness of the system).
This proposal investigates the use of aspect-oriented techniques in the dynamic configuration of high-confidence software systems. The specification and implementation and verification of secured components will be studied in an aspect-oriented style. The addition of new software components, both for additional functionality and for security, will be modeled as dynamic aspects, which can modify software during its execution.
Dynamic aspects may allow for flexibility in the dynamic configuration of software, but they also introduce the possibility for subtle bugs to be introduced in the interaction between conflicting aspects. A similar problem (known as the Feature Interaction Problem) has been studied in the telecommunications field. The experience and techniques from that area will be brought to bear on security features modeled as aspects.
A class-based, object-oriented language with dynamic advice loading will be defined. Temporal logic will be used to specify both security properties and the conditions under which cutpoints apply. Static and dynamic analysis methods will be developed to identify interactions between aspects. Finally, tools will be developed to support these methods, and they will be applied in case studies.
