Skip to Main content Skip to Navigation

Modularization of security software engineering in distributed systems

Abstract : Addressing security in the software development lifecycle still is an open issue today, especially in distributed software. Addressing security concerns requires a specific know-how, which means that security experts must collaborate with application programmers to develop secure software. Object-oriented and component-based development is commonly used to support collaborative development and to improve scalability and maintenance in software engineering. Unfortunately, those programming styles do not lend well to support collaborative development activities in this context, as security is a cross-cutting problem that breaks object or component modules. We investigated in this thesis several modularization techniques that address these issues. We first introduce the use of aspect-oriented programming in order to support secure programming in a more automated fashion and to minimize the number of vulnerabilities in applications introduced at the development phase. Our approach especially focuses on the injection of security checks to protect from vulnerabilities like input manipulation. We then discuss how to automate the enforcement of security policies programmatically and modularly. We first focus on access control policies in web services, whose enforcement is achieved through the instrumentation of the orchestration mechanism. We then address the enforcement of privacy protection policies through the expert-assisted weaving of privacy filters into software. We finally propose a new type of aspect-oriented pointcut capturing the information flow in distributed software to unify the implementation of our different security modularization techniques.
Document type :
Complete list of metadata

Cited literature [147 references]  Display  Hide  Download
Contributor : ABES STAR :  Contact
Submitted on : Friday, November 6, 2015 - 6:32:06 PM
Last modification on : Friday, July 31, 2020 - 10:44:08 AM
Long-term archiving on: : Friday, April 28, 2017 - 4:56:55 AM


Version validated by the jury (STAR)


  • HAL Id : tel-01225843, version 1


Gabriel Serme. Modularization of security software engineering in distributed systems. Cryptography and Security [cs.CR]. Télécom ParisTech, 2013. English. ⟨NNT : 2013ENST0063⟩. ⟨tel-01225843⟩



Record views


Files downloads