Intrusion detection in open source software via dynamic aspects

William Mahoney, William Sousan

Research output: Contribution to conferencePaper

Abstract

Aspect-Oriented Programming (AOP) is an emerging software engineering methodology, which has been used to assist in the removal of crosscutting concerns from traditional methods of software development. As an example, software used to determine whether a user has appropriate security clearance might be scattered throughout the many modules, which require this check. Utilising AOP, "aspects" are "woven" into the software either in a "static" method, during compilation, or a "dynamic" method while the program is executing. The "join points" in a program are the points where these aspects are applied. The "aspect" code is written once and "woven" in to the modules at join points. Typical aspects involve logging changes to a database and monitoring memory usage. Our focus is on aspects related to security and intrusion incident detection. Dynamic weaving allows aspects to be woven in and out as the program is executing. However the base code often must be compiled with additional "syntactic sugar"-additions that are required for the later connection of dynamic aspects. This paper presents a new technique to enable dynamically loaded security modules to be added into existing C/C++ code on the fly while the program is executing. Our tool is a Run-Time Event Monitoring System called "dynamicHook", implemented on a standard Linux platform using existing Linux tools, which tests each potential join point for the required activation of advice. Our system does not need to modify the executable files, but instead we compile in special "linkage" between the base code and potential aspects which are then called as dynamically linked routines located in shared libraries. Our scheme does not require any new syntax or language extensions or rely on code transformations; we thus use it for adding intrusion detection methodologies to pre-existing off-the-shelf open source software.

Original languageEnglish (US)
Pages147-154
Number of pages8
StatePublished - Jan 1 2007
Event2nd International Conference on i-Warfare and Security, ICIW 2007 - Monterey, CA, United States
Duration: Mar 8 2007Mar 9 2007

Conference

Conference2nd International Conference on i-Warfare and Security, ICIW 2007
CountryUnited States
CityMonterey, CA
Period3/8/073/9/07

Fingerprint

Intrusion detection
Aspect oriented programming
Software engineering
Monitoring
Syntactics
Sugars
Chemical activation
Data storage equipment
Open source software
Linux

Keywords

  • AOP
  • Dynamic aspects
  • Intrusion detection
  • Open-source

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Mahoney, W., & Sousan, W. (2007). Intrusion detection in open source software via dynamic aspects. 147-154. Paper presented at 2nd International Conference on i-Warfare and Security, ICIW 2007, Monterey, CA, United States.

Intrusion detection in open source software via dynamic aspects. / Mahoney, William; Sousan, William.

2007. 147-154 Paper presented at 2nd International Conference on i-Warfare and Security, ICIW 2007, Monterey, CA, United States.

Research output: Contribution to conferencePaper

Mahoney, W & Sousan, W 2007, 'Intrusion detection in open source software via dynamic aspects' Paper presented at 2nd International Conference on i-Warfare and Security, ICIW 2007, Monterey, CA, United States, 3/8/07 - 3/9/07, pp. 147-154.
Mahoney W, Sousan W. Intrusion detection in open source software via dynamic aspects. 2007. Paper presented at 2nd International Conference on i-Warfare and Security, ICIW 2007, Monterey, CA, United States.
Mahoney, William ; Sousan, William. / Intrusion detection in open source software via dynamic aspects. Paper presented at 2nd International Conference on i-Warfare and Security, ICIW 2007, Monterey, CA, United States.8 p.
@conference{800030a0dd384f6b908ab49ab55e84c5,
title = "Intrusion detection in open source software via dynamic aspects",
abstract = "Aspect-Oriented Programming (AOP) is an emerging software engineering methodology, which has been used to assist in the removal of crosscutting concerns from traditional methods of software development. As an example, software used to determine whether a user has appropriate security clearance might be scattered throughout the many modules, which require this check. Utilising AOP, {"}aspects{"} are {"}woven{"} into the software either in a {"}static{"} method, during compilation, or a {"}dynamic{"} method while the program is executing. The {"}join points{"} in a program are the points where these aspects are applied. The {"}aspect{"} code is written once and {"}woven{"} in to the modules at join points. Typical aspects involve logging changes to a database and monitoring memory usage. Our focus is on aspects related to security and intrusion incident detection. Dynamic weaving allows aspects to be woven in and out as the program is executing. However the base code often must be compiled with additional {"}syntactic sugar{"}-additions that are required for the later connection of dynamic aspects. This paper presents a new technique to enable dynamically loaded security modules to be added into existing C/C++ code on the fly while the program is executing. Our tool is a Run-Time Event Monitoring System called {"}dynamicHook{"}, implemented on a standard Linux platform using existing Linux tools, which tests each potential join point for the required activation of advice. Our system does not need to modify the executable files, but instead we compile in special {"}linkage{"} between the base code and potential aspects which are then called as dynamically linked routines located in shared libraries. Our scheme does not require any new syntax or language extensions or rely on code transformations; we thus use it for adding intrusion detection methodologies to pre-existing off-the-shelf open source software.",
keywords = "AOP, Dynamic aspects, Intrusion detection, Open-source",
author = "William Mahoney and William Sousan",
year = "2007",
month = "1",
day = "1",
language = "English (US)",
pages = "147--154",
note = "2nd International Conference on i-Warfare and Security, ICIW 2007 ; Conference date: 08-03-2007 Through 09-03-2007",

}

TY - CONF

T1 - Intrusion detection in open source software via dynamic aspects

AU - Mahoney, William

AU - Sousan, William

PY - 2007/1/1

Y1 - 2007/1/1

N2 - Aspect-Oriented Programming (AOP) is an emerging software engineering methodology, which has been used to assist in the removal of crosscutting concerns from traditional methods of software development. As an example, software used to determine whether a user has appropriate security clearance might be scattered throughout the many modules, which require this check. Utilising AOP, "aspects" are "woven" into the software either in a "static" method, during compilation, or a "dynamic" method while the program is executing. The "join points" in a program are the points where these aspects are applied. The "aspect" code is written once and "woven" in to the modules at join points. Typical aspects involve logging changes to a database and monitoring memory usage. Our focus is on aspects related to security and intrusion incident detection. Dynamic weaving allows aspects to be woven in and out as the program is executing. However the base code often must be compiled with additional "syntactic sugar"-additions that are required for the later connection of dynamic aspects. This paper presents a new technique to enable dynamically loaded security modules to be added into existing C/C++ code on the fly while the program is executing. Our tool is a Run-Time Event Monitoring System called "dynamicHook", implemented on a standard Linux platform using existing Linux tools, which tests each potential join point for the required activation of advice. Our system does not need to modify the executable files, but instead we compile in special "linkage" between the base code and potential aspects which are then called as dynamically linked routines located in shared libraries. Our scheme does not require any new syntax or language extensions or rely on code transformations; we thus use it for adding intrusion detection methodologies to pre-existing off-the-shelf open source software.

AB - Aspect-Oriented Programming (AOP) is an emerging software engineering methodology, which has been used to assist in the removal of crosscutting concerns from traditional methods of software development. As an example, software used to determine whether a user has appropriate security clearance might be scattered throughout the many modules, which require this check. Utilising AOP, "aspects" are "woven" into the software either in a "static" method, during compilation, or a "dynamic" method while the program is executing. The "join points" in a program are the points where these aspects are applied. The "aspect" code is written once and "woven" in to the modules at join points. Typical aspects involve logging changes to a database and monitoring memory usage. Our focus is on aspects related to security and intrusion incident detection. Dynamic weaving allows aspects to be woven in and out as the program is executing. However the base code often must be compiled with additional "syntactic sugar"-additions that are required for the later connection of dynamic aspects. This paper presents a new technique to enable dynamically loaded security modules to be added into existing C/C++ code on the fly while the program is executing. Our tool is a Run-Time Event Monitoring System called "dynamicHook", implemented on a standard Linux platform using existing Linux tools, which tests each potential join point for the required activation of advice. Our system does not need to modify the executable files, but instead we compile in special "linkage" between the base code and potential aspects which are then called as dynamically linked routines located in shared libraries. Our scheme does not require any new syntax or language extensions or rely on code transformations; we thus use it for adding intrusion detection methodologies to pre-existing off-the-shelf open source software.

KW - AOP

KW - Dynamic aspects

KW - Intrusion detection

KW - Open-source

UR - http://www.scopus.com/inward/record.url?scp=84896441156&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84896441156&partnerID=8YFLogxK

M3 - Paper

SP - 147

EP - 154

ER -