Intrusion detection in open source software via dynamic aspects

William Mahoney, William Sousan

Research output: Contribution to conferencePaperpeer-review

Abstract

Aspect-Oriented Programming (AOP) is an emerging software engineering methodology, which has been used to assist in the removal of crosscutting concerns from traditional methods of software development. As an example, software used to determine whether a user has appropriate security clearance might be scattered throughout the many modules, which require this check. Utilising AOP, "aspects" are "woven" into the software either in a "static" method, during compilation, or a "dynamic" method while the program is executing. The "join points" in a program are the points where these aspects are applied. The "aspect" code is written once and "woven" in to the modules at join points. Typical aspects involve logging changes to a database and monitoring memory usage. Our focus is on aspects related to security and intrusion incident detection. Dynamic weaving allows aspects to be woven in and out as the program is executing. However the base code often must be compiled with additional "syntactic sugar"-additions that are required for the later connection of dynamic aspects. This paper presents a new technique to enable dynamically loaded security modules to be added into existing C/C++ code on the fly while the program is executing. Our tool is a Run-Time Event Monitoring System called "dynamicHook", implemented on a standard Linux platform using existing Linux tools, which tests each potential join point for the required activation of advice. Our system does not need to modify the executable files, but instead we compile in special "linkage" between the base code and potential aspects which are then called as dynamically linked routines located in shared libraries. Our scheme does not require any new syntax or language extensions or rely on code transformations; we thus use it for adding intrusion detection methodologies to pre-existing off-the-shelf open source software.

Original languageEnglish (US)
Pages147-154
Number of pages8
StatePublished - 2007
Event2nd International Conference on i-Warfare and Security, ICIW 2007 - Monterey, CA, United States
Duration: Mar 8 2007Mar 9 2007

Conference

Conference2nd International Conference on i-Warfare and Security, ICIW 2007
Country/TerritoryUnited States
CityMonterey, CA
Period3/8/073/9/07

Keywords

  • AOP
  • Dynamic aspects
  • Intrusion detection
  • Open-source

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Intrusion detection in open source software via dynamic aspects'. Together they form a unique fingerprint.

Cite this