Security through aspect-oriented programming

Since many applications are. too complex to be solved ad hoc, mechanisms are being developed to deal with different concerns separately. An interesting case of this separation is security. The implementation of security mechanisms often interacts or even interferes with the core functionality of the application. This results in tangled, unmanageable code with a higher risk of security bugs. Aspect-oriented programming promises to tackle this problem by offering several abstractions that help to reason about and specify the concerns one at a time, In this paper we make use of this approach to introduce security into an application. By means of the example of access control, we investigate how well the state of the art in aspect-oriented programming can deal with the separation of security from an application. We also discuss the. benefits and drawbacks of this approach, and how it relates to similar techniques.