Related papers: Aspect-Oriented Programming in Secure Software Development: A Case Study of Security Aspects in Web Applications

Aspect-Oriented Programming in Secure Software Development: A Case Study of Security Aspects in Web Applications

URL: http://arxiv.org/abs/2509.07449v1
Date: Tue, 09 Sep 2025 07:12:55 GMT
Title: Aspect-Oriented Programming in Secure Software Development: A Case Study of Security Aspects in Web Applications
Authors: Mterorga Ukor,
Abstract summary: This study investigates the role of Aspect-Oriented Programming (AOP) in enhancing secure software development.<n>We compare AOP-based implementations of security features including authentication, authorization, input validation, encryption, logging, and session management.<n>The findings demonstrate that AOP enhances modularity, reusability, and maintainability of security mechanisms, while introducing only minimal performance overhead.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Security remains a critical challenge in modern web applications, where threats such as unauthorized access, data breaches, and injection attacks continue to undermine trust and reliability. Traditional Object-Oriented Programming (OOP) often intertwines security logic with business functionality, leading to code tangling, scattering, and reduced maintainability. This study investigates the role of Aspect-Oriented Programming (AOP) in enhancing secure software development by modularizing cross-cutting security concerns. Using a case study approach, we compare AOP-based implementations of security features including authentication, authorization, input validation, encryption, logging, and session management with conventional OOP or middleware-based approaches. Data collection involves analyzing code quality metrics (e.g., lines of code, coupling, cohesion, modularity index, reusability), performance metrics (response time, throughput, memory usage), and maintainability indicators. Developer feedback is also incorporated to assess integration and debugging experiences. Statistical methods, guided by the ISO/IEC 25010 software quality model, are applied to evaluate differences across implementations. The findings demonstrate that AOP enhances modularity, reusability, and maintainability of security mechanisms, while introducing only minimal performance overhead. The study contributes practical insights for software engineers and researchers seeking to balance security with software quality in web application development.

Related papers

From Detection to Prevention: Explaining Security-Critical Code to Avoid Vulnerabilities [2.490168997159702]
This work explores a proactive strategy to prevent vulnerabilities by highlighting code regions that implement security-critical functionality.<n>We present an IntelliJ IDEA plugin prototype that uses code-level software metrics to identify potentially security-critical methods.
arXiv Detail & Related papers (2026-01-31T13:16:01Z)
Towards Verifiably Safe Tool Use for LLM Agents [53.55621104327779]
Large language model (LLM)-based AI agents extend capabilities by enabling access to tools such as data sources, APIs, search engines, code sandboxes, and even other agents.<n>LLMs may invoke unintended tool interactions and introduce risks, such as leaking sensitive data or overwriting critical records.<n>Current approaches to mitigate these risks, such as model-based safeguards, enhance agents' reliability but cannot guarantee system safety.
arXiv Detail & Related papers (2026-01-12T21:31:38Z)
A Systematic Survey of Model Extraction Attacks and Defenses: State-of-the-Art and Perspectives [65.3369988566853]
Recent studies have demonstrated that adversaries can replicate a target model's functionality.<n>Model Extraction Attacks pose threats to intellectual property, privacy, and system security.<n>We propose a novel taxonomy that classifies MEAs according to attack mechanisms, defense approaches, and computing environments.
arXiv Detail & Related papers (2025-08-20T19:49:59Z)
Bridging the Mobile Trust Gap: A Zero Trust Framework for Consumer-Facing Applications [51.56484100374058]
This paper proposes an extended Zero Trust model designed for mobile applications operating in untrusted, user-controlled environments.<n>Using a design science methodology, the study introduced a six-pillar framework that supports runtime enforcement of trust.<n>The proposed model offers a practical and standards-aligned approach to securing mobile applications beyond pre-deployment controls.
arXiv Detail & Related papers (2025-08-20T18:42:36Z)
Clean Code In Practice: Challenges and Opportunities [6.520228635709776]
This paper explores the interplay between software reliability, safety, and security.<n>We identify critical threats to software reliability and provide a threat estimation framework.<n>We propose a set of actionable guidelines for practitioners to improve their reliability prediction models.
arXiv Detail & Related papers (2025-07-26T00:13:50Z)
Software Bill of Materials in Software Supply Chain Security A Systematic Literature Review [0.0]
Software Bill of Materials (SBOMs) are increasingly regarded as essential tools for securing software supply chains (SSCs)<n>This systematic literature review synthesizes evidence from 40 peer-reviewed studies to evaluate how SBOMs are currently used to bolster SSC security.<n>Despite clear promise, adoption is hindered by significant barriers: generation tooling, data privacy, format/standardization, sharing/distribution, cost/overhead, vulnerability exploitability, maintenance, analysis tooling, false positives, hidden packages, and tampering.
arXiv Detail & Related papers (2025-06-04T02:49:04Z)
Training Language Models to Generate Quality Code with Program Analysis Feedback [66.0854002147103]
Code generation with large language models (LLMs) is increasingly adopted in production but fails to ensure code quality.<n>We propose REAL, a reinforcement learning framework that incentivizes LLMs to generate production-quality code.
arXiv Detail & Related papers (2025-05-28T17:57:47Z)
Software Security Mapping Framework: Operationalization of Security Requirements [12.04694982718246]
The Software Security Mapping Framework is a structured solution designed to operationalize security requirements across hierarchical levels.<n>The framework systematically maps 131 refined security requirements to over 400 actionable operational steps spanning the software development lifecycle.<n>It is grounded in four core security goals: Secure Software Environment, Secure Software Development, Software Traceability, and Vulnerability Management.
arXiv Detail & Related papers (2025-05-22T06:34:48Z)
Towards Trustworthy GUI Agents: A Survey [64.6445117343499]
This survey examines the trustworthiness of GUI agents in five critical dimensions.<n>We identify major challenges such as vulnerability to adversarial attacks, cascading failure modes in sequential decision-making.<n>As GUI agents become more widespread, establishing robust safety standards and responsible development practices is essential.
arXiv Detail & Related papers (2025-03-30T13:26:00Z)
AISafetyLab: A Comprehensive Framework for AI Safety Evaluation and Improvement [73.0700818105842]
We introduce AISafetyLab, a unified framework and toolkit that integrates representative attack, defense, and evaluation methodologies for AI safety.<n> AISafetyLab features an intuitive interface that enables developers to seamlessly apply various techniques.<n>We conduct empirical studies on Vicuna, analyzing different attack and defense strategies to provide valuable insights into their comparative effectiveness.
arXiv Detail & Related papers (2025-02-24T02:11:52Z)
A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z)
DASICS: Enhancing Memory Protection with Dynamic Compartmentalization [7.802648283305372]
We present the DASICS (Dynamic in-Address-Space Isolation by Code Segments) secure processor design. It offers dynamic and flexible security protection across multiple privilege levels, addressing data flow protection, control flow protection, and secure system calls. We have implemented hardware FPGA prototypes and software QEMU simulator prototypes based on DASICS, along with necessary modifications to system software for adaptability.
arXiv Detail & Related papers (2023-10-10T09:05:29Z)

This list is automatically generated from the titles and abstracts of the papers in this site.