Cross-Language Weaving Approach Targeting Software Security Hardening

Abstract

In this paper, we propose an approach for systematic security hardening of software based on aspect-oriented programming and Gimple language. We also present the first steps towards a formal specification for Gimple weaving together with the implementation methodology of the proposed weaving semantics. The primary contribution of this approach is providing the software architects with the capabilities to perform systematic security hardening by applying well-defined solutions and without the need to have expertise in the security solution domain. We explore the viability of our propositions by realizing the weaving semantics for Gimple by implementing it into the GCC compiler and applying our methodologies for systematic security hardening to develop a case study for securing the connections of client applications together with experimental results.