• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.6
• /
• pp.2576-2590
• /
• 2020

The fundamental reason why most SQL injection detection methods are difficult to use in practice is the low reusability of the implementation code. This paper presents a reusable SQL injection detection method for Java Web applications based on AOP (Aspect-Oriented Programming) and dynamic taint analysis, which encapsulates the dynamic taint analysis processes into different aspects and establishes aspect library to realize the large-grained reuse of the code for detecting SQL injection attacks. A metamodel of aspect library is proposed, and a management tool for the aspect library is implemented. Experiments show that this method can effectively detect 7 known types of SQL injection attack such as tautologies, logically incorrect queries, union query, piggy-backed queries, stored procedures, inference query, alternate encodings and so on, and support the large-grained reuse of the code for detecting SQL injection attacks.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06c
• /
• pp.223-225
• /
• 2006

영역지향 프로그래밍(Aspect-Oriented Programming)은 소프트웨어의 성능을 향상시키고 유지보수에 많은 이점을 가지는 새로운 프로그래밍 방법론이다. 하지만 영역지향 프로그래밍 방법으로 소프트웨어를 개발하기 위해서는 Aspect를 지원하는 새로운 영역지향 프로그래밍 언어를 사용하거나 레거시 시스템에 Aspect를 적용할 경우에 소스코드의 재 컴파일등과 같은 문제점을 가지고 있다. 이에 본 논문에서는 레거시 시스템에 Aspect를 동적으로 결합할 수 있는 동적결합 메커니즘을 제안한다. 이를 위하여 Aspect의 행위와 결합 정보를 가지는 Connector를 생성하고, 생성된 Connector는 코어클래스의 위임자로서 역할을 수행하게 되는 동적결합 가능하게 하는 메커니즘을 제안한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.307-309
• /
• 2003

본 논문에서는 실시간 운영체제(RTOS)를 모듈화 하기 위하여 그래픽 기반의 Aspect-Oriented Programming (AOP) 프레임워크를 제시한다. 기존의 컴포넌트, 객체 지향 방법론, 그리고 최근의 AOP들은 RTOS와 같이 많은 기능들이 복잡하게 연관된 소프트웨어를 모듈화 하는 데는 적합하지 않았다. 본 논문의 새로운 AOP 프레임워크는 다음과 같은 특징을 가지고 있다. 첫째, 클래스나 메소드의 단위를 넘어서서 구현되는 기능들이 어떻게 aspect로 모듈화 되는지를 시각적으로 보여준다. 또한 기존의 AOP와 같이 여러 aspect들을 이리저리 옮겨 다닐 필요 없이 한 곳에서 코드가 어떤 순서로 수행될 지 알 수 있도록 해 준다. 둘째, 코드를 삽입할 위치를 지정하는 단위를 메소드 단위보다 더 세밀하게 하여 메소드의 수행 중간에 특정 aspect를 위한 코드를 삽입할 수 있도록 하였다. 그래서 하나의 메소드에 여러 aspect가 복잡하게 관여하는 경우가 많은 RTOS를 디자인 할 때 특히 유리하다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.5
• /
• pp.355-359
• /
• 2009

When an unexpected software exception arises, we programmers are to analyze what causes it. Precisely speaking, we need to analyze the cause and property of the unexpected exception. But if exceptions arise irregularly from unknown causes, it is even more difficult for us to handle them, especially in embedded system like mobile phone software development. In this paper, we propose a debugger-friendly analyzing method for exceptions using aspect oriented programming technique. What we need to know upon arising exceptions is the function call history in order to identify the reason for the exceptions. Since programmers used to spend their debugging time on unidentified exceptions, which arise irregularly our method would greatly improve the embedded software development productivity.

• Journal of Internet Computing and Services
• /
• v.8 no.4
• /
• pp.129-136
• /
• 2007

The domain model pattern which belongs to enterprise architecture patterns has reusability, scalability and maintainability. To use the domain model pattern, mapping with persistency layer, transaction management and various services are needed. This paper proposes that relationship management service to solve a consistency error which arises in case of removing domain objects. The proposed relationship management service monitors methods of domain objects and intercepts the flow of control to solve the reference errors. This service is implemented by using AOP(Aspect-Oriented Programming), so it can provide the service without modifications of domain objects and other services.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.109-119
• /
• 2017

In recent through development of IOT owing to that mass stream data is being generated in variety of application complex event processing technology is being watched with keen interest as a technology to analyze this kind of real-time continuous data. However, the existing study related with complex event processing only comes to an end at simple event processing based on low-level event or comes to an end at service defect discovery with providing limited operator and so on. Accordingly, there would be limitation to provide useful analysis information. In this paper in consideration of complex event along with aspect-oriented programming an extended complex event model is provided, which is possible to provide more valuable and useful information. Specifically, we extend the model to support hierarchical event structures and let the model recognize point-cuts of aspect-oriented programming as events. We provide the event operators designed to specify the events on instances and handle temporal relations of the instances. It is presented that syntax and semantics of constructs in our event processing language including various and progressive event operators, complex event pattern, etc. In addition, an event context mechanism is proposed to analyze more delicate events. Finally, through application studies application possibility of this study would be shown and merits of this event model would be present through comparison with other event model.

• Journal of Software Engineering Society
• /
• v.24 no.1
• /
• pp.27-33
• /
• 2011

The importance of the low-power management has increased due to the recent advances of the embedded systems. However, it is noted that low-power concerns are detrimental to the readability and the maintainability of the codes for the core concerns. In this study, in order to reduce occurring leakage power during run-time, we present a power management while considering the run-time leakage power of devices. the power management codes is separated from the core concern codes by applying aspect-oriented programming. Finally, we analyze the theoretical model of our proposed scheme and present experimental results.

• Journal of the Korea Society for Simulation
• /
• v.18 no.3
• /
• pp.113-122
• /
• 2009

Software is getting more complex due to a variety of requirements that include desired functions and properties. Therefore, verifying and testing the software are complicated problems. Moreover, if the software is already implemented, inserting and deleting tracing/logging code into the source code may cause several problems, such as the code tangling and the code scattering problems. This paper proposes the Aspect DEVS Verification Framework which supports the verification and testing process. The Aspect DEVS Verification Framework utilizes Aspect Oriented Programming features to handle the code tangling and the code scattering problems. By applying aspect oriented features, a user can find and fix the inconsistency between requirement and implementation of a software without suffering the problems. The first step of the verification process is the building aspect code to make a software act as a generator. The second step is developing a requirement specification using DEVS diagrams and implementing it using the DEVSIM++. The final step is comparing the event traces from the software with the possible execution sequences from DEVS model.

• Communications of the Korean Institute of Information Scientists and Engineers
• /
• v.25 no.1 s.212
• /
• pp.27-33
• /
• 2007

• The KIPS Transactions:PartD
• /
• v.15D no.4
• /
• pp.495-504
• /
• 2008

Aspect Oriented Programming(AOP) is a relatively new programming paradigm and has properties that other programming paradigms don't have. This new programming paradigm provides new modularization of software systems by cross-cutting concerns. In this paper, we propose a regression test method for program evolution by AOP. By using JoinPoint, we can catch a pointcut-name which makes it possible to test the incorrect pointcut strength fault and the incorrect aspect precedence fault. Through extending proof rules to aspect, we can recognize failures to establish expected postconditions faults. We can also trace variables using set() and get() pointcut and test failures to preserve state invariant fault. Using control flow graph, we can test incorrect changes in control dependencies faults. In order to show the correctness of our proposed method, channel management system is implemented and tested by using proposed methods.