ACIR: An Aspect-Connector for Intrusion Response

The modularization concept behind component-based software (CBS) cannot be applied effectively for cross-cutting concerns such as security. Aspect-oriented programming (AOP) helps in better modularization by identifying cross-cutting concerns and providing a suitable way to separate those concerns. In this paper, we provide an aspect-connector based intrusion response (detection and prevention) architecture for CBS by bringing the concepts of aspects into components. The aspect-connector is named as ACIR (aspect connector for intrusion response). Component interfaces act as join points, and aspects containing pointcuts and advices are defined in ACIR configuration file. Advices applicable to particular pointcuts are two types. Signature advices are used to detect intrusions, and action advices are executed to prevent intrusions. A prototype of this architecture is implemented and evaluated using some intrusions included in the Web application security consortium (WASC) intrusion list. This approach detects and prevents intrusions in CBS while maintaining encapsulation, reusability, and modularity.