Monitoring Components by Using Aspects and Contracts in Wrappers
MetadataShow full item record
The re-usability and modularity of components reduce the cost and complexity of the software design. It is difficult to predict run-time scenarios covering all possible circumstances to ensure that the components are full compatible with the system. Monitoring run-time behaviours of components presents a close view of the component qualities. The existing monitoring approaches either implement applications with built-in monitoring features, or observe the external resource and events to predict the status of the components. In this thesis work, we propose an approach to monitor the run-time behaviours of components with aspect-oriented wrappers and contracts. We design monitoring wrappers to encapsulate the monitored components. The wrapper has the access to interfaces and properties of the wrapped component. We adopt the methodology of Design by Contract to enforce security policies on component wrappers. The contracts define the mutual obligations of two interacting components. The policies implemented in contracts are woven into component wrappers as separate aspect modules. If the component contains any flaws, the wrappers can monitor the behaviours and prevent failures propagating into the wrapped components and the rest of the system. This approach assures that the system is running in a safe environment with the erroneous behaviours or failures detected appropriately. Secure access between the wrappers guarantees a secure environment for the wrapped components. We conducted experiments on the run-time monitoring of SQL Injection and Cross Site Scripting attacks. We designed cross-cutting concerns such as logging for components to illustrate monitoring components without touching the underlying components. Monitoring on access control is also possible and feasible to add as an additional concern and is also demonstrated in the experiments. The results show that the framework is very flexible to impose separate policies as aspects on component wrappers without the modifications of the underlying components.