REFERENCES

1. Ancona, M., Cazzola, W., and Fernandez, E. B. 1999. Reflective authorization systems: Possibilities, benefits, and drawbacks. In Secure Internet programming: Security Issues for Mobile and Distributed Objects, J. Vitek and C. Jensen, Eds. LNCS, vol. 1603. Springer-Verlag, Berlin, 3549.

2. Beznosov, K. 2000. Engineering access control for distributed enterprise applications. Ph.D. thesis, Florida International University, Miami, Florida.

3. Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In 1996 Symp. Security and Privacy, (Oakland, California). IEEE, 164173.

4. Chiba, S. 1995. A metaobject protocol for C++. In 10th Conf. Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), (Austin). ACM, 285299.

5. Cohen, G., Chase, J., and Kaminsky, D. 1998. Automatic program transformation with JOIE. In 1998 Annual Technical Symposium (New Orleans). USENIX, 167178.

6. Common Criteria. 1999. Common criteria for information technology security evaluation, version 2.1. Tech. rep., Common Criteria. http://www.commoncriteria.org.

7. De Win, B. 2004. Engineering Application-level Security through Aspect-Oriented Software Development. Ph.D. thesis, Katholieke Universiteit Leuven, The Netherlands.

8. De Win, B., Joosen, W., and Piessens, F. 2003. AOSD & security: A practical assessment. In Software Engineering Properties of Languages for Aspect Technologies (SPLAT), (Boston). http://www.daimi.au.dk/~eernst/splat03/papers/Bart_De_Win.pdf.

9. De Win, B., van den Bergh, J., Matthijs, F., De Decker, B., and J OOSEN, W. 2000. A security architecture for electronic commerce applications. In Information Security for Global Information Infrastructures, S. Qing and J. Eloff, Eds. Kluwer Academic Publishers, Boston, 491500.

10. De Win, B., Vanhaute, B., and De Decker, B. 2001. Towards an open weaving process. In Workshop on Advanced Separation of Concerns in Object-Oriented Systems (OOPSLA), (Tampa, Florida). http://www.cs.ubc.ca/~kdvolder/Workshops/OOPSLA2001/submissions/07-dewin.pdf.com

11. De Win, B., Vanhaute, B., and De Decker, B. 2002. How aspect-oriented programming can help to build secure software. Informatica 26, 2, 141149.

12. Ernst, E. and Lorenz, D. H. 2003. Aspects and polymorphism in AspectJ. In 2nd Int'l Conf. Aspect-Oriented Software Development (AOSD), (Boston), M. Akit, Ed. 13. Evans, D. and Twyman, A. 1999. Flexible policy-directed code safety. In Symp. Security and Privacy, (Oakland, California). IEEE, 3245.

14. Filman, R. E., Barrett, S., Lee, D. D., and Linden, T. 2002. Inserting ilities by controlling communications. Comm. ACM 45, 1 (Jan.), 116122.

15. Fraser, T., Badger, L., and Feldman, M. 1999. Hardening COTS software with generic software wrappers. In Symp. Security and Privacy, (Oakland, California). IEEE, 216.

16. Gamma, E., Helm, R., Johnson, R., and Vlissides, J. 1995. Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading, Massachusetts.

17. JFTPD. jftpd, ftp server with remote administration. http://homepages.wmich.edu/~p1bijjam/cs555Project/.

18. Keller, R. and Hölzle, U. 1998. Binary code adaptation. In ECOOP'98 Object-Oriented Programming, 12th European Conference, E. Jul, Ed. LNCS, vol. 1445. Springer-Verlag, Berlin, 307329.

19. Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.-M., and Irwin, J. 1997. Aspect-oriented programming. In ECOOP'97 Object-Oriented Programming, 11th European Conference, M. Akit and S. Matsuoka, Eds. 20. Lai, C., Gong, L., Nadalin, A., and Schemers, R. 1999. User authentication and authorization in the Java platform. In 15th Annual Computer Security Applications Conference, (Phoenix, Arizona). IEEE, 285290.

21. Linn, J. 1997. RFC2078: Generic security service application program interface, version 2. Tech. rep., IETF. http://www.ietf.org/rfc/rfc2078.txt.

22. Lowy, J. 2003. Decoupling Components by Injecting Custom Services into your Object's Interceptor Chain. In MSDN Magazine 03/03.

23. Object Management Group. 2002. CORBA security service specification, version 1.8. http://www.omg.org.

24. Pandey, R. and Hashii, B. 1999. Providing Fine-Grained Access Control for Java Programs. In ECOOP'99 Object-Oriented Programming, 13th European Conference, R. Guerraaoui, Ed. LNCS, vol. 1628. Springer-Verlag, Berlin, 449473.

25. Robben, B., Vanhaute, B., Joosen, W., and Verbaeten., P. 1999. Non-functional policies. In Meta-Level Architectures and Reflection, P. Cointe, Ed. LNCS, vol. 1616. Springer-Verlag, Berlin, 7492.

26. Samar, V. and Lai, C. 2003. Making login services independent of authentication technologies. Tech. rep., Sun Microsystems, Inc. http://java.sun.com/security/jaas/doc/pam.html.

27. SECURITY PATTERNS HOME PAGE. http://www.securitypatterns.org/.

28. Shah, V. and Hill, F. 2004. An Aspect-Oriented Security Framework: Lessons Learned. In AOSD Technology for Application-level Security (AOSDSEC), (Lancaster). http://www.cs.kuleuven.ac.be/~distrinet/events/aosdsec/AOSDSEC04_Viren_Shah.pdf.

29. Stroud, R. and Wue, Z. 1996. Using metaobject protocols to satisfy non-functional requirements. In Advances in Object-Oriented Metalevel Architectures and Reflection, C. Zimmermann, Ed. CRC Press, Boca Raton, Florida, 3152.

30. Taylor, L. 2002. Customized EJB Security in JBoss. http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ejbsecurity.html.

31. Vanhaute, B., De Win, B., and De Decker, B. 2001. Building frameworks in AspectJ. In Workshop on Advanced Separation of Concerns (ECOOP), (Budapest). http://trese.cs.utwente.nl/Workshops/ecoop01asoc/papers/VanHaute.pdf..

32. Viega, J., Bloch, J. T. and Chandra, P. 2001. Applying Aspect-Oriented Programming to Security. In Cutter IT Journal 14, 2, 3139.

33. Welch, I. and Stroud, R. 2003. Re-engineering Security as a Crosscutting Concern. In The Computer Journal 46, 5, 578589.