Using Aspect-Oriented Programming for Trustworthy Software Development
| 2008-05-19 00:00:00 | | 0 | Programming
Learn how to successfully implement trustworthy computing tasks using aspect-oriented programming
This landmark publication fills a gap in the literature by not only describing the basic concepts of trustworthy computing (TWC) and aspect-oriented programming (AOP), but also exploring their critical interrelationships. The author clearly demonstrates how typical TWC tasks such as security checks, in-and-out conditions, and multi-threaded safety can be implemented using AOP.
Following an introduction, the book covers:
Trustworthy computing, software engineering, and computer science
Aspect-oriented programming and Aspect.NET
Principles and case studies that apply AOP to TWC
Coverage includes Aspect.NET, the AOP framework developed by the author for the Microsoft.NET platform, currently used in seventeen countries. The author discusses the basics of Aspect.NET architecture, its advantages compared to other AOP tools, and its functionality. The book has extensive practical examples and case studies of trustworthy software design and code using the Aspect.NET framework. In addition, the book explores other software technologies and tools for using AOP for trustworthy software development, including Java and AspectJ.
This book also includes a valuable chapter dedicated to ERATO, the author's teaching method employed in this book, which has enabled thousands of students to quickly grasp and apply complex concepts in computing and software engineering, while the final chapter presents an overall perspective on the current state of AOP and TWC with a view toward the future.
Software engineers, architects, developers, programmers, and students should all turn to this book to learn this tested and proven method to create more secure, private, and reliable computing.
User review
AOP for TWC
Bridging a much needed gap in the scientific literature, Dr. Safonov timely and rightfully focuses on the relationship between Trustworthy Computing (TWC) and AOP in this groundbreaking book. Typical TWC tasks such as reliability, security and privacy can be implemented using AOP by treating these tasks as aspects (cross cutting concerns). Support for systematic code injection, or weaving in AOP terms, is a practical need of trustworthy software development. Here Dr. Safonov explores the use of the AOP approach in achieving this goal. Most trustworthy software development features are known to be cross cutting concerns. AOP is eminently suited to TWC, as the essence of AOP is to separate/design/modify, or weave implementations of cross cutting concerns. The ideas in this book can further be used for quantification of security measures in regards with my personal research on quantitative trustworthy computing. As Dr. Safonov and myself started discussing this new idea; suppose T is the target application with an unknown lack of security LoS(T), and an estimated residual risk RR(T) where RR symbolizes Residual Risk after taking countermeasures on a vulnerability-threat domain using my Security-Meter algorithm. Assume we take the aspect A and weave or apply it to target T. Then, the task remains to estimate LoS(A(T)) to compare to RR(T). Students and professionals will benefit greatly from this work by learning a powerful and proven method to further trustworthy computing goals of security reliability and privacy. Dr. Safonov is to be commended for his work, which provides the TWC community with an important and highly innovative technology best suited to furthering these goals. I highly recommend this book to an entire audience who has a trustworthy-conscious mind.
Dr. M. Sahinoglu, Author of `Trustworthy Computing`, Wiley (2007), Director of Informatics Institute, Auburn University Montgomery, Montgomery AL 36124 USA
User review
a good book on software engineering worth returning to
Vladimir Safonov's book was not only quite interesting reading for me -- I would say that on several occasions it provided me with certain inspirations for my everyday work (I am a professional software design engineer). The book is written with a scrupulous care for details and coverage.
Chapter 1 is an easily readable and nice but nevertheless dense introduction to the book. While reading the chapter 2 (on trustworthy computing) I realized that I have never met such systematic approach on the topic, methodically explaining, illustrating and analyzing `pillars` of TWC and methodology of addressing TWC in two major programming environments, Microsoft's .NET and Sun's Java. Chapter 3 impressed me with systematic coverage on aspect-oriented programming. Before, I had only superficial knowledge of AOP -- now I understand its principals much better and understand not only benefits of the technology but pitfalls as well. Finally, in chapter 4 (I did not read through the chapter 5 since it is devoted to teaching to which I have little interest right now) two themes of previous chapters were presented together in an intertwined narration illustrated with a number of elaborated examples -- I found this chapter most interesting and inspiring. Effectively, a reader is presented with a full matrix where strong points of AOP are applied to every pillar of TWC (though the narration does not stop there; for example, I found quite interesting the section on combining AOP with Agile Programming approaches).
One important point about the book I would like to stress here is the author's unbiased approach to topics under consideration. For example, you will not find apologetic stances to either .NET or Java -- both competing technologies are considered thoroughly in regards to book's main themes. Another example is comparative consideration of various AOP frameworks like AspectJ/AspectWerkz, HyperJ (Java) and PostSharp, Aspect.NET (.NET) (the latter implemented by author's team at St. Petersburg State University). The chapter devoted to AOP includes a section which considers AOP's pitfalls in depth. I like this academic style a lot.
I will be keeping the book on the bookshelf in my office among other books which I like to open from time to time, like Steve McConnell's Code Complete or GoF's Design Patterns.
User review
AOP programming history, language, and teaching method
A very interesting book, laid out using Professor Safanov's ERATO teaching technique, which in itself is an interesting subject. Following this technique we find a book that can be read on different levels and bringing different points into focus.
For instance, the history lesson that everything builds upon, while the information is available it is put in perspective and includes not only the `western` computer history but that of the Soviet Union. This `total` history builds a better picture of why we are at the point in computing that the Aspect methods and tools are extremely desirable. It also explains the supporting infrastructure in the current language sets that support moving to Aspect oriented programming.
Another `aspect` of the book goes on to provide lessons in the use of Aspect programming and to how and why the syntax has, and is, being developed.
Then a lesson in lesson planning and the use of the ERATO teaching method thus coming full circle.
A must read for those interested in where programming has come from, is going to and those who wish to communicate, that is teach, the whole versus the components in isolation.
User review
TWC and AOP
The book,using AOP for TWC is an excellent entry for teaching. I especially thought the background information leading up to Microsoft's TWC initiative was exceptionally thorough and provided an excellent backdrop for advanced students learning AOP.
It is my opinion that the author was trying to not only expose the need for TWC-like efforts but additionally give the reader or lecturer the correct guidance and tools to build a effective class series. I had no problem with the authors focus on the .NET framework and the AOP implementations - this focus was well thought-out and thorough.
Teaching TWC or TWC principles should be a must in any current CS curriculum. Professor Safonov I believe has created an excellent gateway publication for advanced university students and provide an excellent foundation for lecturers to build upon. I especially liked the structure of the chapter on 'Teaching TWC and AOP' which I believe is an excellence structure for developers as well as students.
I highly recommend this book.
User review
Teaching as well as using AOP
This book is primarily about applications of aspect-oriented programming (AOP) to issues of `trustworthiness`, specifically in the context of Microsoft's `.NET` architecture. It is not an introduction to AOP (despite sections on history and `AOP Basics`); there are many other books that address that market. Nor is it an introduction to software trustworthiness in general. Rather, the chapter on `Trustworthy Computing` is focused on Microsoft's `TWC initiative` of 2002, and on the features of the .NET framework that support that initiative.
Early implementations of AOP, most notably AspectJ, were based on Java. The author and his team at St. Petersburg University, supported by Microsoft, have developed an AOP implementation for .NET. The architecture of their AOP implementation is described in detail, and a variety of examples are presented. The core of the book, the chapter on applications of AOP to TWC, treats, among other topics: error handling, synchronization, multithreading, privacy, reliability, and design-by-contract. Quantitative estimates of effects of AOP on efficiently and performance are provided. These estimates are based on a variety of assumptions which may be optimistic; and in fact the impacts of AOP on performance and on programmer productivity are an area in which much additional research is needed.
The final major chapter, `Teaching TWC and AOP`, reads like a separate book, and perhaps should have been. Here the author explains his teaching philosophy and methods, and provides detailed descriptions of AOP-related courses from the computer science curricula at St. Petersburg University, with specific course descriptions, topic lists, and even abbreviated lecture notes. This chapter could be a fertile source of ideas for any faculty planning similar courses or curricula.
The author has been extremely thorough in citing the literature; in fact, one of the side effects of reading this book was a tour through the earlier and current treatments and implementations of AOL. Over 160 references are listed, of which over half are web links (some of which, not surprisingly, are already dead).
An appendix provides five complex examples of AOP applications, with explanations and complete, fully tested source code.
Although not directed to the beginner, this book would be a valuable reference for programmers with some previous AOP experience (due to the excellent examples), and for university curriculum developers.