On the importance of the separation-of-concerns principle in secure software engineering

The separation-of-concerns principle is one of the essential principles in software engineering. It says that software should be decomposed in such a way that different “concerns” or aspects of the problem at hand are solved in well-separated modules or parts of the software. Yet, many security experts feel uneasy about trying to isolate security-related concerns, because security is such a pervasive property of a piece of software. And in fact, separating security-related concerns such as access control, or defensive input checking, is indeed very hard to achieve with current software engineering techniques. While the authors fully agree with the observation that security is a pervasive property, they argue in this position paper that attempts to separate security aspects from other aspects of an application (even though in many cases not completely successful) are a necessary means to raise the security level of most applications. The two main arguments are: increased flexibility of the security mechanisms (leading to easier adaptation to unanticipated or evolving risks), and better-focused efforts of the few security experts in the development team, leading to fewer security design and implementation errors.