This document discusses using aspect-oriented programming (AOP) to develop more secure software by separating security concerns from core application logic. It provides motivation for this approach by explaining how security code can become tangled and scattered in object-oriented programs. The document then introduces AOP and AspectJ, using access control as an example of how AOP can improve modularity of a cross-cutting security concern. Specifically, it describes representing access control state using a pushdown automaton updated by AOP aspects.