Title :
Security-Aware Refactoring Alerting its Impact on Code Vulnerabilities
Author :
Maruyama, Katsuhisa ; Tokoda, Kensuke
Author_Institution :
Dept. of Comput. Sci., Ritsumeikan Univ., Kusatsu
Abstract :
Security is still a serious issue for many software systems. Even if software has the correct security features in its initial implementation, recurring modifications (e.g., refactoring) could deteriorate such features. We found several refactoring transformations which might make existing software vulnerable, and organized them as security-aware refactoring. This refactoring presents information useful for programmers to determine if they could accept or should cancel it, based on a criterion assessing the changes of accessibility of data stored in the target program. To demonstrate the feasibility of the proposed refactoring, we have developed a prototype of an automated refactoring tool detecting possible code vulnerabilities regarding the accessibility criterion. The new refactoring provides programmers with an environment in which they safely improve the maintainability of existing software without missing the intrusion of unexpected security vulnerabilities.
Keywords :
security of data; software maintenance; code vulnerabilities; recurring modifications; security-aware refactoring alerting; software vulnerable; Collaborative software; Data security; Information security; Java; Programming profession; Prototypes; Software maintenance; Software prototyping; Software safety; Software systems; Refactoring; access control; inform; integrated development environmentsre maintenance; softwaation flow; software security; source code changes;
Conference_Titel :
Software Engineering Conference, 2008. APSEC '08. 15th Asia-Pacific
Conference_Location :
Beijing
Print_ISBN :
978-0-7695-3446-6
DOI :
10.1109/APSEC.2008.57
