Security-Aware Refactoring Alerting its Impact on Code Vulnerabilities

Author

Maruyama, Katsuhisa ; Tokoda, Kensuke

Author_Institution

Dept. of Comput. Sci., Ritsumeikan Univ., Kusatsu

fYear

2008

fDate

3-5 Dec. 2008

Firstpage

445

Lastpage

452

Abstract

Security is still a serious issue for many software systems. Even if software has the correct security features in its initial implementation, recurring modifications (e.g., refactoring) could deteriorate such features. We found several refactoring transformations which might make existing software vulnerable, and organized them as security-aware refactoring. This refactoring presents information useful for programmers to determine if they could accept or should cancel it, based on a criterion assessing the changes of accessibility of data stored in the target program. To demonstrate the feasibility of the proposed refactoring, we have developed a prototype of an automated refactoring tool detecting possible code vulnerabilities regarding the accessibility criterion. The new refactoring provides programmers with an environment in which they safely improve the maintainability of existing software without missing the intrusion of unexpected security vulnerabilities.

Keywords

security of data; software maintenance; code vulnerabilities; recurring modifications; security-aware refactoring alerting; software vulnerable; Collaborative software; Data security; Information security; Java; Programming profession; Prototypes; Software maintenance; Software prototyping; Software safety; Software systems; Refactoring; access control; inform; integrated development environmentsre maintenance; softwaation flow; software security; source code changes;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Engineering Conference, 2008. APSEC '08. 15th Asia-Pacific

Conference_Location

Beijing

ISSN

1530-1362

Print_ISBN

978-0-7695-3446-6

Type

conf

DOI

10.1109/APSEC.2008.57

Filename

4724577