Security assessment of code refactoring rules
| Data(s) |
2012
|
|---|---|
| Resumo |
Refactoring is a common approach to producing better quality software. Its impact on many software quality properties, including reusability, maintainability and performance, has been studied and measured extensively. However, its impact on the information security of programs has received relatively little attention. In this work, we assess the impact of a number of the most common code-level refactoring rules on data security, using security metrics that are capable of measuring security from the viewpoint of potential information flow. The metrics are calculated for a given Java program using a static analysis tool we have developed to automatically analyse compiled Java bytecode. We ran our Java code analyser on various programs which were refactored according to each rule. New values of the metrics for the refactored programs then confirmed that the code changes had a measurable effect on information security. |
| Formato |
application/pdf |
| Identificador | |
| Publicador |
IEEE (Institute of Electrical and Electronics Engineers, Inc.) & IET (The Institution of Engineering and Technology) |
| Relação |
http://eprints.qut.edu.au/56382/1/wiar2012_secure_refactoring.pdf http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6210569 Alshammari, Bandar, Fidge, Colin J., & Corney, Diane (2012) Security assessment of code refactoring rules. In Proceedings of the Saudi Arabian National Workshop on Information Assurance Research (WIAR 2012), IEEE (Institute of Electrical and Electronics Engineers, Inc.) & IET (The Institution of Engineering and Technology), Riyadh, Saudi Arabia. http://purl.org/au-research/grants/ARC/LP0776344 |
| Direitos |
Copyright 2012 IEEE |
| Fonte |
School of Electrical Engineering & Computer Science; Institute for Future Environments; Information Security Institute; Science & Engineering Faculty |
| Palavras-Chave | #080303 Computer System Security #Object-orientation #Software Security #Security Metrics #Software Refactoring #Information Flow |
| Tipo |
Conference Paper |
