Assessing the impact of refactoring on security-critical object-oriented designs

Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.

A hierarchical security assessment model for object-oriented programs

We present a hierarchical model for assessing an object-oriented program's security. Security is quantified using structural properties of the program code to identify the ways in which `classified' data values may be transferred between objects. The model begins with a set of low-level security metrics based on traditional design characteristics of object-oriented classes, such as data encapsulation, cohesion and coupling. These metrics are then used to characterise higher-level properties concerning the overall readability and writability of classified data throughout the program. In turn, these metrics are then mapped to well-known security design principles such as `assigning the least privilege' and `reducing the size of the attack surface'. Finally, the entire program's security is summarised as a single security index value. These metrics allow different versions of the same program, or different programs intended to perform the same task, to be compared for their relative security at a number of different abstraction levels. The model is validated via an experiment involving five open source Java programs, using a static analysis tool we have developed to automatically extract the security metrics from compiled Java bytecode.

Quality metrics for assessing security-critical computer programs

Existing secure software development principles tend to focus on coding vulnerabilities, such as buffer or integer overflows, that apply to individual program statements, or issues associated with the run-time environment, such as component isolation. Here we instead consider software security from the perspective of potential information flow through a program’s object-oriented module structure. In particular, we define a set of quantifiable "security metrics" which allow programmers to quickly and easily assess the overall security of a given source code program or object-oriented design. Although measuring quality attributes of object-oriented programs for properties such as maintainability and performance has been well-covered in the literature, metrics which measure the quality of information security have received little attention. Moreover, existing securityrelevant metrics assess a system either at a very high level, i.e., the whole system, or at a fine level of granularity, i.e., with respect to individual statements. These approaches make it hard and expensive to recognise a secure system from an early stage of development. Instead, our security metrics are based on well-established compositional properties of object-oriented programs (i.e., data encapsulation, cohesion, coupling, composition, extensibility, inheritance and design size), combined with data flow analysis principles that trace potential information flow between high- and low-security system variables. We first define a set of metrics to assess the security quality of a given object-oriented system based on its design artifacts, allowing defects to be detected at an early stage of development. We then extend these metrics to produce a second set applicable to object-oriented program source code. The resulting metrics make it easy to compare the relative security of functionallyequivalent system designs or source code programs so that, for instance, the security of two different revisions of the same system can be compared directly. This capability is further used to study the impact of specific refactoring rules on system security more generally, at both the design and code levels. By measuring the relative security of various programs refactored using different rules, we thus provide guidelines for the safe application of refactoring steps to security-critical programs. Finally, to make it easy and efficient to measure a system design or program’s security, we have also developed a stand-alone software tool which automatically analyses and measures the security of UML designs and Java program code. The tool’s capabilities are demonstrated by applying it to a number of security-critical system designs and Java programs. Notably, the validity of the metrics is demonstrated empirically through measurements that confirm our expectation that program security typically improves as bugs are fixed, but worsens as new functionality is added.

An automated tool for assessing security-critical designs and programs

This paper describes in detail our Security-Critical Program Analyser (SCPA). SCPA is used to assess the security of a given program based on its design or source code with regard to data flow-based metrics. Furthermore, it allows software developers to generate a UML-like class diagram of their program and annotate its confidential classes, methods and attributes. SCPA is also capable of producing Java source code for the generated design of a given program. This source code can then be compiled and the resulting Java bytecode program can be used by the tool to assess the program's overall security based on our security metrics.

Security assessment of code refactoring rules

Refactoring is a common approach to producing better quality software. Its impact on many software quality properties, including reusability, maintainability and performance, has been studied and measured extensively. However, its impact on the information security of programs has received relatively little attention. In this work, we assess the impact of a number of the most common code-level refactoring rules on data security, using security metrics that are capable of measuring security from the viewpoint of potential information flow. The metrics are calculated for a given Java program using a static analysis tool we have developed to automatically analyse compiled Java bytecode. We ran our Java code analyser on various programs which were refactored according to each rule. New values of the metrics for the refactored programs then confirmed that the code changes had a measurable effect on information security.

Security metrics for Java bytecode programs

Although there are many approaches for developing secure programs, they are not necessarily helpful for evaluating the security of a pre-existing program. Software metrics promise an easy way of comparing the relative security of two programs or assessing the security impact of modifications to an existing one. Most studies in this area focus on high level source code but this approach fails to take compiler-specific code generation into account. In this work we describe a set of object-oriented Java bytecode security metrics which are capable of assessing the security of a compiled program from the point of view of potential information flow. These metrics can be used to compare the security of programs or assess the effect of program modifications on security using a tool which we have developed to automatically measure the security of a given Java bytecode program in terms of the accessibility of distinguished ‘classified’ attributes.

Experiences with an Object-Oriented, Multi-Stage Language

Metaphor is a multi-stage programming language extension to an imperative, object-oriented language in the style of C# or Java. This paper discusses some issues we faced when applying multi-stage language design concepts to an imperative base language and run-time environment. The issues range from dealing with pervasive references and open code to garbage collection and implementing cross-stage persistence.

The Impact of Internal Market Orientation on Staff Service Behaviours

The impact of service direction, service training and staff behaviours on perceptions of service delivery are examined. The impact of managerial behaviour in the form of internal market orientation (IMO) on the attitudes of frontline staff towards the firm and its consequent influence on their customer oriented behaviours is also examined. Frontline service staff working in the consumer transport industry were surveyed to provide subjective data about the constructs of interest in this study, and the data were analysed using structural equations modelling employing partial least squares estimation. The data indicate significant relationships between internal market orientation (IMO), the attitudes of the employees to the firm and their consequent behaviour towards customers. Customer orientation, service direction and service training are all identified as antecedents to high levels of service delivery. The study contributes to marketing theory by providing quantitative evidence to support assumptions that internal marketing has an impact on services success. For marketing practitioners, the research findings offer additional information about the management, training and motivation of service staff towards service excellence.

The impact of service orientation on relationship quality and future intentions

This paper examines the impact of service orientation (SO) on relationship quality, and its consequences for consumer behaviour in the travel industry. Specifically consumers' positive behavioural intentions, perceptions of switching costs, and consumer activism are examined as consequences of relationship quality (RQ). A sample of leisure and business travellers on a cross sea ferry were surveyed using a consumer intercept methodology. We find that SO has a significant and positive impact on RQ and that RQ has a positive impact on positive behavioural intentions and perceptions of switching costs. Both RQ and switching costs were found to reduce consumer activism. The implications of these findings for service managers and academics are discussed and directions forfuture research presented.

Stretching-induced orientation to improve mechanical properties of electrospun pan nanocomposites

Partially aligned and oriented polyacrylonitrile(PAN)-based nanofibers were electrospun from PAN and SWNTs/PAN in the solution of dimethylformamide(DMF) to make the carbon nanofibers. The as-spun nanofibers were hot-stretched in an oven to enhance its orientation and crystallinity. Then it were stabilized at 250 square under a stretched stress, and carbonized at 1000 square in N-2 atmosphere by fixing the length of the stabilized nanofiber to convert them into carbon nanofibers. With this hot-stretched process and with the introduction of SWNTs, the mechanical properties will be enhanced correspondingly. The crystallinity of the stretched fibers confirmed by X-ray diffraction has also increased. For PAN nanofibers, the improved fiber alignment and crystallinity resulted in the increased mechanical properties, such as the modulus and tensile strength of the nanofibers. It was concluded that the hot-stretched nanofiber and the SWNTs/PAN nanofibers can be used as a potential precursor to produce high-performance carbon composites.

Measuring Consumer Loyalty : the loyalty orientation scale

Reflecting its importance to thc financial success of organisations, interest in consumer loyalty continues unabated. However, there are still many unanswered questions about its conceptualisation and measurement.These questions must he resolved before academics and practitioners can usefully apply the concept. We argue that consumer loyalty is best conceptualised as a multi-dimensional phenomenon. Based on this multi-dimensional view, we develop and test a new measure of consumer loyalty. We hypothesise a threedimensional structure containing affective, temporal and instrumental dimensions, Results from a preliminary test are reported. The results indicate that the construct can be reprcxeuted with two dimensions: affective and temporal loyally. As an additional check on the reliability of our results, we find significant correlations between these two dimensions and a measure of behavioural loyalty.

Primary students’ spatial visualization and spatial orientation : an evidence base for instruction

This paper reports on the performance of 58 11 to 12-year-olds on a spatial visualization task and a spatial orientation task. The students completed these tasks and explained their thinking during individual interviews. The qualitative data were analysed to inform pedagogical content knowledge for spatial activities. The study revealed that “matching” or “matching and eliminating” were the typical strategies that students employed on these spatial tasks. However, errors in making associations between parts of the same or different shapes were noted. Students also experienced general difficulties with visual memory and language use to explain their thinking. The students’ specific difficulties in spatial visualization related to obscured items, the perspective used, and the placement and orientation of shapes.