A security-aware refactoring tool for Java programs

Refactoring is a useful practice in developing and maintaining software since it improves the design of existing code without changing its external behavior. Therefore, contemporary integrated development environments tend to include refactoring tools that support automatic transformations of source code. Unfortunately, some of the popular refactoring transformations make existing code vulnerable although they improve its maintainability. The existence of vulnerable code is still a serious issue for many software systems. This paper describes a tool with support for a new class of refactoring concerning software security, which is built as an Eclipse plug-in. It helps programmers to easily know the adverse impact of code changes on security vulnerabilities in the application of refactoring, and provides them with a chance to determine if they could accept or should cancel the applied refactoring. Consequently, they feel safe to improve the maintainability of existing code without missing security vulnerabilities newly inserted into the code. To evaluate the capability of this tool, we made an experiment with it. The experimental results show the usefulness of the tool and also reveal several remaining issues to be tackled.

[1]  Tom Mens,et al.  A survey of software refactoring , 2004, IEEE Transactions on Software Engineering.

[2]  Carl E. Landwehr,et al.  A Taxonomy of Computer Program Security Flaws, with Examples , 1993 .

[3]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[4]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[5]  William F. Opdyke,et al.  Refactoring object-oriented frameworks , 1992 .

[6]  Gleb Naumovich,et al.  Field Escape Analysis for Data Confidentiality in Java Components , 2007, 14th Asia-Pacific Software Engineering Conference (APSEC'07).

[7]  Shinichiro Yamamoto,et al.  Design and implementation of an extensible and modifiable refactoring tool , 2005, 13th International Workshop on Program Comprehension (IWPC'05).

[8]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[9]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[10]  Andrew C. Myers,et al.  End-to-End Enforcement of Erasure and Declassification , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[11]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[12]  Martin C. Rinard,et al.  Compositional pointer and escape analysis for Java programs , 1999, OOPSLA '99.

[13]  Katsuro Inoue,et al.  JAAT: Java alias analysis tool for program maintenance activities , 2006, Ninth IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'06).

[14]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[15]  Neil Walkinshaw,et al.  The Java system dependence graph , 2003, Proceedings Third IEEE International Workshop on Source Code Analysis and Manipulation.

[16]  Katsuhisa Maruyama,et al.  Security-Aware Refactoring Alerting its Impact on Code Vulnerabilities , 2008, 2008 15th Asia-Pacific Software Engineering Conference.

[17]  Chris Hankin,et al.  Approximate non-interference , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[18]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[19]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[20]  Friedrich Steimann,et al.  From Public to Private to Absent: Refactoring Java Programs under Constrained Accessibility , 2009, ECOOP.

[21]  D. Gollmann,et al.  Computer Security 2e , 2005 .

[22]  David Clark,et al.  Quantitative Analysis of the Leakage of Confidential Data , 2002, QAPL.

[23]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[24]  Amitabha Sanyal,et al.  Data Flow Analysis - Theory and Practice , 2009 .

[25]  Denis Caromel,et al.  Alias analysis for Java with reference-set representation , 2001, Proceedings. Eighth International Conference on Parallel and Distributed Systems. ICPADS 2001.