Security Assessment of Code Refactoring Rules

Conference: WIAR '2012 - National Workshop on Information Assurance Research
04/18/2012 at Riyadh, Kingdom of Saudi Arabia

Proceedings: WIAR '2012

Pages: 10Language: englishTyp: PDF

Personal VDE Members are entitled to a 10% discount on this title

Alshammari, Bandar; Fidge, Colin; Corney, Diane (School of Electrical Engineering and Computer Science, Queensland University of Technology, Australia)
Alshammari, Bandar (School of Public Health and Health Informatics, King Saud Bin Abdulaziz University for Health Sciences, Saudi Arabia)

Refactoring is a common approach to producing better quality software. Its impact on many software quality properties, including reusability, maintainability and performance, has been studied and measured extensively. However, its impact on the information security of programs has received relatively little attention. In this work, we assess the impact of a number of the most common code-level refactoring rules on data security, using security metrics that are capable of measuring security from the point view of potential information flow. The metrics are calculated for a given Java program using a static analysis tool we have developed to automatically analyse compiled Java bytecode. We ran our Java code analyser on various programs which were refactored according to each rule. New values of the metrics for the refactored programs then confirmed that the code changes had a measurable effect on information security.