Security-aware refactoring alerting its impact on code vulnerabilities

Proceedings - Asia-Pacific Software Engineering Conference, APSEC

Volumn , Issue , 2008, Pages 445-452

  Maruyama, Katsuhisa ^a   Tokoda, Kensuke ^a  

^a RITSUMEIKAN UNIVERSITY   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

REFACTORING; REFACTORING TOOLS; SECURITY FEATURES; SECURITY VULNERABILITIES; SECURITY-AWARE; SOFTWARE SYSTEMS;

COMPUTER SOFTWARE; MAINTAINABILITY;

SECURITY OF DATA;

EID: 67650563932     PISSN: 15301362     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (30)

1. Java-XML Tools Project. http://www.jtool.org/.
2. Jif: Java information flow. http://www.cs.cornell.edu/jif/.
3. A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools. Addison-Wesley, 1986.
4. M. Bishop. Computer Security: Art and Science. Addison- Wesley, 2003.
5. D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236-243, 1976.
6. P. T. Devanbu and S. Stubblebine. Software engineering for security: a roadmap. In ICSE '00: Proc. The Future of Software Engineering, pages 227-239, 2000.
7. J. Ferrante, K. J. Ottenstein, and J. D. Warren. The program dependence graph and its use in optimization. ACM TOPLAS, 9(3):319-349, 1987. (Pubitemid 17641083)
8. M. Fowler. Refactoring: Improving the Design of Existing Code. Addison-Wesley, 1999.
9. J. A. Goguen and J. Meseguer. Security policies and security models. In Proc. Symposium Security and Privacy, pages 11-20, April 1982. (Pubitemid 13547522)
10. D. Gollmann. Computer Security, 2nd ed. John Wiley & Sons, 2006.
11. J. Gosling, B. Joy, and G. Steele. The Java Language Specification. Addison-Wesley, 1996.
12. M. G. Graff and K. R. van Wyk. Secure Coding: Principles and Practices. O'Reilly, 2003.
13. G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison-Wesley, 2004.
14. S. Horwitz, T. Ball, and D. Binkley. Interprocedural slicing using dependence graphs. ACM TOPLAS, 12(1):26-60, 1990. (Pubitemid 20660161)
15. C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi. A taxonomy of computer program security flaws, with examples. ACM Computing Surveys, 26(3):211-254, 1994.
16. K. Maruyama and S. Yamamoto. A case tool platform using an XML representation of Java source code. In Proc. SCAM'04, pages 158-167, 2004. (Pubitemid 40290947)
17. G. McGraw and E. Felten. Twelve rules for developing more secure Java code, 1998. http://www.javaworld.com/ javaworld/jw-12-1998/jw-12-securityrules. html.
18. S. Microsystems. Security code guidelines, 2000. http://java.sun.com/ security/seccodeguide.html.
19. A. C.Myers. Jflow: Practical mostly-static information flow. In Proc. POPL'99, pages 228-241, January 1999.
20. S. Oaks. Java Security, 2nd ed. Addison-Wesley, 2001.
21. F.Ohata and K. Inoue. JAAT: Java alias analysis tool for program maintenance activities. In Proc. ISORC 2006, pages 232-244, 2006.
22. W. F. Opdyke. Refactoring object-oriented frameworks. Technical report, Ph.D. thesis, University of Illinois, Urbana-Champaign, 1992.
23. A. Sabelfeld and A. C. Myers. Language-based informationflow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, 2003.
24. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, and P. Sommerlad. Security Patterns: Integrating Security And Systems Engineering. John Wiley & Sons, 2006.
25. S. Sinha and M. J. Harrold. Analysis of programs with exception-handling constructs. In Proc. ICSM'98, pages 358-367, 1998.
26. J. Viega, G. McGraw, T. Mutdosch, and E. W. Felten. Statically scanning Java code: Finding security vulnerabilities. IEEE Software, 17(5):68-74, 2000. (Pubitemid 30940417)
27. N. Walkinshaw, M. Roper, and M. Wood. The Java system dependence graph. In Proc. SCAM'03, pages 55-64, 2003.
28. D. A. Wheeler. Secure programming for linux and unix howto. http://www.dwheeler.com/secure-programs/.
29. J. A. Whittaker and H. H. Thompson. How to Break Software Security. Addison Wesley, 2001.
30. J. Woo, J. Woo, I. Attali, D. Caromel, J.-L. Gaudiot, and A. L. Wendelborn. Alias analysis for Java with referenceset representation. In Proc. ICPADS, pages 459-466, 2001.