Refactoring Preserves Security
نویسنده
چکیده
Refactoring allows changing a program without changing its behaviour from an observer’s point of view. To what extent does this invariant of behaviour also preserve security? We show that a program remains secure under refactoring. As a foundation, we use the Decentralized Label Model (DLM) for specifying secure information flows of programs and transition system models for their observable behaviour. On this basis, we provide a bisimulation based formal definition of refactoring and show its correspondence to the formal notion of information flow security (noninterference). This permits us to show security of refactoring patterns that have already been practically explored.
منابع مشابه
Introduction of Aspect Oriented Techniques for refactoring legacy software
Refactoring has become a well-known technique for improving the code in a way that preserves behavior. The application of refactorings during development process of an object oriented or procedure oriented software improves the design and therefore the quality of software. During the evolution of software it is a requirement to refactor them in order to make it more compatible and flexible with...
متن کاملSecure Refactoring - Improving the Security Level of Existing Code
Software security is ever-increasingly becoming a serious issue; nevertheless, a large number of software programs are still defenseless against malicious attacks. This paper proposes a new class of refactoring, which is called secure refactoring. This refactoring is not intended to improve the maintainability of existing code. Instead, it helps programmers to increase the protection level of s...
متن کاملRenaming Global Variables in C Mechanically Proved Correct
Most integrated development environments are shipped with refactoring tools. However, their refactoring operations are often known to be unreliable. As a consequence, developers have to test their code after applying an automatic refactoring. In this article, we consider a refactoring operation (renaming of global variables in C), and we prove that its core implementation preserves the set of p...
متن کاملEnhanced semi-Automated Refactoring Engine with Behavioral testing
Refactoring is a transformation that preserves the external behavior of a program and improves its internal quality. Usually, compilation errors and behavioral changes are avoided by preconditions determined for each refactoring transformation. However, to formally define these preconditions and transfer them to program checks is a rather complex task. In practice, refactoring engine developers...
متن کاملAgile Development of Security - Critical Enterprise System
The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This chapter describes how to grow security, organically, within an agile project, by using an in...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016