Secure Refactoring with Java Information Flow

Steffen Helke; Florian Kammüunietd kller; Christian W. Probst

doi:10.1007/978-3-319-29883-2_19

Secure Refactoring with Java Information Flow

Steffen Helke, Florian Kammüunietd kller, Christian W. Probst

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java implementation Jif, we explore this question practically on common patterns of Refactoring as known from Fowler. We first illustrate on an example the "Extract method" refactoring and how it can endanger confidentiality. We then show how to construct a secure version of this major refactoring pattern by employing Jif to control information flows. Finally, we can show that security leaks as encountered at the outset are not possible anymore.

Original language	English
Title of host publication	Data Privacy Management, and Security Assurance
Editors	Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, Alessandro Aldini, Fabio Martinelli, Neeraj Suri
Number of pages	9
Publisher	Springer
Publication date	2016
Pages	264-272
ISBN (Print)	978-3-319-29882-5
ISBN (Electronic)	978-3-319-29883-2
DOIs	https://doi.org/10.1007/978-3-319-29883-2_19
Publication status	Published - 2016
Event	10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015 - Vienna, Austria Duration: 21 Sep 2015 → 22 Sep 2015 Conference number: 10

Workshop

Workshop	10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015
Number	10
Country	Austria
City	Vienna
Period	21/09/2015 → 22/09/2015

Series	Lecture Notes in Computer Science
Volume	9481
ISSN	0302-9743

Keywords

Computer Science (all)
Theoretical Computer Science
Artificial intelligence
Computer science
Computers
Control information
Distributed information
Information flows
Java implementation
Refactorings
Security leak
Data privacy
Data security
Object-oriented programming
Software engineering techniques
Java
security of data
software maintenance
Java information flow
secure refactoring
program security
information flow control model
DLM
Jif
security leaks

Access to Document

10.1007/978-3-319-29883-2_19

Cite this

Helke, S., Kammüunietd kller, F., & Probst, C. W. (2016). Secure Refactoring with Java Information Flow. In J. Garcia-Alfaro, G. Navarro-Arribas, A. Aldini, F. Martinelli, & N. Suri (Eds.), Data Privacy Management, and Security Assurance (pp. 264-272). Springer. Lecture Notes in Computer Science, Vol.. 9481 https://doi.org/10.1007/978-3-319-29883-2_19

@inproceedings{ed3d4df57f47433890095d1b0e85cf35,

title = "Secure Refactoring with Java Information Flow",

abstract = "Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java implementation Jif, we explore this question practically on common patterns of Refactoring as known from Fowler. We first illustrate on an example the {"}Extract method{"} refactoring and how it can endanger confidentiality. We then show how to construct a secure version of this major refactoring pattern by employing Jif to control information flows. Finally, we can show that security leaks as encountered at the outset are not possible anymore.",

keywords = "Computer Science (all), Theoretical Computer Science, Artificial intelligence, Computer science, Computers, Control information, Distributed information, Information flows, Java implementation, Refactorings, Security leak, Data privacy, Data security, Object-oriented programming, Software engineering techniques, Java, security of data, software maintenance, Java information flow, secure refactoring, program security, information flow control model, DLM, Jif, security leaks",

author = "Steffen Helke and {Kamm{\"u}unietd kller}, Florian and Probst, {Christian W.}",

year = "2016",

doi = "10.1007/978-3-319-29883-2_19",

language = "English",

isbn = "978-3-319-29882-5",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "264--272",

editor = "Garcia-Alfaro, { Joaquin } and Navarro-Arribas, { Guillermo } and Aldini, {Alessandro } and Martinelli, {Fabio } and Suri, {Neeraj }",

booktitle = "Data Privacy Management, and Security Assurance",

note = "10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015 ; Conference date: 21-09-2015 Through 22-09-2015",

}

Helke, S, Kammüunietd kller, F & Probst, CW 2016, Secure Refactoring with Java Information Flow. in J Garcia-Alfaro, G Navarro-Arribas, A Aldini, F Martinelli & N Suri (eds), Data Privacy Management, and Security Assurance. Springer, Lecture Notes in Computer Science, vol. 9481, pp. 264-272, 10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015, Vienna, Austria, 21/09/2015. https://doi.org/10.1007/978-3-319-29883-2_19

Secure Refactoring with Java Information Flow. / Helke, Steffen; Kammüunietd kller, Florian; Probst, Christian W.

Data Privacy Management, and Security Assurance. ed. / Joaquin Garcia-Alfaro; Guillermo Navarro-Arribas; Alessandro Aldini; Fabio Martinelli; Neeraj Suri. Springer, 2016. p. 264-272 (Lecture Notes in Computer Science, Vol. 9481).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - Secure Refactoring with Java Information Flow

AU - Helke, Steffen

AU - Kammüunietd kller, Florian

AU - Probst, Christian W.

N1 - Conference code: 10

PY - 2016

Y1 - 2016

N2 - Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java implementation Jif, we explore this question practically on common patterns of Refactoring as known from Fowler. We first illustrate on an example the "Extract method" refactoring and how it can endanger confidentiality. We then show how to construct a secure version of this major refactoring pattern by employing Jif to control information flows. Finally, we can show that security leaks as encountered at the outset are not possible anymore.

AB - Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java implementation Jif, we explore this question practically on common patterns of Refactoring as known from Fowler. We first illustrate on an example the "Extract method" refactoring and how it can endanger confidentiality. We then show how to construct a secure version of this major refactoring pattern by employing Jif to control information flows. Finally, we can show that security leaks as encountered at the outset are not possible anymore.

KW - Computer Science (all)

KW - Theoretical Computer Science

KW - Artificial intelligence

KW - Computer science

KW - Computers

KW - Control information

KW - Distributed information

KW - Information flows

KW - Java implementation

KW - Refactorings

KW - Security leak

KW - Data privacy

KW - Data security

KW - Object-oriented programming

KW - Software engineering techniques

KW - Java

KW - security of data

KW - software maintenance

KW - Java information flow

KW - secure refactoring

KW - program security

KW - information flow control model

KW - DLM

KW - Jif

KW - security leaks

U2 - 10.1007/978-3-319-29883-2_19

DO - 10.1007/978-3-319-29883-2_19

M3 - Article in proceedings

SN - 978-3-319-29882-5

T3 - Lecture Notes in Computer Science

SP - 264

EP - 272

BT - Data Privacy Management, and Security Assurance

A2 - Garcia-Alfaro, Joaquin

A2 - Navarro-Arribas, Guillermo

A2 - Aldini, Alessandro

A2 - Martinelli, Fabio

A2 - Suri, Neeraj

PB - Springer

T2 - 10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015

Y2 - 21 September 2015 through 22 September 2015

ER -