Abstract
Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java implementation Jif, we explore this question practically on common patterns of Refactoring as known from Fowler. We first illustrate on an example the "Extract method" refactoring and how it can endanger confidentiality. We then show how to construct a secure version of this major refactoring pattern by employing Jif to control information flows. Finally, we can show that security leaks as encountered at the outset are not possible anymore.
Original language | English |
---|---|
Title of host publication | Data Privacy Management, and Security Assurance |
Editors | Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, Alessandro Aldini, Fabio Martinelli, Neeraj Suri |
Number of pages | 9 |
Publisher | Springer |
Publication date | 2016 |
Pages | 264-272 |
ISBN (Print) | 978-3-319-29882-5 |
ISBN (Electronic) | 978-3-319-29883-2 |
DOIs | |
Publication status | Published - 2016 |
Event | 10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015 - Vienna, Austria Duration: 21 Sept 2015 → 22 Sept 2015 Conference number: 10 |
Workshop
Workshop | 10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015 |
---|---|
Number | 10 |
Country/Territory | Austria |
City | Vienna |
Period | 21/09/2015 → 22/09/2015 |
Series | Lecture Notes in Computer Science |
---|---|
Volume | 9481 |
ISSN | 0302-9743 |
Keywords
- Computer Science (all)
- Theoretical Computer Science
- Artificial intelligence
- Computer science
- Computers
- Control information
- Distributed information
- Information flows
- Java implementation
- Refactorings
- Security leak
- Data privacy
- Data security
- Object-oriented programming
- Software engineering techniques
- Java
- security of data
- software maintenance
- Java information flow
- secure refactoring
- program security
- information flow control model
- DLM
- Jif
- security leaks