Secure Refactoring with Java Information Flow

Steffen Helke, Florian Kammüunietd kller, Christian W. Probst

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

Refactoring means that a program is changed without changing its behaviour from an observer's point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov's distributed information flow control model DLM and its Java implementation Jif, we explore this question practically on common patterns of Refactoring as known from Fowler. We first illustrate on an example the "Extract method" refactoring and how it can endanger confidentiality. We then show how to construct a secure version of this major refactoring pattern by employing Jif to control information flows. Finally, we can show that security leaks as encountered at the outset are not possible anymore.
Original languageEnglish
Title of host publicationData Privacy Management, and Security Assurance
Editors Joaquin Garcia-Alfaro, Guillermo Navarro-Arribas, Alessandro Aldini, Fabio Martinelli, Neeraj Suri
Number of pages9
PublisherSpringer
Publication date2016
Pages264-272
ISBN (Print)978-3-319-29882-5
ISBN (Electronic)978-3-319-29883-2
DOIs
Publication statusPublished - 2016
Event10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015 - Vienna, Austria
Duration: 21 Sep 201522 Sep 2015
Conference number: 10

Workshop

Workshop10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015
Number10
CountryAustria
CityVienna
Period21/09/201522/09/2015
SeriesLecture Notes in Computer Science
Volume9481
ISSN0302-9743

Keywords

  • Computer Science (all)
  • Theoretical Computer Science
  • Artificial intelligence
  • Computer science
  • Computers
  • Control information
  • Distributed information
  • Information flows
  • Java implementation
  • Refactorings
  • Security leak
  • Data privacy
  • Data security
  • Object-oriented programming
  • Software engineering techniques
  • Java
  • security of data
  • software maintenance
  • Java information flow
  • secure refactoring
  • program security
  • information flow control model
  • DLM
  • Jif
  • security leaks

Cite this

Helke, S., Kammüunietd kller, F., & Probst, C. W. (2016). Secure Refactoring with Java Information Flow. In J. Garcia-Alfaro, G. Navarro-Arribas, A. Aldini, F. Martinelli, & N. Suri (Eds.), Data Privacy Management, and Security Assurance (pp. 264-272). Springer. Lecture Notes in Computer Science, Vol.. 9481 https://doi.org/10.1007/978-3-319-29883-2_19