Access the full text.
Sign up today, get DeepDyve free for 14 days.
Chaima Abid, M. Kessentini, Vahid Alizadeh, Mouna Dhaouadi, R. Kazman (2020)
How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring ApproachIEEE Transactions on Software Engineering, 48
Mohamed Mkaouer, M. Kessentini, Slim Bechikh, Mel Cinnéide (2014)
A Robust Multi-objective Approach for Software Refactoring under Uncertainty
Mohamed Mkaouer, M. Kessentini, Slim Bechikh, Mel Cinnéide, K. Deb (2015)
On the use of many quality attributes for software refactoring: a many-objective search-based software engineering approachEmpirical Software Engineering, 21
Wentao Wang, Kavya Mahakala, Arushi Gupta, N. Hussein, Yinglin Wang (2019)
A linear classifier based approach for identifying security requirements in open source software developmentJ. Ind. Inf. Integr., 14
Yun Lin, Xin Peng, Yuanfang Cai, Danny Dig, Diwen Zheng, Wenyun Zhao (2016)
Interactive and guided architectural refactoring with search-based recommendationProceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering
Gordon Fraser, Jerffeson Souza (2012)
Search Based Software Engineering, 7515
M. Kessentini, Wael Kessentini, H. Sahraoui, M. Boukadoum, Ali Ouni (2011)
Design Defects Detection and Correction by Example2011 IEEE 19th International Conference on Program Comprehension
Ali Ouni, M. Kessentini, H. Sahraoui, M. Hamdi (2013)
The use of development history in software refactoring using a multi-objective evolutionary algorithm
Andrea Arcuri, L. Briand (2011)
A practical guide for using statistical tests to assess randomized algorithms in software engineering2011 33rd International Conference on Software Engineering (ICSE)
Vahid Alizadeh, M. Kessentini (2018)
Reducing Interactive Refactoring Effort via Clustering-Based Multi-objective Search2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)
Mel Cinnéide, L. Tratt, M. Harman, S. Counsell, Iman Moghadam (2012)
Experimental assessment of software metrics using automated refactoringProceedings of the 2012 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
Bandar Alshammari, C. Fidge, D. Corney (2010)
Assessing the Impact of Refactoring on Security-Critical Object-Oriented Designs2010 Asia Pacific Software Engineering Conference
W. Opdyke, Ralph Johnson (1992)
Refactoring object-oriented frameworks
Ali Ouni, M. Kessentini, H. Sahraoui (2013)
Search-Based Refactoring Using Recorded Code Changes2013 17th European Conference on Software Maintenance and Reengineering
Yaming Tang, Fei Zhao, Yibiao Yang, Hongmin Lu, Yuming Zhou, Baowen Xu (2015)
Predicting Vulnerable Components via Text Mining or Software Metrics? An Effort-Aware Perspective2015 IEEE International Conference on Software Quality, Reliability and Security
R. Scandariato, J. Walden, A. Hovsepyan, W. Joosen (2014)
Predicting Vulnerable Software Components via Text MiningIEEE Transactions on Software Engineering, 40
Keman Huang, Jia Zhang, Wei Tan, Zhiyong Feng (2020)
Shifting to Mobile: Network-Based Empirical Study of Mobile Vulnerability MarketIEEE Transactions on Services Computing, 13
Istehad Chowdhury, Mohammad Zulkernine (2011)
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilitiesJ. Syst. Archit., 57
Nick Nikiforakis, L. Invernizzi, A. Kapravelos, S. Acker, W. Joosen, Christopher Krügel, Frank Piessens, G. Vigna (2012)
You are what you include: large-scale evaluation of remote javascript inclusionsProceedings of the 2012 ACM conference on Computer and communications security
Liping Yu, Yuntao Pan, Yishan Wu (2009)
Research on Data Normalization Methods in Multi-Attribute Evaluation2009 International Conference on Computational Intelligence and Software Engineering
J. Walden, Jeff Stuckman, R. Scandariato (2014)
Predicting Vulnerable Components: Software Metrics vs Text Mining2014 IEEE 25th International Symposium on Software Reliability Engineering
Mohamed Mkaouer, M. Kessentini, Slim Bechikh, K. Deb, Mel Cinnéide (2014)
Recommendation system for software refactoring using innovization and interactive dynamic optimizationProceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering
Katsuhisa Maruyama, Takayuki Omori (2011)
A security-aware refactoring tool for Java programs
Christian Grothoff, J. Palsberg, J. Vitek (2001)
Encapsulating objects with confined typesACM Trans. Program. Lang. Syst., 29
Istehad Chowdhury, Brian Chan, Mohammad Zulkernine (2008)
Security metrics for source code structures
M. Fowler (2002)
RefactoringProceedings of the 24th International Conference on Software Engineering. ICSE 2002
Vivek Haldar, Deepak Chandra, M. Franz (2005)
Dynamic taint propagation for Java21st Annual Computer Security Applications Conference (ACSAC'05)
M. O'Keeffe, Mel Cinnéide (2008)
Search-based refactoring for software maintenanceJ. Syst. Softw., 81
Mohamed Mkaouer, M. Kessentini, A. Shaout, Patrice Koligheu, Slim Bechikh, K. Deb, Ali Ouni (2015)
Many-Objective Software Remodularization Using NSGA-IIIACM Trans. Softw. Eng. Methodol., 24
Bandar Alshammari, C. Fidge, D. Corney (2010)
Security Metrics for Object-Oriented Designs2010 21st Australian Software Engineering Conference
Nikolaos Tsantalis, A. Chatzigeorgiou (2011)
Ranking Refactoring Suggestions Based on Historical Volatility2011 15th European Conference on Software Maintenance and Reengineering
Shadi Ghaith, Mel Cinnéide (2012)
Improving Software Security Using Search-Based Refactoring
Jun Han, Yuliang Zheng (1998)
Security Characterisation and Integrity Assurance for Software Components and Component-Based System
Andreas Müller (2009)
Bytecode Analysis for Checking Java Access Modifiers
K. Deb, S. Agrawal, Amrit Pratap, T. Meyarivan (2002)
A fast and elitist multiobjective genetic algorithm: NSGA-IIIEEE Trans. Evol. Comput., 6
Fabio Palomba, A. Lucia, G. Bavota, R. Oliveto (2015)
Anti-Pattern Detection: Methods, Challenges, and Open IssuesAdv. Comput., 95
R. Shatnawi, Wei Li (2011)
An Empirical Assessment of Refactoring Impact on Software Quality Using a Hierarchical Quality Model
Kazuo Kobori, M. Matsushita, Katsuro Inoue (2015)
Evolution analysis for Accessibility Excessiveness in Java2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)
F. Steimann, Andreas Thies (2009)
From Public to Private to Absent: Refactoring Java Programs under Constrained Accessibility
B. Livshits, M. Lam (2005)
Finding Security Vulnerabilities in Java Applications with Static Analysis
C. Zoller, Axel Schmolitzky (2012)
Measuring Inappropriate Generosity with Access Modifiers in Java Systems2012 Joint Conference of the 22nd International Workshop on Software Measurement and the 2012 Seventh International Conference on Software Process and Product Measurement
Mohamed Mkaouer, M. Kessentini, Mel Cinnéide, Shinpei Hayashi, K. Deb (2017)
A robust multi-objective approach to balance severity and importance of refactoring opportunitiesEmpirical Software Engineering, 22
Ali Ouni, M. Kessentini, Mel Cinnéide, H. Sahraoui, K. Deb, Katsuro Inoue (2017)
MORE: A multi‐objective refactoring recommendation approach to introducing design patterns and fixing code smellsJournal of Software: Evolution and Process, 29
S. Vidal, C. Marcos, J. Pace (2016)
An approach to prioritize code smells for refactoringAutomated Software Engineering, 23
S. Vidal, Alexandre Bergel, C. Marcos, J. Pace (2016)
Understanding and addressing exhibitionism in Java empirical research about method accessibilityEmpirical Software Engineering, 21
J. Bansiya, C. Davis (2002)
A Hierarchical Model for Object-Oriented Design Quality AssessmentIEEE Trans. Software Eng., 28
Wael Kessentini, M. Wimmer, H. Sahraoui (2018)
Integrating the Designer in-the-loop for Metamodel/Model Co-Evolution via Interactive Computational SearchProceedings of the 21th ACM/IEEE International Conference on Model Driven Engineering Languages and Systems
Vahid Alizadeh, M. Kessentini, Mohamed Mkaouer, Mel Ocinneide, Ali Ouni, Yuanfang Cai (2020)
An Interactive and Dynamic Search-Based Approach to Software Refactoring RecommendationsIEEE Transactions on Software Engineering, 46
Haris Mumtaz, M. Alshayeb, Sajjad Mahmood, M. Niazi (2017)
An empirical study to improve software security through the application of code refactoringInf. Softw. Technol., 96
Usman Mansoor, M. Kessentini, M. Wimmer, K. Deb (2015)
Multi-view refactoring of class and activity diagrams using a multi-objective evolutionary algorithmSoftware Quality Journal, 25
Amit Srivastava, Shishir Kumar (2017)
An effective computational technique for taxonomic position of security vulnerability in software developmentJ. Comput. Sci., 25
N. Zazworka, C. Seaman, F. Shull (2011)
Prioritizing design debt investment opportunities
P. Bouillon, Eric Großkinsky, F. Steimann (2008)
Controlling Accessibility in Agile Projects with the Access Modifier Modifier
S. Vidal, Alexandre Bergel, J. Pace, C. Marcos (2016)
Over-exposed classes in Java: An empirical studyComput. Lang. Syst. Struct., 46
Ali Ouni, M. Kessentini, H. Sahraoui, Katsuro Inoue, K. Deb (2016)
Multi-Criteria Code Refactoring Using Search-Based Software EngineeringACM Transactions on Software Engineering and Methodology (TOSEM), 25
Jason Wright, M. McQueen, Lawrence Wellman (2012)
Analyses of Two End-User Software Vulnerability Exposure Metrics2012 Seventh International Conference on Availability, Reliability and Security
M. Harman, L. Tratt (2007)
Pareto optimal search based refactoring at the design level
Adam Jensen, B. Cheng (2010)
On the use of genetic programming for automated refactoring and the introduction of design patterns
Bandar Alshammari, C. Fidge, D. Corney (2009)
Security Metrics for Object-Oriented Class Designs2009 Ninth International Conference on Quality Software
M. Kessentini, M. Wimmer, H. Sahraoui, M. Boukadoum (2010)
Generating transformation rules from examples for behavioral models
Sukhee Lee, Gigon Bae, H. Chae, Doo-Hwan Bae, Y. Kwon (2011)
Automated scheduling for clone‐based refactoring using a competent GASoftware: Practice and Experience, 41
A. Agrawal, R. Khan (2012)
Role of Coupling in Vulnerability Propagation Object Oriented Design Perspective
Ali Ouni, M. Kessentini, H. Sahraoui, Katsuro Inoue, M. Hamdi (2015)
Improving multi-objective code-smells correction using development historyJ. Syst. Softw., 105
M. Cusumano (2004)
Who is liable for bugs and security flaws in software?Commun. ACM, 47
Marios Fokaefs, Nikolaos Tsantalis, Eleni Stroulia, A. Chatzigeorgiou (2011)
JDeodorant: identification and application of extract class refactorings2011 33rd International Conference on Software Engineering (ICSE)
O. Seng, J. Stammel, D. Burkhart (2006)
Search-based determination of refactorings for improving the class structure of object-oriented systemsProceedings of the 8th annual conference on Genetic and evolutionary computation
William Brown, Raphael Malveau, Hays McCormick, Thomas Mowbray (1998)
AntiPatterns: Refactoring Software, Architectures, and Projects in Crisis
It is vitally important to fix quality issues in security-critical code as they may be sources of vulnerabilities in the future. These quality issues may increase the attack surface if they are not quickly refactored. In this paper, we use the history of vulnerabilities and security bug reports along with a set of keywords to automatically identify a project’s security-critical files based on its source code, bug reports, pull-request descriptions and commit messages. After identifying these security-related files, we estimate their risks using static analysis to check their coupling with other project components. Then, our approach recommends refactorings to prioritize fixing quality issues in these security-critical files to improve quality attributes and remove identified code smells. To find a trade-off between the quality issues and security-critical files, we adopted a multi-objective search strategy. We evaluated our approach on six open source projects and one industrial system to check the correctness and relevance of the refactorings targeting security critical code. The results of our survey with practitioners supports our hypothesis that quality and security need to be considered together to provide relevant refactoring recommendations.
Automated Software Engineering – Springer Journals
Published: May 18, 2021
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.