Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/springer-journals/prioritizing-refactorings-for-security-critical-code-yT35ks3obx
References (67)
-
Chaima Abid, M. Kessentini, Vahid Alizadeh, Mouna Dhaouadi, R. Kazman (2020)
How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring ApproachIEEE Transactions on Software Engineering, 48
-
Mohamed Mkaouer, M. Kessentini, Slim Bechikh, Mel Cinnéide (2014)
A Robust Multi-objective Approach for Software Refactoring under Uncertainty -
Mohamed Mkaouer, M. Kessentini, Slim Bechikh, Mel Cinnéide, K. Deb (2015)
On the use of many quality attributes for software refactoring: a many-objective search-based software engineering approachEmpirical Software Engineering, 21
-
Wentao Wang, Kavya Mahakala, Arushi Gupta, N. Hussein, Yinglin Wang (2019)
A linear classifier based approach for identifying security requirements in open source software developmentJ. Ind. Inf. Integr., 14
-
Yun Lin, Xin Peng, Yuanfang Cai, Danny Dig, Diwen Zheng, Wenyun Zhao (2016)
Interactive and guided architectural refactoring with search-based recommendationProceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering
-
Gordon Fraser, Jerffeson Souza (2012)
Search Based Software Engineering, 7515
-
M. Kessentini, Wael Kessentini, H. Sahraoui, M. Boukadoum, Ali Ouni (2011)
Design Defects Detection and Correction by Example2011 IEEE 19th International Conference on Program Comprehension
-
Ali Ouni, M. Kessentini, H. Sahraoui, M. Hamdi (2013)
The use of development history in software refactoring using a multi-objective evolutionary algorithm -
Andrea Arcuri, L. Briand (2011)
A practical guide for using statistical tests to assess randomized algorithms in software engineering2011 33rd International Conference on Software Engineering (ICSE)
-
Vahid Alizadeh, M. Kessentini (2018)
Reducing Interactive Refactoring Effort via Clustering-Based Multi-objective Search2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)
-
Mel Cinnéide, L. Tratt, M. Harman, S. Counsell, Iman Moghadam (2012)
Experimental assessment of software metrics using automated refactoringProceedings of the 2012 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
-
Bandar Alshammari, C. Fidge, D. Corney (2010)
Assessing the Impact of Refactoring on Security-Critical Object-Oriented Designs2010 Asia Pacific Software Engineering Conference
-
W. Opdyke, Ralph Johnson (1992)
Refactoring object-oriented frameworks -
Ali Ouni, M. Kessentini, H. Sahraoui (2013)
Search-Based Refactoring Using Recorded Code Changes2013 17th European Conference on Software Maintenance and Reengineering
-
Yaming Tang, Fei Zhao, Yibiao Yang, Hongmin Lu, Yuming Zhou, Baowen Xu (2015)
Predicting Vulnerable Components via Text Mining or Software Metrics? An Effort-Aware Perspective2015 IEEE International Conference on Software Quality, Reliability and Security
-
R. Scandariato, J. Walden, A. Hovsepyan, W. Joosen (2014)
Predicting Vulnerable Software Components via Text MiningIEEE Transactions on Software Engineering, 40
-
Keman Huang, Jia Zhang, Wei Tan, Zhiyong Feng (2020)
Shifting to Mobile: Network-Based Empirical Study of Mobile Vulnerability MarketIEEE Transactions on Services Computing, 13
-
Istehad Chowdhury, Mohammad Zulkernine (2011)
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilitiesJ. Syst. Archit., 57
-
Nick Nikiforakis, L. Invernizzi, A. Kapravelos, S. Acker, W. Joosen, Christopher Krügel, Frank Piessens, G. Vigna (2012)
You are what you include: large-scale evaluation of remote javascript inclusionsProceedings of the 2012 ACM conference on Computer and communications security
-
Liping Yu, Yuntao Pan, Yishan Wu (2009)
Research on Data Normalization Methods in Multi-Attribute Evaluation2009 International Conference on Computational Intelligence and Software Engineering
-
J. Walden, Jeff Stuckman, R. Scandariato (2014)
Predicting Vulnerable Components: Software Metrics vs Text Mining2014 IEEE 25th International Symposium on Software Reliability Engineering
-
Mohamed Mkaouer, M. Kessentini, Slim Bechikh, K. Deb, Mel Cinnéide (2014)
Recommendation system for software refactoring using innovization and interactive dynamic optimizationProceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering
-
Katsuhisa Maruyama, Takayuki Omori (2011)
A security-aware refactoring tool for Java programs -
Christian Grothoff, J. Palsberg, J. Vitek (2001)
Encapsulating objects with confined typesACM Trans. Program. Lang. Syst., 29
-
Istehad Chowdhury, Brian Chan, Mohammad Zulkernine (2008)
Security metrics for source code structures -
M. Fowler (2002)
RefactoringProceedings of the 24th International Conference on Software Engineering. ICSE 2002
-
Vivek Haldar, Deepak Chandra, M. Franz (2005)
Dynamic taint propagation for Java21st Annual Computer Security Applications Conference (ACSAC'05)
-
M. O'Keeffe, Mel Cinnéide (2008)
Search-based refactoring for software maintenanceJ. Syst. Softw., 81
-
Mohamed Mkaouer, M. Kessentini, A. Shaout, Patrice Koligheu, Slim Bechikh, K. Deb, Ali Ouni (2015)
Many-Objective Software Remodularization Using NSGA-IIIACM Trans. Softw. Eng. Methodol., 24
-
Bandar Alshammari, C. Fidge, D. Corney (2010)
Security Metrics for Object-Oriented Designs2010 21st Australian Software Engineering Conference
-
Nikolaos Tsantalis, A. Chatzigeorgiou (2011)
Ranking Refactoring Suggestions Based on Historical Volatility2011 15th European Conference on Software Maintenance and Reengineering
-
Shadi Ghaith, Mel Cinnéide (2012)
Improving Software Security Using Search-Based Refactoring -
Jun Han, Yuliang Zheng (1998)
Security Characterisation and Integrity Assurance for Software Components and Component-Based System -
Andreas Müller (2009)
Bytecode Analysis for Checking Java Access Modifiers -
K. Deb, S. Agrawal, Amrit Pratap, T. Meyarivan (2002)
A fast and elitist multiobjective genetic algorithm: NSGA-IIIEEE Trans. Evol. Comput., 6
-
Fabio Palomba, A. Lucia, G. Bavota, R. Oliveto (2015)
Anti-Pattern Detection: Methods, Challenges, and Open IssuesAdv. Comput., 95
-
R. Shatnawi, Wei Li (2011)
An Empirical Assessment of Refactoring Impact on Software Quality Using a Hierarchical Quality Model -
Kazuo Kobori, M. Matsushita, Katsuro Inoue (2015)
Evolution analysis for Accessibility Excessiveness in Java2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)
-
F. Steimann, Andreas Thies (2009)
From Public to Private to Absent: Refactoring Java Programs under Constrained Accessibility -
B. Livshits, M. Lam (2005)
Finding Security Vulnerabilities in Java Applications with Static Analysis -
C. Zoller, Axel Schmolitzky (2012)
Measuring Inappropriate Generosity with Access Modifiers in Java Systems2012 Joint Conference of the 22nd International Workshop on Software Measurement and the 2012 Seventh International Conference on Software Process and Product Measurement
-
Mohamed Mkaouer, M. Kessentini, Mel Cinnéide, Shinpei Hayashi, K. Deb (2017)
A robust multi-objective approach to balance severity and importance of refactoring opportunitiesEmpirical Software Engineering, 22
-
Ali Ouni, M. Kessentini, Mel Cinnéide, H. Sahraoui, K. Deb, Katsuro Inoue (2017)
MORE: A multi‐objective refactoring recommendation approach to introducing design patterns and fixing code smellsJournal of Software: Evolution and Process, 29
-
S. Vidal, C. Marcos, J. Pace (2016)
An approach to prioritize code smells for refactoringAutomated Software Engineering, 23
-
S. Vidal, Alexandre Bergel, C. Marcos, J. Pace (2016)
Understanding and addressing exhibitionism in Java empirical research about method accessibilityEmpirical Software Engineering, 21
-
J. Bansiya, C. Davis (2002)
A Hierarchical Model for Object-Oriented Design Quality AssessmentIEEE Trans. Software Eng., 28
-
Wael Kessentini, M. Wimmer, H. Sahraoui (2018)
Integrating the Designer in-the-loop for Metamodel/Model Co-Evolution via Interactive Computational SearchProceedings of the 21th ACM/IEEE International Conference on Model Driven Engineering Languages and Systems
-
Vahid Alizadeh, M. Kessentini, Mohamed Mkaouer, Mel Ocinneide, Ali Ouni, Yuanfang Cai (2020)
An Interactive and Dynamic Search-Based Approach to Software Refactoring RecommendationsIEEE Transactions on Software Engineering, 46
-
Haris Mumtaz, M. Alshayeb, Sajjad Mahmood, M. Niazi (2017)
An empirical study to improve software security through the application of code refactoringInf. Softw. Technol., 96
-
Usman Mansoor, M. Kessentini, M. Wimmer, K. Deb (2015)
Multi-view refactoring of class and activity diagrams using a multi-objective evolutionary algorithmSoftware Quality Journal, 25
-
Amit Srivastava, Shishir Kumar (2017)
An effective computational technique for taxonomic position of security vulnerability in software developmentJ. Comput. Sci., 25
-
N. Zazworka, C. Seaman, F. Shull (2011)
Prioritizing design debt investment opportunities -
P. Bouillon, Eric Großkinsky, F. Steimann (2008)
Controlling Accessibility in Agile Projects with the Access Modifier Modifier -
S. Vidal, Alexandre Bergel, J. Pace, C. Marcos (2016)
Over-exposed classes in Java: An empirical studyComput. Lang. Syst. Struct., 46
-
Ali Ouni, M. Kessentini, H. Sahraoui, Katsuro Inoue, K. Deb (2016)
Multi-Criteria Code Refactoring Using Search-Based Software EngineeringACM Transactions on Software Engineering and Methodology (TOSEM), 25
-
Jason Wright, M. McQueen, Lawrence Wellman (2012)
Analyses of Two End-User Software Vulnerability Exposure Metrics2012 Seventh International Conference on Availability, Reliability and Security
-
M. Harman, L. Tratt (2007)
Pareto optimal search based refactoring at the design level -
Adam Jensen, B. Cheng (2010)
On the use of genetic programming for automated refactoring and the introduction of design patterns -
Bandar Alshammari, C. Fidge, D. Corney (2009)
Security Metrics for Object-Oriented Class Designs2009 Ninth International Conference on Quality Software
-
M. Kessentini, M. Wimmer, H. Sahraoui, M. Boukadoum (2010)
Generating transformation rules from examples for behavioral models -
Sukhee Lee, Gigon Bae, H. Chae, Doo-Hwan Bae, Y. Kwon (2011)
Automated scheduling for clone‐based refactoring using a competent GASoftware: Practice and Experience, 41
-
A. Agrawal, R. Khan (2012)
Role of Coupling in Vulnerability Propagation Object Oriented Design Perspective -
Ali Ouni, M. Kessentini, H. Sahraoui, Katsuro Inoue, M. Hamdi (2015)
Improving multi-objective code-smells correction using development historyJ. Syst. Softw., 105
-
M. Cusumano (2004)
Who is liable for bugs and security flaws in software?Commun. ACM, 47
-
Marios Fokaefs, Nikolaos Tsantalis, Eleni Stroulia, A. Chatzigeorgiou (2011)
JDeodorant: identification and application of extract class refactorings2011 33rd International Conference on Software Engineering (ICSE)
-
O. Seng, J. Stammel, D. Burkhart (2006)
Search-based determination of refactorings for improving the class structure of object-oriented systemsProceedings of the 8th annual conference on Genetic and evolutionary computation
-
William Brown, Raphael Malveau, Hays McCormick, Thomas Mowbray (1998)
AntiPatterns: Refactoring Software, Architectures, and Projects in Crisis
- Publisher
- Springer Journals
- Copyright
- Copyright © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2021
- ISSN
- 0928-8910
- eISSN
- 1573-7535
- DOI
- 10.1007/s10515-021-00281-2
- Publisher site
- See Article on Publisher Site
Abstract
It is vitally important to fix quality issues in security-critical code as they may be sources of vulnerabilities in the future. These quality issues may increase the attack surface if they are not quickly refactored. In this paper, we use the history of vulnerabilities and security bug reports along with a set of keywords to automatically identify a project’s security-critical files based on its source code, bug reports, pull-request descriptions and commit messages. After identifying these security-related files, we estimate their risks using static analysis to check their coupling with other project components. Then, our approach recommends refactorings to prioritize fixing quality issues in these security-critical files to improve quality attributes and remove identified code smells. To find a trade-off between the quality issues and security-critical files, we adopted a multi-objective search strategy. We evaluated our approach on six open source projects and one industrial system to check the correctness and relevance of the refactorings targeting security critical code. The results of our survey with practitioners supports our hypothesis that quality and security need to be considered together to provide relevant refactoring recommendations.
Journal
Automated Software Engineering – Springer Journals
Published: May 18, 2021