Write a Blog >>
Tue 10 Nov 2020 08:33 - 08:34 at Virtual room 1 - Security

While state of the art of software refactoring research uses various quality attributes to identify refactoring opportunities and evaluate refactoring recommendations, the impact of refactoring on the security of software systems when improving other quality objectives is under-explored. It is critical to understand how a system is resistant to security risks after refactoring to improve quality metrics. For instance, refactoring is widely used to improve the reusability of code, however such an improvement may increase the attack surface due to the created abstractions. Increasing the spread of security-critical classes in the design to improve modularity may result in reducing the resilience of software systems to attacks. In this journal first paper, we investigated for the first time the possible impact of improving different quality attributes (e.g. reusability, extendibility, etc.), from the QMOOD model, effectiveness on a set of 8 security metrics defined in the literature related to the data access. We also studied the impact of different refactorings on these static security metrics. Then, we proposed a multi-objective refactoring recommendation approach to find a balance between quality attributes and security based on the correlation results to guide the search. We evaluated our tool on 30 open source projects. We also collected the practitioner perceptions on the refactorings recommended by our tool in terms of the possible impact on both security and other quality attributes. Our results confirm that developers need to make trade-offs between security and other qualities when refactoring software systems due to the negative correlations between them.

Tue 10 Nov
Times are displayed in time zone: (UTC) Coordinated Universal Time change

08:30 - 08:32
Talk
Research Papers
Kripa ShankerIndian Institute of Science, Bangalore, Arun JosephIndian Institute of Science, India, Vinod GanapathyIndian Institute of Science, India
DOI Pre-print File Attached
08:33 - 08:34
Talk
Journal First
Chaima AbidUniversity of Michigan, Marouane KessentiniUniversity of Michigan, Vahid AlizadehDePaul University, Mouna DhaouadiUniversity of Michigan, Rick KazmanUniversity of Hawai‘i at Mānoa
08:35 - 08:36
Talk
Industry Papers
Frederico AraujoIBM T.J. Watson Research Center, New York, USA, Teryl TaylorIBM Research, n.n.
DOI
08:37 - 08:38
Talk
Research Papers
Salah GhamiziUniversity of Luxembourg, Luxembourg, Maxime CordyUniversity of Luxembourg, Luxembourg, Martin GubriUniversity of Luxembourg, Luxembourg, Mike PapadakisUniversity of Luxembourg, Luxembourg, Andrey BoystovUniversity of Luxembourg, Luxembourg, Yves Le TraonUniversity of Luxembourg, Luxembourg, Anne GoujonBGL BNP Paribas, Luxembourg
DOI Pre-print
08:39 - 08:40
Talk
Research Papers
Pan BianRenmin University of China, China, Bin LiangRenmin University of China, China, Jianjun HuangRenmin University of China, China, Wenchang ShiRenmin University of China, China, Xidong WangRenmin University of China, China, Jian ZhangInstitute of Software at Chinese Academy of Sciences, China
DOI
08:41 - 08:42
Talk
Journal First
Tamara LopezThe Open University, Thein Tun, Arosha K BandaraThe Open University, Mark LevineLancaster University, Bashar NuseibehThe Open University (UK) & Lero (Ireland), Helen SharpThe Open University
08:43 - 09:00
Talk
Research Papers
Frederico AraujoIBM T.J. Watson Research Center, New York, USA, Kripa ShankerIndian Institute of Science, Bangalore, Pan BianRenmin University of China, China, Salah GhamiziSntT - University of Luxembourg, Tamara LopezThe Open University, Chaima AbidUniversity of Michigan, M: Ben HermannTechnical University Dortmund