Security Improvement of Object Oriented Design using Refactoring Rules

Full Text (PDF, 388KB), PP.24-31

Views: 0 Downloads: 0

Author(s)

Suhel Ahmad Khan 1,* Raees Ahmad Khan 1

1. Department of Information Technology, Babasaheb Bhimrao Ambedkar University (A Central University), Lucknow, India-226025

* Corresponding author.

DOI: https://doi.org/10.5815/ijmecs.2015.02.04

Received: 25 Nov. 2014 / Revised: 16 Dec. 2014 / Accepted: 12 Jan. 2015 / Published: 8 Feb. 2015

Index Terms

Security, Object Oriented Design, Security Quantification, Security Improvement, Refactoring

Abstract

The main component of study is to confirm that how developed security model are helpful for security improvement of object oriented designs. Software refactoring is an essential activity during development and maintenance. It promotes the reengineering measures for improving quality and security of software. The researcher made an effort in this regard to develop security improvement guideline using refactoring activities for object oriented deign. The developed guidelines are helpful to control design complexity for improved security. A case study is adopted from refactoring example by fowler to implement the Security Improvement Guidelines (SIG). The developed Security Quantification Model (SQMOODC) is being used to calculate the quantified value of security at each step. The proposed model SQMOODC calculates the effective security index by ensuring that revised version of object oriented design is being influenced through security improvement guidelines. There is some possibility that original code segment may have some security flaws, anomalies and exploitable entities or vulnerable information that may influence security at design stage. SIG is helpful to cease the security flaws, anomalies, exploitable entities into refactored code segment. Each refactored steps of case study match the prediction of the impact for refactoring rules on security and the impact study for security through SQMOODC model legalize the effectiveness of developed model and security improvement guidelines. The validated results of statistical analysis with different case studies of object oriented designs reflect the usefulness and acceptability of developed models and guidelines.

Cite This Paper

Suhel Ahmad Khan, Raees Ahmad Khan, "Security Improvement of Object Oriented Design using Refactoring Rules", International Journal of Modern Education and Computer Science (IJMECS), vol.7, no.2, pp.24-31 2015. DOI:10.5815/ijmecs.2015.02.04

Reference


[1]J. Bansia, G.C. Davis, “A Hierarchical Model for Object-Oriented Design Quality Assessment”, IEEE Transactions on Software Engineering, Vol. 28, No. 1, pp. 4-17, 2002.
[2]C R Kothari, Research Methodology: Methods and Techniques, Published by New Age International (P) Ltd, ISBN (13) : 978-81-224-2488-1, 1990.
[3]L. Tokuda, D. Batory, “Evolving Object-Oriented Designs with Refactoring”, Department of Computer Sciences, University of Texas at Austin, Automated Software Engineering, Kluwer Academic Publishers, pp:89-120, 2001
[4]D. M. Coleman, D. Ash, B. Lowther, P. W. Oman, “Using Metrics to Evaluate Software System Maintainability”, IEEE Computer, Vol. 27, No. 8, pp. 44–49, August 1994.
[5]S. Demeyer, S. Ducasse, O. Nierstrasz, “Object-Oriented Reengineering Patterns”, Morgan Kaufmann and DPunkt, 2002.
[6]W. G. Griswold, D. Notkin, “Automated Assistance for Program Restructuring”, Trans. Software Engineering and Methodology, ACM., Vol. 2, No. 3, pp. 228–269, July 1993.
[7]E. J. Chikofsky, J. H. Cross, “Reverse Engineering and Design Recovery: A Taxonomy”, IEEE Software, Vol. 7, No. 1, pp. 13–17, 1990.
[8]B. Alshammari, C. Fidge, D. Corney, “Security Assessment of Code Refactoring Rules”, In Proceedings of WIAR-2012, Saudi Arabia, web address: http://eprints.qut.au/56382/, 2012.
[9]R. Moser, P. Abrahamsson, W. Pedrycz, A. Sillitti, G. Succi, “A Case Study on the Impact of Refactoring on Quality and Productivity in an Agile Team”, In Balancing Agility and Formalism in Software Engineering, Lecture Notes In Computer Science, (5082), Springer-Verlag, Berlin, Heidelberg, pp. 252-266, 2008.
[10]T. Mens, T. Tourwe, “A Survey of Software Refactoring”, IEEE Transactions on Software Engineering, 30(2), pp. 126–139, 2004.
[11]B.D. Bois, T. Mens, “Describing the Impact of Refactoring on Internal Program Qualit”, Proceedings of the International Workshop on Evolution of Large-scale
Industrial Software Applications (ELISA), Amsterdam, The Netherlands, pp. 37–48, 2003.
[12]Y. Kataoka, T. Imai, H. Andou, T. Fukaya, “A Quantitative Evaluation of Maintainability Enhancement by Refactoring”, Proceedings of the International Conference on Software Maintenance (ICSM.02), pp. 576–585, 2002.
[13]R. Shatnawi, W. Li, “An Empirical Assessment of Refactoring Impact on Software Quality Using a Hierarchical Quality Model”, International Journal of Software Engineering and its Applications, Vol. 5, No. 4, October, 2011, pp:127-149.
[14]M. Fowler, Refactoring: Improving the Design of Existing Programs, Addison-Wesley, 1999.
[15]B. Alshammari, C. J. Fidge, D. Corney, “Assessing the Impact of Refactoring on Security-Critical Object-Oriented Design”, Proceedings of the Seventeenth Asia Pacific Software Engineering Conference, Sydney, 30 November-3 December (J. Han and T. D. Thu, eds.), (Los Alamitos, CA, USA), IEEE Computer Society, pp. 186–195, 2010.
[16]K. Maruyama, “Secure Refactoring Improving the Security Level of Existing Code”, Proceedings of the Second International Conference on Software and Data Technologies (ICSOFT 2007), (Barcelona, Spain), pp. 222–229, 2007.
[17]M. Hafiz, “Security on Demand”, PhD thesis, Graduate College of the University of Illinois at Urbana-Champaign, 2010.
[18]S. F. Smith, M. Thober, “Refactoring Programs to Secure Information Flows”, Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security, (Ontario, Canada), ACM, pp:75-84, 2006.
[19]B.D. Bois, S. Demeyer, J. Verelst, “Refactoring–Improving Coupling and Cohesion of Existing Code”, Belgian Symposium on Software Restructuring, Gent, Belgium, pp. 144–151, 2005.
[20]J. Ratzinger, M. Fischer, H. Gall, “Improving Evolvability through Refactoring”, Proceedings of the 2nd International Workshop on Mining Software Repositories (MSR’05), pp: 1–5, 2005.
[21]R. Moser, A. Sillitti, P. Abrahamsson, G. Succi, “Does Refactoring Improve Reusability?”, Lecture Notes in Computer Science, 9th International Conference on Software Reuse, pp. 287–297, 2006.
[22]M. Alshayeb, “Empirical Investigation of Refactoring Effect on Software Quality”, Information and Software Technology, 51 (9), pp. 1319–1326, 2009.
[23]F. Dandashi, D.C. Rine, “A Method for Assessing the Reusability of Object-Oriented Code Using A Validated Set of Automated Measurements”, Proceedings of 17th ACM Symposium on Applied Computing, pp. 997–1003, 2002.
[24]K. Maruyama, K. Tokoda, “Security-aware refactoring alerting its impact on code vulnerabilities” , Proceedings of the 15th Asia-Pacific Software Engineering Conference (APSEC 2008), IEEE Computer Society-1488052 445-452, 2008.
[25]S A Khan, R A Khan, “Security Quantification Model”, International Journal of Software Engineering, ISSN: 2090-1801, Volume 6, No. 2, pp: 75-89, 2013.