Abstract
Refactoring means that a program is changed without changing its behaviour from an observer’s point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov’s distributed information flow control model DLM and its Java implementation Jif, we explore this question practically on common patterns of Refactoring as known from Fowler. We first illustrate on an example the “Extract method” refactoring and how it can endanger confidentiality. We then show how to construct a secure version of this major refactoring pattern by employing Jif to control information flows. Finally, we can show that security leaks as encountered at the outset are not possible anymore.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
“Extract method” has been coined the refactoring rubicon [4].
References
Boudol, G., Castellani, I.: Noninterference for concurrent programs. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, p. 382. Springer, Heidelberg (2001)
Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch: estimating information leakage from Java programs. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 219–236. Springer, Heidelberg (2014)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)
Fowler, M.: Refactoring: Improving the Design of Existing Code. Addison Wesley, Reading (2004)
Helke, S.: Jif examples. http://www.informatik.tu-cottbus.de/~helke/jif/
Mantel, H.: On the composition of secure systems. Security and Privacy (2002)
McComb, T.: Refactoring object-Z specifications. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 69–83. Springer, Heidelberg (2004)
Mens, T., Eeetvelde, N.V., Demeyer, S., Janssens, D.: Formalising refactorings with graph transformations. J. Softw. Maintenance 17(4), 247–276 (2005)
Mens, T., Tourvé, T.: A survey of software refactoring. IEEE Trans. Softw. Eng. 30(2), 126–139 (2004)
Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: ACM symposium on Operating Systems Principles, SOSP. ACM (1997)
Ruhroth, T., Wehrheim, H., Ziegert, S.: Rel: A generic refactoring language for specification and execution. In: EUROMICRO. IEEE (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Helke, S., Kammüller, F., Probst, C.W. (2016). Secure Refactoring with Java Information Flow. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management, and Security Assurance. DPM QASA 2015 2015. Lecture Notes in Computer Science(), vol 9481. Springer, Cham. https://doi.org/10.1007/978-3-319-29883-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-29883-2_19
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29882-5
Online ISBN: 978-3-319-29883-2
eBook Packages: Computer ScienceComputer Science (R0)