Skip to main content
SpringerLink
Log in

Refactoring Preserves Security

  • Conference paper
  • First Online:
Data Privacy Management and Security Assurance (DPM 2016, QASA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9963))

  • 707 Accesses

Abstract

Refactoring allows changing a program without changing its behaviour from an observer’s point of view. To what extent does this invariant of behaviour also preserve security? We show that a program remains secure under refactoring. As a foundation, we use the Decentralized Label Model (DLM) for specifying secure information flows of programs and transition system models for their observable behaviour. On this basis, we provide a bisimulation based formal definition of refactoring and show its correspondence to the formal notion of information flow security (noninterference). This permits us to show security of refactoring patterns that have already been practically explored.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For simplicity we concentrate on confidentiality in this paper.

  2. 2.

    We should consider differently named bijective sets of variables for P and Q since renaming is also a refactoring but for the sake of simplicity we omit it here.

References

  1. Boudol, G., Castellani, I.: Noninterference for concurrent programs. In: Orejas, F., Spirakis, P.G., Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 382–395. Springer, Heidelberg (2001). doi:10.1007/3-540-48224-5_32

    Chapter  Google Scholar 

  2. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  3. Fenton, J.S.: Information protection systems. Ph.D. thesis, Univ. Cambridge (1973)

    Google Scholar 

  4. Fowler, M.: Refactoring: Improving the Design of Existing Code. Addison Wesley, Boston (2004)

    MATH  Google Scholar 

  5. Helke, S., Kammüller, F., Probst, C.W.: Secure refactoring with java information flow. In: Garcia-Alfaro, J., Navarro-Arribas, G., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2015. LNCS, vol. 9481, pp. 264–272. Springer, Heidelberg (2016). doi:10.1007/978-3-319-29883-2_19

    Chapter  Google Scholar 

  6. Mantel, H.: On the Composition of Secure Systems. Security and Privacy, Oakland (2002)

    Book  MATH  Google Scholar 

  7. Mantel, H., Sands, D., Sudbrock, H.: Assumptions and guarantees for compositional noninterference. In: IEEE CSF (2011)

    Google Scholar 

  8. Mclean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: Security and Privacy (1994)

    Google Scholar 

  9. Mens, T., Tourvé, T.: A survey of software refactoring. IEEE Trans. Softw. Eng. 30(2), 126–139 (2004)

    Article  Google Scholar 

  10. Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: ACM Symposium on Operating Systems Principles, SOSP 1997 (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Middlesex University London, London, UK

    Florian Kammüller

Authors
  1. Florian Kammüller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Florian Kammüller .

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  2. University of Skövde , Skövde, Sweden

    Vicenç Torra

  3. University of Urbino , Urbino, Italy

    Alessandro Aldini

  4. IIT National Research Council CNR , Pisa, Italy

    Fabio Martinelli

  5. Technische Universität Darmstadt , Darmstadt, Germany

    Neeraj Suri

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Kammüller, F. (2016). Refactoring Preserves Security. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds) Data Privacy Management and Security Assurance. DPM QASA 2016 2016. Lecture Notes in Computer Science(), vol 9963. Springer, Cham. https://doi.org/10.1007/978-3-319-47072-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47072-6_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47071-9

  • Online ISBN: 978-3-319-47072-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation