Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
Refactoring object-oriented frameworks
Refactoring object-oriented frameworks
A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Refactoring: improving the design of existing code
Refactoring: improving the design of existing code
Compositional pointer and escape analysis for Java programs
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Alias Analysis for Java with Reference-Set Representation
ICPADS '01 Proceedings of the Eighth International Conference on Parallel and Distributed Systems
A Survey of Software Refactoring
IEEE Transactions on Software Engineering
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Computer Security 2e
Design and Implementation of an Extensible and Modifiable Refactoring Tool
IWPC '05 Proceedings of the 13th International Workshop on Program Comprehension
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
JAAT: Java Alias Analysis Tool for Program Maintenance Activities
ISORC '06 Proceedings of the Ninth IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing
Field Escape Analysis for Data Confidentiality in Java Components
APSEC '07 Proceedings of the 14th Asia-Pacific Software Engineering Conference
End-to-End Enforcement of Erasure and Declassification
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Security-Aware Refactoring Alerting its Impact on Code Vulnerabilities
APSEC '08 Proceedings of the 2008 15th Asia-Pacific Software Engineering Conference
Data Flow Analysis: Theory and Practice
Data Flow Analysis: Theory and Practice
From Public to Private to Absent: Refactoring Java Programs under Constrained Accessibility
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
SPAPE: A semantic-preserving amorphous procedure extraction method for near-miss clones
Journal of Systems and Software
| Hi-index | 0.00 |
Refactoring is a useful practice in developing and maintaining software since it improves the design of existing code without changing its external behavior. Therefore, contemporary integrated development environments tend to include refactoring tools that support automatic transformations of source code. Unfortunately, some of the popular refactoring transformations make existing code vulnerable although they improve its maintainability. The existence of vulnerable code is still a serious issue for many software systems. This paper describes a tool with support for a new class of refactoring concerning software security, which is built as an Eclipse plug-in. It helps programmers to easily know the adverse impact of code changes on security vulnerabilities in the application of refactoring, and provides them with a chance to determine if they could accept or should cancel the applied refactoring. Consequently, they feel safe to improve the maintainability of existing code without missing security vulnerabilities newly inserted into the code. To evaluate the capability of this tool, we made an experiment with it. The experimental results show the usefulness of the tool and also reveal several remaining issues to be tackled.