Encapsulate Field Restructuring Arrays
3. DESIGN OF SECURITY CONCERN REFACTORINGS
We present several refactorings, which are considered applicable to be implemented in Java, in order to increase the security level of its source code.3.1. Encapsulate Field
One important requirement of secure code is data hiding. In the other word we can say that we have to avoid for making our data public [1]. The easiest way, although perhaps not secure enough, is by creating our data become private. This type of refactoring is included in 72 types of refactorings in [1]. Figure 1 shows codes before and after applying Encapsulate Field refactoring. An accessibility setting of a variable something was changed from public to private so that the value of the variable can not be directly read and written. Figure 1. Encapsulate Field refactoring3.2. Restructuring Arrays
In [4], Viega and Messier wrote that one way of anti-tampering effort is by restructuring arrays. Since arrays can describe the information in their structure, it will help the attacker for understanding our code. Restructuring arrays in order to protect our data structure from tampering can be done by changing the structures of our arrays. Indeed, arrays is a weak data structure if we compare with a collection in Java but still arrays are used by large number of Java programmers. Consequently, we would like to provide refactoring for restructuring arrays in Java as one feature to increase the security level of the code. Referring to [4], we could restructure our arrays in four ways: a. Splitting a one-dimensional array into multiple one-dimension arrays see Figure 2. b. Folding a one-dimensional array into multi- dimensional array see Figure 3. c. Merging two one-dimensional arrays into a single one-dimensional array see Figure 4. d. Flattening a multi-dimensional array into a one- dimensional array see Figure 5. Definitely, restructuring arrays should be done not only in the declaration of the arrays such as double[ ] data = new double [20] but also in the accessing methods of the arrays. Figure 2. Array Representation of Splitting Arrays refatoring Figure 3. Array Representation of Folding Arrays refatoring Figure 4. Array Representation of Merging Arrays refatoring before refactoring public String something; after refactoring private String something; public String getSomething { return something; } public void setSomethingString argument { something = argument; } before refactoring A1 A2 A3 A4 A5 A6 after refactoring A1 A3 A5 A2 A4 A6 before refactoring A1 A2 A3 A4 A5 A6 A7 A8 after refactoring A1 A4 A7 A2 A5 A8 A3 A6 before refactoring A1 A2 A3 A4 A5 A6 A7 B1 B2 B3 after refactoring A1 A2 B1 A3 A4 B2 A5 A6 B3 A7 A1 A2 Security Concern Refactoring – Putu Ashintya Widhiartha Katsuhisa Maruyama ISSN 1858-1633 2005 ICTS 97 Figure 5. Array Representation of Flattening Arrays refatoring.3.3. Generating Secure Random Number
Parts
» INTRODUCTION ICTS2005 The Proceeding
» Opening Fundamental Operations of Mathematical Morphology
» Morphological filter Filter theorem
» Granulometry and size distribution
» PGPC texture model and estimation of the optimal structuring element: The PGPC
» CONCLUSIONS ICTS2005 The Proceeding
» Non-ergodicity parameters RESULTS AND DISCUSSIONS 1 Partial structure factors and
» SIMULATIONS CONCLUSION ICTS2005 The Proceeding
» IMAGE RECONSTRUCTION SYSTEM DESIGN
» RESULT CONCLUSION ICTS2005 The Proceeding
» MULTI-RESOLUTION HISTOGRAM TECHNIQUE DATA
» VALIDATION STRATEGY RESULTS AND DISCUSSION
» CONCLUSION ICTS2005 The Proceeding
» INTRODUCTION DISTILATION COLUMN AND ARTIFICIAL NEURAL NETWORK
» Using Temperature Correlation Using Flow Rate Correlation
» INTRODUCTION DETECTION OF SINGLE TREE FELLING WITH SOFT
» Supervised Fuzzy c-means Method
» Neural Network classification METHOD 1. Datasets
» Neural Network Classification Results
» Comparison of Classification Results
» DISCUSSIONS ICTS2005 The Proceeding
» CONCLUSION ACKNOWLEDGEMENT ICTS2005 The Proceeding
» Caching Access List BANDWIDTH MANAGEMENT IMPLEMENTATION
» Rate Limiting BANDWIDTH MANAGEMENT IMPLEMENTATION
» BANDWIDTH MANAGEMENT CONCEPTS RESULT
» The Architecture of UML Elements Model Element
» Diagram Element Editing SYSTEM ARCHITECTURE
» Server Application Architecture Undo
» INTRODUCTION IMPLEMENTATION TESTING ICTS2005 The Proceeding
» INTRODUCTION E-PURSE ICTS2005 The Proceeding
» Interfaces Verification Tool POS – Smart Card
» MULTI AGENT SYSTEM MAS A WEIGHTED-TREE SIMILARITY ALGORITHMS
» RESULTS ICTS2005 The Proceeding
» Facial Animation Morphing and Deformation Cross Dissolve
» Feature Morphing Mesh Morphing Text-to-Speech TTS Basic Block
» Text-to-Video Algorithm Text-To-Video Stake And Desain
» Suggestion CONCLUSION AND SUGGESTION 1 Conclusion
» The Concept SHARE-IT SYSTEM ARCHITECTURE
» SHARING SCENARIO CONCLUSION ICTS2005 The Proceeding
» The Bayesian Network Model and Modified Bayesian Optimization
» Designs and Implementation SCHEDULING MODEL AND IMPLEMENTATION
» Comparison Proposed Schedule with Real Schedule
» Face-to-Face Technique Long Distance Technique
» Scenario to motivate. Context_Selection Applikasi.
» INTRODUCTION ARCHITECTURE. CONCLUSION. ICTS2005 The Proceeding
» SUGGESTION ICTS2005 The Proceeding
» Data Flow Database Structure
» EXPERIMENTAL RESULT ICTS2005 The Proceeding
» Investment Stock Prototyping System Design
» Database Model Stock Valuation
» INTRODUCTION METHODOLOGY ICTS2005 The Proceeding
» Buffer Overrun Cryptography Random Numbers
» Anti-Tampering Error Handling Injection Flaws
» Encapsulate Field Restructuring Arrays
» Generating Secure Random Number Storing Deleting Passwords
» Smart Serialization Message Digest
» Convert Message with Private Key to Public Key
» INTRODUCTION CURRENT STATUS ICTS2005 The Proceeding
» INTRODUCTION PROPOSED SIMULATION MODEL
» PARALLELIZATION STRATEGY ICTS2005 The Proceeding
» EXPERIMENTS AND DISCUSSION CONCLUSION
» INTRODUCTION RESULTS AND DISCUSSION
» EXPERIMENTAL ICTS2005 The Proceeding
» RESULT AND DISCUSSION ICTS2005 The Proceeding
» Color segmentation SYSTEM CONFIGURATION
» FEATURE CHARACTERISTICS AND GENERAL RULE
» EXPERIMENTAL RESULT CONCLUSION ICTS2005 The Proceeding
» INTRODUCTION REVIEW OF LITERATURE
» Social Economics Impact. Restructuring Impact
» Manager Application Mobile Agent Generator MAG Mobile Agents MAs
» SNMP Table Polling SNMP Table Filtering
» BREAST CARCINOMA TUMOR ICTS2005 The Proceeding
» WATERSHED ALGORITHM METHODS ICTS2005 The Proceeding
» RESULT AND DISCUSION ICTS2005 The Proceeding
» FADED INFORMATION FIELD ARCHITECTURE
» ALGORITHMS TO CHOOSE NODES TO CREATE THE FADED
» SYSTEM SIMULATIONS ICTS2005 The Proceeding
» Model and Teory MODEL, TEORY, DESIGN, IMPLEMENTATION AND
» INTRODUCTION ANALYSIS AND RESULT
» INTRODUCTION A SIMPLE MODEL OF THE QUEUING SYSTEM
» SIMULATION RESULTS DISCUSSION ICTS2005 The Proceeding
» CONCLUSION INTRODUCTION ICTS2005 The Proceeding
» Dialog Processing ADDING NONVERBAL BEHAVIOUR
» Emotion Expression Experiment ADDING NONVERBAL BEHAVIOUR
» NATURAL LANGUAGE PROCESSING EMOTION REASONING
» Fuzzy Logic Control FLC System Planning
» Digital To Analog Converter DAC Motor Driver Position Sensor Display Unit
» INTRODUCTION CONCLUSION ICTS2005 The Proceeding
» Variable-Centered Rule Structure VARIABLE-CENTERED INTELLIGENT RULE SYSTEM
» Knowledge Refinement VARIABLE-CENTERED INTELLIGENT RULE SYSTEM
» Knowledge Building VARIABLE-CENTERED INTELLIGENT RULE SYSTEM
» Knowledge Inferencing VARIABLE-CENTERED INTELLIGENT RULE SYSTEM
» INTRODUCTION BASIC CONCEPTS OF FUZZY SETS
» Calculation of the Fitness Degree
» ESTIMATING MULTIPLE NULL VALUES IN RELATIONAL
» Chen’s [6] Result This Improving Method’s Result
» The Fuzzy Set HISTOGRAM THRESHOLDING
» Fuzzy Set Similarity HISTOGRAM THRESHOLDING
» EXPERIMENTAL RESULTS ICTS2005 The Proceeding
Show more