Information and Communication Technology Seminar, Vol. 1 No. 1, August 2005
ISSN 1858-1633 2005 ICTS 94
SECURITY CONCERN REFACTORING
Putu Ashintya Widhiartha
1
and Katsuhisa Maruyama
2 1
Graduate School of Science and Engineering, Ritsumeikan University
2
Department of Computer Science, Ritsumeikan University 1-1-1 Noji-higashi Kusatsu
Shiga 525-8577, Japan widhifse.is.ritsumei.ac.jp and marucs.ritsumei.ac.jp
ABSTRACT
Computer security recently becomes a serious issue. However, it is still difficult to build secure
software. This paper proposes a method of increasing security level of software in the coding phase by using
software refactoring. Refactoring is the process of improving the internal structure of existing code
without changing its external behavior. In this paper, seven refactorings concerning security and
transformations toward their automation are presented. An automated security refactoring tool makes it easier
to improve security level of existing software. Keywords : software development, refactoring,
software restructuring, security, software design
1. INTRODUCTION
In the recent era when computers are connected each others, they become vulnerable to an attack.
There are many reasons for the attackers to attack a system such as business competition, data
manipulating, bandwidth stealing, or even just for their fun. On the contrary, for the developers an attack
could cause serious issue especially for the large developer due to the reliability of their systems or
software would be questionable by their customers.
The best manner to avoid an attack to our software is to increase its security level. Certainly the security
level of software depends on each phase of software development such as requirement analysis, design,
coding, testing, and maintenance. Increasing security level of each phase will guide entire software to be
more secure.
This paper proposes a method of increasing security level of software in the coding phase by using
software refactoring [1]. Refactoring is originally the process of changing a software system in such a way
that it does not alter the external behavior of the code yet improves its internal structure. It is proper to be
applied in design and coding phase of software development [2]. The contribution of this paper is to
collect several code transformations with respect to security level improvement under the framework of
refactoings and show the possibility of automating those transformations. An automated refactoring tool
supporting such transformations makes existing code more secure without changing its observable behavior.
Our proposed refactorings can improve security level of software while traditional refactoring aims at
making existing software easier to understand or modify.
We first describe traditional techniques on secure programming. Next we present the design of some
security concern refactoings. Then we explain a refactoring tool that has been and will be developed.
Finally, we conclude a summary.
2. SECURE PROGRAMMING
There are many ways to help programmer for increasing the security level of their code. In CC++
platform we could consider CryptoAPI as a reliable tool for protecting secret data. In Java we know the
Java Authentication and Authorization Service JAAS for securely determine who has the
authorization to execute a Java code. However, it will give more benefit to the developer if there are many
alternatives for creating secure code and in this paper we propose an alternative way by using refactoring in
Java platform.
Since the numbers of the flaws to software are unlimited, it will be difficult to determine the most
important factor in secure programming. However from several references such as [3] and [4] we try to
determine the factors which are important to be applied in a source code for increasing its security
level. Although some of the aspects has been tackled by existing tools now, but we will explain briefly
about them.
2.1. Buffer Overrun
When the size of an array input is not verified, it is possible to write outside the allocated buffer. If such
an action takes place in memory addresses higher than the buffer, it is called a buffer overrun [5]. By entering
a hostile input, the attacker will read an address of the input character in the memory if buffer overrun
happens. Consequently, the validation of input string is an important factor in order to avoid buffer overrun.
Actually, this flaw is not a big issue in Java since Java has input validation tool, called a bytecode verifier.
Security Concern Refactoring – Putu Ashintya Widhiartha Katsuhisa Maruyama
ISSN 1858-1633 2005 ICTS 95
2.2. Cryptography
According to [4], strong cryptography is a critical piece of information security that can be applied at
many levels from data storage to network communication. People always think that
cryptography is important to protect data from attacking. However, people usually are not realizing
that the misapplication of cryptography commonly leads to the security problem.
The ability to protect and secure information is vital to the growth of internet especially electronic
commerce. We can imagine a bank which is giving service to the customer via internet, absolutely the
bank should provide a secure method for the customer for accessing their account. Thus, the bank will need a
cryptography method which is able to protect data sending from and to its server.
Mostly Java programmers write code at a higher level, dealing mostly with the APIs, in other word they
have no strong connection with the principles and algorithm behind cryptographic. Although Java
provides two APIs, JCA Java Cryptography Architecture and JCE Java Cryptography Extension,
but still there are opportunities to improve the quality of code security by learn more about cryptography
principles and implement it into our code.
2.3. Random Numbers
Random numbers is often required in order to provide a key in cryptography. Although random
numbers seem as unimportant factor but it could guide to a problem in secure programming. Generating
random numbers by using predictable manner will ease attackers to disturb our software. Thus we need to
consider the secure method for generating random numbers.
2.4. Anti-Tampering