Information and Communication Technology Seminar, Vol. 1 No. 1, August 2005 ISSN 1858-1633 2005 ICTS 94 SECURITY CONCERN REFACTORING Putu Ashintya Widhiartha 1 and Katsuhisa Maruyama 2 1 Graduate School of Science and Engineering, Ritsumeikan University 2 Department of Computer Science, Ritsumeikan University 1-1-1 Noji-higashi Kusatsu Shiga 525-8577, Japan widhifse.is.ritsumei.ac.jp and marucs.ritsumei.ac.jp ABSTRACT Computer security recently becomes a serious issue. However, it is still difficult to build secure software. This paper proposes a method of increasing security level of software in the coding phase by using software refactoring. Refactoring is the process of improving the internal structure of existing code without changing its external behavior. In this paper, seven refactorings concerning security and transformations toward their automation are presented. An automated security refactoring tool makes it easier to improve security level of existing software. Keywords : software development, refactoring, software restructuring, security, software design

1. INTRODUCTION

In the recent era when computers are connected each others, they become vulnerable to an attack. There are many reasons for the attackers to attack a system such as business competition, data manipulating, bandwidth stealing, or even just for their fun. On the contrary, for the developers an attack could cause serious issue especially for the large developer due to the reliability of their systems or software would be questionable by their customers. The best manner to avoid an attack to our software is to increase its security level. Certainly the security level of software depends on each phase of software development such as requirement analysis, design, coding, testing, and maintenance. Increasing security level of each phase will guide entire software to be more secure. This paper proposes a method of increasing security level of software in the coding phase by using software refactoring [1]. Refactoring is originally the process of changing a software system in such a way that it does not alter the external behavior of the code yet improves its internal structure. It is proper to be applied in design and coding phase of software development [2]. The contribution of this paper is to collect several code transformations with respect to security level improvement under the framework of refactoings and show the possibility of automating those transformations. An automated refactoring tool supporting such transformations makes existing code more secure without changing its observable behavior. Our proposed refactorings can improve security level of software while traditional refactoring aims at making existing software easier to understand or modify. We first describe traditional techniques on secure programming. Next we present the design of some security concern refactoings. Then we explain a refactoring tool that has been and will be developed. Finally, we conclude a summary.

2. SECURE PROGRAMMING

There are many ways to help programmer for increasing the security level of their code. In CC++ platform we could consider CryptoAPI as a reliable tool for protecting secret data. In Java we know the Java Authentication and Authorization Service JAAS for securely determine who has the authorization to execute a Java code. However, it will give more benefit to the developer if there are many alternatives for creating secure code and in this paper we propose an alternative way by using refactoring in Java platform. Since the numbers of the flaws to software are unlimited, it will be difficult to determine the most important factor in secure programming. However from several references such as [3] and [4] we try to determine the factors which are important to be applied in a source code for increasing its security level. Although some of the aspects has been tackled by existing tools now, but we will explain briefly about them.

2.1. Buffer Overrun

When the size of an array input is not verified, it is possible to write outside the allocated buffer. If such an action takes place in memory addresses higher than the buffer, it is called a buffer overrun [5]. By entering a hostile input, the attacker will read an address of the input character in the memory if buffer overrun happens. Consequently, the validation of input string is an important factor in order to avoid buffer overrun. Actually, this flaw is not a big issue in Java since Java has input validation tool, called a bytecode verifier. Security Concern Refactoring – Putu Ashintya Widhiartha Katsuhisa Maruyama ISSN 1858-1633 2005 ICTS 95

2.2. Cryptography

According to [4], strong cryptography is a critical piece of information security that can be applied at many levels from data storage to network communication. People always think that cryptography is important to protect data from attacking. However, people usually are not realizing that the misapplication of cryptography commonly leads to the security problem. The ability to protect and secure information is vital to the growth of internet especially electronic commerce. We can imagine a bank which is giving service to the customer via internet, absolutely the bank should provide a secure method for the customer for accessing their account. Thus, the bank will need a cryptography method which is able to protect data sending from and to its server. Mostly Java programmers write code at a higher level, dealing mostly with the APIs, in other word they have no strong connection with the principles and algorithm behind cryptographic. Although Java provides two APIs, JCA Java Cryptography Architecture and JCE Java Cryptography Extension, but still there are opportunities to improve the quality of code security by learn more about cryptography principles and implement it into our code.

2.3. Random Numbers

Random numbers is often required in order to provide a key in cryptography. Although random numbers seem as unimportant factor but it could guide to a problem in secure programming. Generating random numbers by using predictable manner will ease attackers to disturb our software. Thus we need to consider the secure method for generating random numbers.

2.4. Anti-Tampering