Secure refactoring with Java information flow

Helke, Steffen and Kammueller, Florian and Probst, Christian (2016) Secure refactoring with Java information flow. In: 10th International Workshop on Data Privacy Management (DPM 2015), 21- 22 Sept 2015, Vienna, Austria.

Full text is not in this repository.

Abstract

Refactoring means that a program is changed without changing its behaviour from an observer’s point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov’s distributed information flow control model DLM and its Java implementation Jif, we explore this question practically on common patterns of Refactoring as known from Fowler. We first illustrate on an example the “Extract method” refac- toring and how it can endanger confidentiality. We then show how to construct a secure version of this major refactoring pattern by employing Jif to control information flows. Finally, we can show that security leaks as encountered at the outset are not possible anymore.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Paper published as a chapter in: Data Privacy Management, and Security Assurance, Volume 9481 of the series Lecture Notes in Computer Science pp 264-272
Research Areas: A. > School of Science and Technology > Computer Science
Item ID: 17514
Useful Links:
Depositing User: Florian Kammueller
Date Deposited: 11 Sep 2015 09:23
Last Modified: 13 Oct 2016 14:36
URI: http://eprints.mdx.ac.uk/id/eprint/17514

Actions (login required)

Edit Item Edit Item