Secure refactoring with Java information flow

Helke, Steffen, Kammueller, Florian ORCID: https://orcid.org/0000-0001-5839-5488 and Probst, Christian (2016) Secure refactoring with Java information flow. Data Privacy Management, and Security Assurance: 10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015, Vienna, Austria, September 21-22, 2015. Revised Selected Papers. In: 10th International Workshop on Data Privacy Management (DPM 2015), 21- 22 Sept 2015, Vienna, Austria. ISBN 9783319298832. ISSN 0302-9743 [Conference or Workshop Item] (doi:10.1007/978-3-319-29883-2_19)

Abstract

Refactoring means that a program is changed without changing its behaviour from an observer’s point of view. Does the change of behaviour also imply that the security of the program is not affected by the changes? Using Myers and Liskov’s distributed information flow control model DLM and its Java implementation Jif, we explore this question practically on common patterns of Refactoring as known from Fowler. We first illustrate on an example the “Extract method” refac- toring and how it can endanger confidentiality. We then show how to construct a secure version of this major refactoring pattern by employing Jif to control information flows. Finally, we can show that security leaks as encountered at the outset are not possible anymore.

Actions (login required)

View Item

Statistics

DownloadsShow export options

Export as CSVXMLJSON

Activity Overview

6 month trend

0Downloads

6 month trend

477Hits

Additional statistics are available via IRStats2.