2012 | OriginalPaper | Buchkapitel
Improving Software Security Using Search-Based Refactoring
verfasst von : Shadi Ghaith, Mel Ó Cinnéide
Erschienen in: Search Based Software Engineering
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Security metrics have been proposed to assess the security of software applications based on the principles of “reduce attack surface” and “grant least privilege.” While these metrics can help inform the developer in choosing designs that provide better security, they cannot on their own show exactly how to make an application more secure. Even if they could, the onerous task of updating the software to improve its security is left to the developer. In this paper we present an approach to
automated
improvement of software security based on search-based refactoring. We use the search-based refactoring platform, Code-Imp, to refactor the code in a fully-automated fashion. The fitness function used to guide the search is based on a number of software security metrics. The purpose is to improve the security of the software immediately prior to its release and deployment. To test the value of this approach we apply it to an industrial banking application that has a strong security dimension, namely
Wife
. The results show an average improvement of 27.5% in the metrics examined. A more detailed analysis reveals that 15.5% of metric improvement results in real improvement in program security, while the remaining 12% of metric improvement is attributable to hitherto undocumented weaknesses in the security metrics themselves.