| Autor: |
Abid, Chaima, Kessentini, Marouane, Alizadeh, Vahid, Dhaouadi, Mouna, Kazman, Rick |
| Zdroj: |
IEEE Transactions on Software Engineering; 2022, Vol. 48 Issue: 3 p864-878, 15p |
| Abstrakt: |
While state of the art of software refactoring research uses various quality attributes to identify refactoring opportunities and evaluate refactoring recommendations, the impact of refactoring on the security of software systems when improving other quality objectives is under-explored. It is critical to understand how a system is resistant to security risks after refactoring to improve quality metrics. For instance, refactoring is widely used to improve the reusability of code, however such an improvement may increase the attack surface due to the created abstractions. Increasing the spread of security-critical classes in the design to improve modularity may result in reducing the resilience of software systems to attacks. In this paper, we investigated the possible impact of improving different quality attributes (e.g., reusability, extendibility, etc.), from the QMOOD model, effectiveness on a set of 8 security metrics defined in the literature related to the data access. We also studied the impact of different refactorings on these static security metrics. Then, we proposed a multi-objective refactoring recommendation approach to find a balance between quality attributes and security based on the correlation results to guide the search. We evaluated our tool on 30 open source projects. We also collected the practitioner perceptions on the refactorings recommended by our tool in terms of the possible impact on both security and other quality attributes. Our results confirm that developers need to make trade-offs between security and other qualities when refactoring software systems due to the negative correlations between them. |
| Databáze: |
Supplemental Index |
| Externí odkaz: |
|
