Name
Abstract | ||
|---|---|---|
Security metrics have been proposed to assess the security of software applications based on the principles of "reduce attack surface" and "grant least privilege." While these metrics can help inform the developer in choosing designs that provide better security, they cannot on their own show exactly how to make an application more secure. Even if they could, the onerous task of updating the software to improve its security is left to the developer. In this paper we present an approach to automated improvement of software security based on search-based refactoring. We use the search-based refactoring platform, Code-Imp, to refactor the code in a fully-automated fashion. The fitness function used to guide the search is based on a number of software security metrics. The purpose is to improve the security of the software immediately prior to its release and deployment. To test the value of this approach we apply it to an industrial banking application that has a strong security dimension, namely Wife. The results show an average improvement of 27.5% in the metrics examined. A more detailed analysis reveals that 15.5% of metric improvement results in real improvement in program security, while the remaining 12% of metric improvement is attributable to hitherto undocumented weaknesses in the security metrics themselves. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1007/978-3-642-33119-0_10 | SSBSE |
Keywords | Field | DocType |
average improvement,software security metrics,security metrics,automated improvement,software security,search-based refactoring,better security,metric improvement result,strong security dimension,metric improvement,program security,improving software security,software engineering | Security testing,Software engineering,Application security,Computer security,Security engineering,Software security assurance,Computer science,Information security,Security bug,Security information and event management,Computer security model | Conference |
Citations | PageRank | References |
11 | 0.52 | 21 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Shadi Ghaith | 1 | 38 | 3.55 |
| Mel Ó Cinnéide | 2 | 481 | 27.36 |