Field Escape Analysis for Data Confidentiality in Java Components

Shi, Aiwu; Naumovich, Gleb

doi:10.1109/aspec.2007.24

Cited by 1 publication

(1 citation statement)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This severely hampers the convenience of Jsart. Currently, the tentative introduction of flow-sensitive alias analysis [19,28] and/or escape analysis [27,24] is been considering.…”

Section: Imprecision Of Analysismentioning

confidence: 99%

A security-aware refactoring tool for Java programs

Maruyama

Omori

2011

Proceedings of the 4th Workshop on Refactoring Tools

View full text Add to dashboard Cite

Refactoring is a useful practice in developing and maintaining software since it improves the design of existing code without changing its external behavior. Therefore, contemporary integrated development environments tend to include refactoring tools that support automatic transformations of source code. Unfortunately, some of the popular refactoring transformations make existing code vulnerable although they improve its maintainability. The existence of vulnerable code is still a serious issue for many software systems. This paper describes a tool with support for a new class of refactoring concerning software security, which is built as an Eclipse plug-in. It helps programmers to easily know the adverse impact of code changes on security vulnerabilities in the application of refactoring, and provides them with a chance to determine if they could accept or should cancel the applied refactoring. Consequently, they feel safe to improve the maintainability of existing code without missing security vulnerabilities newly inserted into the code. To evaluate the capability of this tool, we made an experiment with it. The experimental results show the usefulness of the tool and also reveal several remaining issues to be tackled.

show abstract

“…This severely hampers the convenience of Jsart. Currently, the tentative introduction of flow-sensitive alias analysis [19,28] and/or escape analysis [27,24] is been considering.…”

Section: Imprecision Of Analysismentioning

confidence: 99%

A security-aware refactoring tool for Java programs

Maruyama

Omori

2011

Proceedings of the 4th Workshop on Refactoring Tools

View full text Add to dashboard Cite

show abstract

Field Escape Analysis for Data Confidentiality in Java Components

Cited by 1 publication

References 13 publications

A security-aware refactoring tool for Java programs

A security-aware refactoring tool for Java programs

Contact Info

Product

Resources

About