On Controlling the Attack Surface of Object-Oriented Refactorings
ISSN der Zeitschrift
Gesellschaft für Informatik e.V.
The results of this work have originally been published in. Refactorings constitute an effective means to improve quality and maintainability of evolving object-oriented programs. Search-based techniques have shown promising results in finding near-optimal sequences of behavior-preserving program transformations that (1) maximize code-quality metrics and (2) minimize the number of code changes. However, the impact of refactorings on non-functional properties like security has received little attention so far. To this end, we propose, as a further objective, to minimize the attack surface of object-oriented programs (i.e., to maximize strictness of declared accessibility of class members). Minimizing the attack surface naturally competes with applicability of established refactorings like MoveMethod, frequently used for improving code quality in terms of coupling/cohesion measures. Our tool implementation is based on an EMF meta-model for Java-like programs and utilizes MOMoT, a search-based model-transformation and optimization framework. Our experimental results gained from applying different accessibility-control strategies to a collection of real-world Java programs show the impact of attack surface minimization on design-improving refactorings. We further compare the results to those of existing refactoring tools.