scholarly journals Exploring the Connection between Design Smells and Security Vulnerabilities

2020 ◽  
Vol 9 (8) ◽  
pp. 449-452
Keyword(s):  
Software Quality ◽  
Software Design ◽  
Source Code ◽  
Security Issue ◽  
Security Vulnerabilities ◽  
Design Problems ◽  
Security Issues ◽  
Design Smells ◽  
Code Quality ◽  
Open Source Systems

Software quality aims at having quality as part of all aspects of the developed software. Design smells are considered enemies of the software source code quality. There are verities of design problems with different terminologies. Researchers and practitioners accept it as true that whenever there is a design smell, there is a security issue or concern. In this work, we want to explore the connection between design smells and security vulnerabilities. This work provides experimental evidence about this connection. We conducted an empirical study to explore the connection between design smells and security issues by evaluating four C# open-source systems. We found interesting results that show classes with design smells have more chances of having security issues.

scholarly journals On the Impact of Bad Smell Agglomerations on Software Quality

2019 ◽  
Author(s):  
Amanda Damasceno Santana ◽  
Eduardo Figueiredo
Keyword(s):  
Data Mining ◽  
Correlation Analysis ◽  
Software Quality ◽  
Source Code ◽  
System Quality ◽  
Large Dataset ◽  
External Behavior ◽  
Code Quality ◽  
The Impact ◽  
Open Source Systems

When a system evolution is not planned, developers can take decisions that degrade the system quality. To cope with this problem, refactoring can be applied to the source code aiming to increase code quality without modifying the software external behavior. To know when to refactor, the concept of bad smells can be used. Bad smells are snippets of source code that suggest the need of refactoring. However, bad smells does not always appear isolated. The aim of this study is to understand the impact of bad smell agglomerations on the software quality by evaluating a large dataset of open source systems. To achieve our goal, we plan to use data mining techniques complemented with correlation analysis of the dataset.

Why Do Developers Reject Refactorings in Open-Source Projects?

2022 ◽  
Vol 31 (2) ◽  
pp. 1-23
Author(s):  
Jevgenija Pantiuchina ◽  
Bin Lin ◽  
Fiorella Zampetti ◽  
Massimiliano Di Penta ◽  
Michele Lanza ◽  
...  
Keyword(s):  
Open Source ◽  
Software Quality ◽  
Good Practice ◽  
Source Code ◽  
Code Review ◽  
Code Quality ◽  
Shed Light

Refactoring operations are behavior-preserving changes aimed at improving source code quality. While refactoring is largely considered a good practice, refactoring proposals in pull requests are often rejected after the code review. Understanding the reasons behind the rejection of refactoring contributions can shed light on how such contributions can be improved, essentially benefiting software quality. This article reports a study in which we manually coded rejection reasons inferred from 330 refactoring-related pull requests from 207 open-source Java projects. We surveyed 267 developers to assess their perceived prevalence of these identified rejection reasons, further complementing the reasons. Our study resulted in a comprehensive taxonomy consisting of 26 refactoring-related rejection reasons and 21 process-related rejection reasons. The taxonomy, accompanied with representative examples and highlighted implications, provides developers with valuable insights on how to ponder and polish their refactoring contributions, and indicates a number of directions researchers can pursue toward better refactoring recommenders.

Research on Java Source Code Static Analysis Based on Taint Tracking

2014 ◽  
Vol 602-605 ◽  
pp. 3846-3849 ◽  
Author(s):  
Li Fang Han ◽  
Ting Ting Hou ◽  
Kun Lun Gao ◽  
Nan Liu ◽  
Bao Jiang Cui
Keyword(s):  
Source Code ◽  
Test Results ◽  
Analysis Method ◽  
Security Issue ◽  
Security Vulnerabilities ◽  
Sql Injection ◽  
Code Analysis ◽  
User Input ◽  
Taint Tracking ◽  
Input Validation

Java applications have proliferated rapidly in recent years, and the security issue in the source code seems to bring a great threat which cannot be ignored. SQL injection and cross-site scripting vulnerabilities, path traversal, and so on are common Java security vulnerabilities. These vulnerabilities are usually caused by improper handling of user input and we call them input validation vulnerabilities [1].In this paper, we propose a Java source code analysis method based on the taint tracking. By means of vulnerability pattern match, we keep track of the introduction of tainted data and its propagation in different contexts, leading to comprehensive and accurate test results. Actually, we have applied this method to some of the open-source Java projects. Compared to other similar software, our technique presents good feasibility and superiority.

scholarly journals ARMPatch: A Binary Patching Framework for ARM-based IoT Devices

2021 ◽  
Author(s):  
Mingyi Huang ◽  
Chengyu  Song
Keyword(s):  
Internet Of Things ◽  
Source Code ◽  
Cyber Attacks ◽  
Security Issue ◽  
Security Vulnerabilities ◽  
Internet Technologies ◽  
Future Challenges ◽  
Long Time ◽  
Iot Devices ◽  
Closed Source

With the rapid advancement of hardware and internet technologies, we are surrounded by more and more Internet of Things (IoT) devices. Despite the convenience and boosted productivity that these devices have brought to our lives and industries, new security implications have arisen. IoT devices bring many new attack vectors, causing an increment of cyber-attacks that target these systems in the recent years. However, security vulnerabilities on numerous devices are often not fixed. This may due to providers not being informed in time, they have stopped maintaining these models, or they simply no longer exist. Even if an official fix for a security issue is finally released, it usually takes a long time. This gives hackers time to exploit vulnerabilities extensively, which in many cases requires customers to disconnect vulnerable devices, leading to outages. As the software is usually closed source, it is also unlikely that the community will review and modify the source code themselves and provide updates. In this study, we present ARMPatch, a flexible static binary patching framework for ARM-based IoT devices, with a focus on security fixes. After identified the unique challenges of performing binary patching on ARM platforms, we have provided novel features by replacing, modifying, and adding code to already compiled programs. Then, the viability and usefulness of our solution has been verified through demos and final programs on real devices. Finally, we have discussed the current limitations of our approach and future challenges.

Modeling Design Patterns for Semi-Automatic Reuse in System Design

2010 ◽  
Vol 21 (1) ◽  
pp. 29-57 ◽  
Author(s):  
Galia Shlezinger ◽  
Iris Reinhartz-Berger ◽  
Dov Dori
Keyword(s):  
Software Quality ◽  
Software Design ◽  
Design Pattern ◽  
Design Patterns ◽  
Object Oriented ◽  
Design Problems ◽  
Suggested Approach ◽  
Analysis And Design ◽  
Correct Usage

Design patterns provide reusable solutions for recurring design problems. They constitute an important tool for improving software quality. However, correct usage of design patterns depends to a large extent on the designer. Design patterns often include models that describe the suggested solutions, while other aspects of the patterns are neglected or described informally only in text. Furthermore, design pattern solutions are usually described in an object-oriented fashion that is too close to the implementation, masking the essence of and motivation behind a particular design pattern. We suggest an approach to modeling the different aspects of design patterns and semi-automatically utilizing these models to improve software design. Evaluating our approach on commonly used design patterns and a case study of an automatic application for composing, taking, checking, and grading analysis and design exams, we found that the suggested approach successfully locates the main design problems modeled by the selected design patterns.

An Economical Methodology to Rhetorical Identifications in Cloud Victimization Virtual Machine Snapshots

2020 ◽  
pp. 395-409
Author(s):  
Neeraj Bhargava ◽  
Srinivas Kumar Palvadi ◽  
Abhishek Kumar ◽  
Pramod Singh Rathore
Keyword(s):  
Cloud Computing ◽  
Distributed Computing ◽  
Data Storage ◽  
Distributed Environment ◽  
Security Issue ◽  
Security Vulnerabilities ◽  
Cloud Data ◽  
Security Issues ◽  
Effective Manner ◽  
Cloud Data Storage

Distributed computing is a rising innovation that is in effect generally embraced all through the world because of its usability. Associations of various types can utilize it without pre-requirements, for example, IT infra-structure, specialized abilities, administrative over-burden, stockpiling limit, preparing force, and information recuperation or protection setup. It can be profited by all customers according to their requirements, desires and spending plan. In any case, distributed computing present's new sorts of security vulnerabilities that should be promotion dressed. Customary “PC forensics” manages location, acquisition and counteractive action of IT activated fakes and violations, however, it does not have the capacity to manage cybercrimes relating to distributed computing condition. In this article, the authors concentrate on legal sciences issues in distributed computing, survey restrictions of criminological group and present the hindrances looked amid evaluation. As the basis of the cloud computing and the implementation in the cloud environment is a great task to protect the user information without causing any security issue and the consistency in the data must be provided by the service provider. Distributed systems or the operations in the distributed environment will increase the usability of the resources as well as the capability of the data transmission and provide the information required in an effective manner without interrupting the security issues. But even though the clients from the different parts of the globe are focusing on the gaps in security in the Cloud computing and distributed environment. Here we are focusing on the business model that will increase the revenue of the firms which are concentrating on implementing the cloud computing and the distributed environment in their respective areas. Forensics in the customer management in the distributed environment will give the complete picture on the digital marketing, standards of data distribution and the security. In this article we focus on the security implementation and the raise of utilization of the distributed environments and the cloud data storage capabilities. This will more focus on the data security.

An Economical Methodology to Rhetorical Identifications in Cloud Victimization Virtual Machine Snapshots

2019 ◽  
Vol 9 (1) ◽  
pp. 36-49
Author(s):  
Neeraj Bhargava ◽  
Srinivas Kumar Palvadi ◽  
Abhishek Kumar ◽  
Pramod Singh Rathore
Keyword(s):  
Cloud Computing ◽  
Distributed Computing ◽  
Data Storage ◽  
Distributed Environment ◽  
Security Issue ◽  
Security Vulnerabilities ◽  
Cloud Data ◽  
Security Issues ◽  
Effective Manner ◽  
Cloud Data Storage

Distributed computing is a rising innovation that is in effect generally embraced all through the world because of its usability. Associations of various types can utilize it without pre-requirements, for example, IT infra-structure, specialized abilities, administrative over-burden, stockpiling limit, preparing force, and information recuperation or protection setup. It can be profited by all customers according to their requirements, desires and spending plan. In any case, distributed computing present's new sorts of security vulnerabilities that should be promotion dressed. Customary “PC forensics” manages location, acquisition and counteractive action of IT activated fakes and violations, however, it does not have the capacity to manage cybercrimes relating to distributed computing condition. In this article, the authors concentrate on legal sciences issues in distributed computing, survey restrictions of criminological group and present the hindrances looked amid evaluation. As the basis of the cloud computing and the implementation in the cloud environment is a great task to protect the user information without causing any security issue and the consistency in the data must be provided by the service provider. Distributed systems or the operations in the distributed environment will increase the usability of the resources as well as the capability of the data transmission and provide the information required in an effective manner without interrupting the security issues. But even though the clients from the different parts of the globe are focusing on the gaps in security in the Cloud computing and distributed environment. Here we are focusing on the business model that will increase the revenue of the firms which are concentrating on implementing the cloud computing and the distributed environment in their respective areas. Forensics in the customer management in the distributed environment will give the complete picture on the digital marketing, standards of data distribution and the security. In this article we focus on the security implementation and the raise of utilization of the distributed environments and the cloud data storage capabilities. This will more focus on the data security.

Impact of Clone Refactoring on External Quality Attributes of Open Source Softwares

2018 ◽  
pp. 86-94
Author(s):  
Himanshi Vashisht ◽  
Sanjay Bharadwaj ◽  
Sushma Sharma
Keyword(s):  
Open Source ◽  
Internal Structure ◽  
Software Quality ◽  
Source Code ◽  
Quality Attributes ◽  
Software Component ◽  
External Quality ◽  
Code Refactoring ◽  
Observable Behaviour

Code refactoring is a “Process of restructuring an existing source code.”. It also helps in improving the internal structure of the code without really affecting its external behaviour”. It changes a source code in such a way that it does not alter the external behaviour yet still it improves its internal structure. It is a way to clean up code that minimizes the chances of introducing bugs. Refactoring is a change made to the internal structure of a software component to make it easier to understand and cheaper to modify, without changing the observable behaviour of that software component. Bad smells indicate that there is something wrong in the code that have to refactor. There are different tools that are available to identify and emove these bad smells. A software has two types of quality attributes- Internal and external. In this paper we will study the effect of clone refactoring on software quality attributes.

Sign in / Sign up

Export Citation Format

Share Document