Abstract
Context: Code bad smells indicate design flaws that can degrade the quality of software and can potentially lead to the introduction of faults. They can be eradicated by applying refactoring techniques. Code bad smells that impact the security perspective of software should be detected and removed from their code base. However, the existing literature is insufficient to support this claim and there are few studies that empirically investigate bad smells and refactoring opportunities from a security perspective. Objective: In this paper, we investigate how refactoring can improve the security of an application by removing code bad smell. Method: We analyzed three different code bad smells in five software systems. First, the identified code bad smells are filtered against security attributes. Next, the object-oriented design and security metrics are calculated for the five investigated systems. Later, refactoring is applied to remove security-related code bad smells. The correctness of detection and refactoring of investigated code smells are then validated. Finally, both traditional object-oriented and security metrics are again calculated after removing bad smells to assess its impact on the design and security attributes of systems. Results: We found ‘feature envy’ to be the most abundant security bad smell in investigated projects. The ‘move method’ and ‘move field’ are commonly applied refactoring techniques because of the abundance of feature envy. Conclusion: The results of security metrics indicate that refactoring helps improve the security of an application without compromising the overall quality of software systems.
Original language | English |
---|---|
Pages (from-to) | 112-125 |
Number of pages | 14 |
Journal | Information and Software Technology |
Volume | 96 |
DOIs | |
State | Published - Apr 2018 |
Bibliographical note
Publisher Copyright:© 2017 Elsevier B.V.
Keywords
- Code bad smells
- Empirical study
- Refactoring
- Secured software
ASJC Scopus subject areas
- Software
- Information Systems
- Computer Science Applications