Improve the Security of UML Class Diagrams Through the Application of Model Refactoring

Security is an important software quality attribute that reflects the ability of a system to prevent malicious actions and loss of information. Model bad smells may have negative impact on software quality. There are a few studies that investigated security bad smells and the application of model refactoring for improving the security of software applications. The objective of this research is to investigate how model refactoring can be applied on Unified Modeling Language (UML) class diagrams to remove security bad smells and improve the structural design of an application. We use a genetic algorithm-based detection technique to find security model bad smells in a class diagram. Next, refactoring is applied to remove security-related model bad smells. Finally, the improvement to security is assessed through the statistical analysis of quality metrics. The empirical validations of our approaches are performed using multiple open source projects. The results show significant detection recall and correction efficacy in terms of detecting and removing the security bad smells, respectively. The statistical analyses of quality metrics allow us to conclude there is a significant improvement in security quality of the investigated class diagrams as a result of refactoring.