应用遗传算法进行软件重构提高用例模型的安全性

International Journal of Security and Its Applications Pub Date : 2020-03-31 DOI:10.33832/ijsia.2020.14.1.03

Haris Mumtaz, M. Alshayeb, S. Mahmood, M. Niazi

{"title":"应用遗传算法进行软件重构提高用例模型的安全性","authors":"Haris Mumtaz, M. Alshayeb, S. Mahmood, M. Niazi","doi":"10.33832/ijsia.2020.14.1.03","DOIUrl":null,"url":null,"abstract":"— Use case modelling is an industrial de-facto standard technique to express functional requirements. Security bad smells are design flaws that can potentially degrade the quality of software by affecting a system’s ability to prevent malicious activities. The presence of security bad smells in a use case model is likely to propagate security vulnerabilities to other software artefacts. Therefore, the detection and refactoring of security bad smells in use case models is important for ensuring the overall quality of software systems. In this paper, we propose a genetic algorithm-based detection approach to detect security bad smells. A refactoring process is then applied to correct the security bad smells. Finally, the improvement to security is assessed through the statistical analysis of quality metrics. The practicality of the approach is demonstrated by applying it to a set of use case models. The results show that the proposed security bad smell detection and correction technique can significantly improve the quality of use case models.","PeriodicalId":46187,"journal":{"name":"International Journal of Security and Its Applications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2020-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Improving the Security Quality of Use Case Models through the Application of Software Refactoring Using Genetic Algorithm\",\"authors\":\"Haris Mumtaz, M. Alshayeb, S. Mahmood, M. Niazi\",\"doi\":\"10.33832/ijsia.2020.14.1.03\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"— Use case modelling is an industrial de-facto standard technique to express functional requirements. Security bad smells are design flaws that can potentially degrade the quality of software by affecting a system’s ability to prevent malicious activities. The presence of security bad smells in a use case model is likely to propagate security vulnerabilities to other software artefacts. Therefore, the detection and refactoring of security bad smells in use case models is important for ensuring the overall quality of software systems. In this paper, we propose a genetic algorithm-based detection approach to detect security bad smells. A refactoring process is then applied to correct the security bad smells. Finally, the improvement to security is assessed through the statistical analysis of quality metrics. The practicality of the approach is demonstrated by applying it to a set of use case models. The results show that the proposed security bad smell detection and correction technique can significantly improve the quality of use case models.\",\"PeriodicalId\":46187,\"journal\":{\"name\":\"International Journal of Security and Its Applications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Security and Its Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.33832/ijsia.2020.14.1.03\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Security and Its Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33832/ijsia.2020.14.1.03","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

--用例建模是一种表达功能需求的工业事实上的标准技术。安全臭味是指设计缺陷，可能会影响系统防止恶意活动的能力，从而降低软件质量。用例模型中存在的安全臭味可能会将安全漏洞传播到其他软件制品中。因此，检测和重构用例模型中的安全不良气味对于确保软件系统的整体质量非常重要。本文提出了一种基于遗传算法的安全气味检测方法。然后应用重构过程来纠正安全方面的不良气味。最后，通过质量指标的统计分析来评估安全性的改进。通过将该方法应用于一组用例模型，证明了该方法的实用性。结果表明，所提出的安全臭味检测和校正技术可以显著提高用例模型的质量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improving the Security Quality of Use Case Models through the Application of Software Refactoring Using Genetic Algorithm

— Use case modelling is an industrial de-facto standard technique to express functional requirements. Security bad smells are design flaws that can potentially degrade the quality of software by affecting a system’s ability to prevent malicious activities. The presence of security bad smells in a use case model is likely to propagate security vulnerabilities to other software artefacts. Therefore, the detection and refactoring of security bad smells in use case models is important for ensuring the overall quality of software systems. In this paper, we propose a genetic algorithm-based detection approach to detect security bad smells. A refactoring process is then applied to correct the security bad smells. Finally, the improvement to security is assessed through the statistical analysis of quality metrics. The practicality of the approach is demonstrated by applying it to a set of use case models. The results show that the proposed security bad smell detection and correction technique can significantly improve the quality of use case models.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Security and Its Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-

自引率

0.00%

发文量

期刊介绍： IJSIA aims to facilitate and support research related to security technology and its applications. Our Journal provides a chance for academic and industry professionals to discuss recent progress in the area of security technology and its applications. Journal Topics: -Access Control -Ad Hoc & Sensor Network Security -Applied Cryptography -Authentication and Non-repudiation -Cryptographic Protocols -Denial of Service -E-Commerce Security -Identity and Trust Management -Information Hiding -Insider Threats and Countermeasures -Intrusion Detection & Prevention -Network & Wireless Security -Peer-to-Peer Security -Privacy and Anonymity -Secure installation, generation and operation -Security Analysis Methodologies -Security assurance -Security in Software Outsourcing -Security products or systems -Security technology -Systems and Data Security