T. Gandomani, Hamid Sichani, Behzad Soleimani Neysiani
{"title":"基于Mikado方法的软件代码膨胀和安全识别模型:重构实践","authors":"T. Gandomani, Hamid Sichani, Behzad Soleimani Neysiani","doi":"10.5455/jjee.204-1667422472","DOIUrl":null,"url":null,"abstract":"The term “code smell” or “bad smell” refers to a code that has been written incorrectly and reflects severe defects in software design. Some code smells cause, particularly, security vulnerabilities in software codes. Until now, identification of these codes is mainly done through software tools and not by process methods or models. Based on the Mikado methodology, this paper proposes a model that uses a syntax-metric parser engine to detect insecure software code bloats and security vulnerabilities. This model, named Touba, assesses and analyzes the discovered cases and provides an interactive method for code review and statistical analysis. Employing the proposed model in testing the Juliet Test Suites shows its outstanding performance in terms of the selected measures of precision, recall, and F-measure. The obtained results show that the proposed model has a better performance - compared to the existing tools - in terms of accuracy by 20.3%, recall by 16.76%, and F-measure by 18.61% on average. These results indicate the effectiveness of the proposed - security vulnerability identification - model as the main contribution of this investigation.","PeriodicalId":29729,"journal":{"name":"Jordan Journal of Electrical Engineering","volume":null,"pages":null},"PeriodicalIF":0.7000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Software Code Bloats and Security Identification Model Based on Mikado Methodology: a Refactoring Practice\",\"authors\":\"T. Gandomani, Hamid Sichani, Behzad Soleimani Neysiani\",\"doi\":\"10.5455/jjee.204-1667422472\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The term “code smell” or “bad smell” refers to a code that has been written incorrectly and reflects severe defects in software design. Some code smells cause, particularly, security vulnerabilities in software codes. Until now, identification of these codes is mainly done through software tools and not by process methods or models. Based on the Mikado methodology, this paper proposes a model that uses a syntax-metric parser engine to detect insecure software code bloats and security vulnerabilities. This model, named Touba, assesses and analyzes the discovered cases and provides an interactive method for code review and statistical analysis. Employing the proposed model in testing the Juliet Test Suites shows its outstanding performance in terms of the selected measures of precision, recall, and F-measure. The obtained results show that the proposed model has a better performance - compared to the existing tools - in terms of accuracy by 20.3%, recall by 16.76%, and F-measure by 18.61% on average. These results indicate the effectiveness of the proposed - security vulnerability identification - model as the main contribution of this investigation.\",\"PeriodicalId\":29729,\"journal\":{\"name\":\"Jordan Journal of Electrical Engineering\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.7000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Jordan Journal of Electrical Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5455/jjee.204-1667422472\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jordan Journal of Electrical Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5455/jjee.204-1667422472","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Software Code Bloats and Security Identification Model Based on Mikado Methodology: a Refactoring Practice
The term “code smell” or “bad smell” refers to a code that has been written incorrectly and reflects severe defects in software design. Some code smells cause, particularly, security vulnerabilities in software codes. Until now, identification of these codes is mainly done through software tools and not by process methods or models. Based on the Mikado methodology, this paper proposes a model that uses a syntax-metric parser engine to detect insecure software code bloats and security vulnerabilities. This model, named Touba, assesses and analyzes the discovered cases and provides an interactive method for code review and statistical analysis. Employing the proposed model in testing the Juliet Test Suites shows its outstanding performance in terms of the selected measures of precision, recall, and F-measure. The obtained results show that the proposed model has a better performance - compared to the existing tools - in terms of accuracy by 20.3%, recall by 16.76%, and F-measure by 18.61% on average. These results indicate the effectiveness of the proposed - security vulnerability identification - model as the main contribution of this investigation.