Refactoring Codes to Improve Software Security Requirements

Abstract

Refactoring is one of the most widely used techniques in practice to improve the quality of software, such as maintainability, testability, and understandability. However, there is a lack of studies investigating the effect of refactoring on security. The effect of refactoring on security is poorly understood and understudied. A limited number of studies provide the categorization of refactoring techniques based on their effect on quality attributes to assist developers in achieving their design objectives by selecting the most beneficial techniques and applying them at the right places with respect to specific software quality attributes. However, security was not considered in these studies. Therefore, this study aims to investigate the effect of refactoring techniques on security in terms of information hiding. The aforementioned objectives were achieved by conducting several steps starting with selecting suitable refactoring techniques, selecting five case studies, selecting security metrics, applying the refactoring techniques, and conducting multi-case analysis. Then, the chosen refactoring techniques were categorized based on their effect on security. The results of this study identify and analyze the effect of the refactoring techniques on security metrics and then propose a categorization of the refactoring techniques based on their effect on security metrics. The finding will help the developers select appropriate refactoring techniques to improve existing software security.