{"updated":"2025-01-21T23:29:49.473537+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00070350","sets":["581:5994:6168"]},"path":["6168"],"owner":"11","recid":"70350","title":["脆弱性に関する影響の可能性を警告するリファクタリング"],"pubdate":{"attribute_name":"公開日","attribute_value":"2010-09-15"},"_buckets":{"deposit":"d1adf65b-c2f0-4a80-8c9a-57762a54cf13"},"_deposit":{"id":"70350","pid":{"type":"depid","value":"70350","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"脆弱性に関する影響の可能性を警告するリファクタリング","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"脆弱性に関する影響の可能性を警告するリファクタリング"},{"subitem_title":"Refactoring Alerting its Possible Impact on Code Vulnerabilities","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"特集：未来志向のソフトウェア工学","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2010-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学情報理工学部"},{"subitem_text_value":"立命館大学大学院理工学研究科／現在，富士通株式会社"},{"subitem_text_value":"立命館大学情報理工学部"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Department of Computer Science, Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Science and Engineering, Ritsumeikan University / Presently with Fujitsu Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Department of Computer Science, Ritsumeikan University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/70350/files/IPSJ-JNL5109028.pdf"},"date":[{"dateType":"Available","dateValue":"2012-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5109028.pdf","filesize":[{"value":"4.5 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"26240af2-b6d9-42b0-b8f5-8f0d6b07da8e","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2010 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"丸山, 勝久"},{"creatorName":"戸子田健祐"},{"creatorName":"大森, 隆行"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Katsuhisa, Maruyama","creatorNameLang":"en"},{"creatorName":"Kensuke, Tokoda","creatorNameLang":"en"},{"creatorName":"Takayuki, Omori","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"現実社会において，ソフトウェアに関するセキュリティの脆弱性は深刻な問題となってきている．特に，近年のソフトウェア開発において頻繁に適用されているリファクタリングには，たとえ既存ソフトウェアの保守性を向上させたとしても，その結果として既存コードに脆弱性を混入させているものが存在する．本論文では，プログラム内に現れるデータの機密レベルの変化を，そのアクセスレベルの高低で評価する基準を用いることで，既存コードの脆弱性に関する影響をつねに意識しながらソフトウェアの改変作業を行うSecurity-Aware Refactoringを提案する．さらに，その検出メカニズムと実装ツールを示す．このツールを用いることで，プログラマは，適用したリファクタリングをそのまま受け入れるか，あるいは取り消すかを容易に判断することができ，不慮の脆弱性の混入を防ぐことが期待できる．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Security is still a serious issue for many software systems. Even if software has the correct security features in its initial implementation, code modifications of several refactorings could make the software vulnerable. This paper organized some of them as security-aware refactoring. This new type of refactoring presents information useful for programmers to determine if they could accept or should cancel it, based on a criterion assessing the changes of accessibility of data stored in the target program. To demonstrate the feasibility of the proposed refactoring, we have developed a prototype of an automated tool detecting possible impact of an applied refactoring on code vulnerabilities regarding the accessibility criterion. The security-aware refactoring provides programmers with an environment in which they safely improve the maintainability of existing software without accidental disclosure of its confidential data.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1793","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1777","bibliographicIssueDates":{"bibliographicIssueDate":"2010-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"51"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-18T23:29:36.217904+00:00","id":70350,"links":{}}