Titulo Estágio
Software Security and Code Smells
Áreas de especialidade
Engenharia de Software
Engenharia de Software
Local do Estágio
DEI-FCTUC
Enquadramento
Building software without security vulnerabilities, despite the huge advances in software development processes, is still very difficult, if not impossible. A promising approach to deal with software security problems is to eliminate software flaws and bugs in the early phases of the software development, as the corrections are easier and less costly.
Software development and maintenance are continuous activities that have a never-ending cycle. While developers implement new functionalities or commit changes on a software system to fix bugs, they sometimes introduce “code smells”, which are early symptoms of poor design or implementation choices. It is consensual that code smells influence negatively the software quality, but can they be indicators of security problems in software? To answer to this question, we aim to perform an exploratory study on code smells and their relationship with security vulnerabilities.
Objetivo
The goal of this work is to identify correlations between code smells and security vulnerabilities in software systems. To do so, we need to find (or build if necessary) a dataset that includes reported security vulnerabilities for functions (or methods), classes, and files of several widely used and representative software projects (e.g. Android mobile applications). The selected student will need to: 1) select a representative list of code smell detecting tools (e.g., inFusion, JDeodorant, PMD, and JSpIRIT); 2) apply the selected tools to several versions of the above projects; 3) insert the detected code smells into the dataset; 4) perform correlation analysis on the identified code smells and the security vulnerabilities that exist in the code.
Plano de Trabalhos - Semestre 1
[Some tasks might overlap; M=Month]
T1 (M1-M2): Knowledge transfer and State of the art analysis (i.e., study the concepts behind code smells and security vulnerabilities).
T2 (M3): Preparing the dataset and all materials required for the work (including the code smell detecting tools and source code of the projects).
T3 (M4): Applying the code smell detecting tools to the source code of the project and inserting the detected code smells into the dataset.
T4 (M5): Writing the Intermediate Report.
Plano de Trabalhos - Semestre 2
[Some tasks might overlap; M=Month]
T5 (M6): Integration the intermediate defense comments in the work and report and plan the required experiments.
T6 (M7-M8): Performing the experiments and analysis over the code smells and security vulnerabilities.
T7 (M9): Analysis of the result and writing a paper for submission to a related international conference.
T8 (M10): Writing the thesis.
Condições
The selected student will be integrated in the Software and Systems Engineering (SSE) group of CISUC and the work will be carried out in the facilities of the Department of Informatics Engineering at the University of Coimbra (CISUC - Software and Systems Engineering Group), where a work place and necessary computer resources will be provided.
Observações
Please contact the advisors for any question or clarification needed. There is the possibility to offer a BIC scholarship to the student.
Duration of the scholarship: 3 months
Type of scholarship: Bolsa de Investigação para Licenciado(Renewable)
Value of the scholarship: 752,38€
Orientador
Naghmeh Ivaki, Nuno Antunes
naghmeh@dei.uc.pt 📩