An object-oriented programming language such as Java is often the developers choice for implementing such applications, primarily due to its quick development cycle, mature ecosystem, and rich community resources. With the feature-rich Java libraries, third party code, and open-source tools that are leveraged to speed up time to market, performance degradation and security can be one of the tradeoffs. Applications include code and libraries that are only partially used, and the exploitable attack surface is much larger than it needs to be. PJR is proposing JArtus, an automated software refactoring tool that allows the user to selectively remove unwanted features and/or functionality from a Java software product. JArtus will be a desktop software tool that leverages research and novel approaches to using code slicing, and soot frameworks to identify features, unused code, and libraries that can be removed from Java applications. Users will be able to select, or simply press an easy button to refactor the software, and produce a new, smaller, more efficient, more secure version of the original application. JArtus will provide feature and functionality testing, security scanning, and performance metrics for the app before and after the code reduction and refactoring process.
Benefit: The anticipated benefits of JArtus include cyber security and application performance. JArtus will provide increased protection against cyber security attackers using code injection techniques. JArtus removes and narrows attack surfaces while removing features and bloat. JArtus also provides a natural software diversity technique as code is simplified and modified to be more tightly aligned with the users requirements. The focus on programmer productivity and maximizing code reuse encourages complexity and bloat, which results in inefficient execution, e.g., layer upon layers of abstraction, libraries, frameworks, and Application Program Interfaces (APIs). These libraries, frameworks, and APIs are designed to be general purpose, which means that many features are not used and there is a large percentage of dead code. When applications are unnecessarily overly complex, they become more difficult to modify, troubleshoot, and formally verify, which increases the life cycle costs. Plus CPU cycles and memory are also wasted, causing applications to slow down unnecessarily, or increasing the cost of capacity needed to offset the performance degradation caused by the bloat and unnecessary features. JArtus will also improve the performance, reduce hardware platform (CPU and memory), and life cycle costs. The vulnerability scanning and automated feature and functionality testing will also reduce life cycle costs when validating future releases of the application.
Keywords: Performance, Performance, security, Java, JavaScript, Programming, Feature Reduction, cyber, software
