SBIR-STTR Award

An object-oriented programming language such as Java is often the developers choice for implementing such applications, primarily due to its quick development cycle, mature ecosystem, and rich community resources. With the feature-rich Java libraries, third party code, and open-source tools that are leveraged to speed up time to market, performance degradation and security can be one of the tradeoffs. Applications include code and libraries that are only partially used, and the exploitable attack surface is much larger than it needs to be. PJR is proposing JArtus, an automated software refactoring tool that allows the user to selectively remove unwanted features and/or functionality from a Java software product. JArtus will be a desktop software tool that leverages research and novel approaches to using code slicing, and soot frameworks to identify features, unused code, and libraries that can be removed from Java applications. Users will be able to select, or simply press an easy button to refactor the software, and produce a new, smaller, more efficient, more secure version of the original application. JArtus will provide feature and functionality testing, security scanning, and performance metrics for the app before and after the code reduction and refactoring process.

Benefit:
The anticipated benefits of JArtus include cyber security and application performance. JArtus will provide increased protection against cyber security attackers using code injection techniques. JArtus removes and narrows attack surfaces while removing features and bloat. JArtus also provides a natural software diversity technique as code is simplified and modified to be more tightly aligned with the users requirements. The focus on programmer productivity and maximizing code reuse encourages complexity and bloat, which results in inefficient execution, e.g., layer upon layers of abstraction, libraries, frameworks, and Application Program Interfaces (APIs). These libraries, frameworks, and APIs are designed to be general purpose, which means that many features are not used and there is a large percentage of dead code. When applications are unnecessarily overly complex, they become more difficult to modify, troubleshoot, and formally verify, which increases the life cycle costs. Plus CPU cycles and memory are also wasted, causing applications to slow down unnecessarily, or increasing the cost of capacity needed to offset the performance degradation caused by the bloat and unnecessary features. JArtus will also improve the performance, reduce hardware platform (CPU and memory), and life cycle costs. The vulnerability scanning and automated feature and functionality testing will also reduce life cycle costs when validating future releases of the application.

Keywords:
Performance, Performance, security, Java, JavaScript, Programming, Feature Reduction, cyber, software

An object-oriented programming language such as Java is often the developer's choice for implementing applications, primarily due to its mature ecosystem, rich community resources, and quick development cycle. Performance degradation and security can be one of the tradeoffs for feature-rich Java libraries, third party code, and open-source tools that are leveraged to speed up time to market. Applications contain only partially used code and libraries, causing the exploitable attack surface to be larger than it needs to be. PJR is proposing Artus Java, an automated software refactoring tool that allows the user to selectively remove unwanted features and/or functionality for a Java software product. Artus Java will be a desktop software tool that leverages research and novel approaches to using call graphics, dependency mapping, and code slicing to identify features, unused code, and libraries that can be removed from Java applications. It will also provide feature and functionality testing, security scanning, and performance metrics for the application before and after the code reduction and refactoring process.

Benefit:
Anticipated benefits of Artus Java include application performance and cyber security. Artus Java will use static analysis techniques to provide increased security against cyber attacks. It removes and narrows attack surfaces by removing features and bloat. Artus Java provides a natural software diversity technique as code is simplified and modified to be more tightly aligned with the user's requirements. The focus on programmer productivity and maximizing code reuse encourages complexity and bloat, which results in inefficient execution, e.g., layer upon layer of abstraction, libraries, frameworks, and Application Program Interfaces (API's). Because these libraries, frameworks, and API's are designed to be general purpose, there are many features that are not used, as well as a large percentage of dead code. When applications are unnecessarily overly complex, they become more difficult to modify, troubleshoot, and formally verify. This increases the life cycle cost. In addition, CPU cycles and memory are wasted, causing applications to slow down, increasing the cost of capacity needed to offset the performance degradation that was caused by bloat and unnecessary features. Artus Java will improve performance, while reducing hardware platform (CPU and memory) and life cycle costs.

Keywords:
security, JavaScript, cyber, Feature Reduction, software, Performance, Java