Auflistung nach Autor:in "Arp, Benjamin"
1 - 6 von 6
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAnalyzing Cyclic Data Flow Diagrams Regarding Information Security(Softwaretechnik-Trends Band 44, Heft 4, 2024) Arp, Benjamin; Niehues, Nils; Hüller, Tom; Schwickerath, Felix; Boltz, Nicolas; Hahner, SebastianData flow diagrams are commonly used in system design to represent data processing and exchange. They are valuable in security analysis due to their applicability in assessing information security-related properties like confidentiality. However, many existing tools for data flow analysis are limited by the assumption that data flows form acyclic graphs, which inhibits the analysis of cyclic data flows, common in real-world software systems. This paper addresses this gap by implementing a novel method to resolve cycles in data flow diagrams while preserving their semantics regarding information security. We validate our method, ensuring it is accurate, lucid and preserves information security-related behavior.
- KonferenzbeitragAnalyzing Cyclic Data Flow Diagrams Regarding Information Security(Softwaretechnik-Trends Band 44, Heft 4, 2024) Arp, Benjamin; Niehues, Nils; Hüller, Tom; Schwickerath, Felix; Boltz, Nicolas; Hahner, SebastianData flow diagrams are commonly used in system design to represent data processing and exchange. They are valuable in security analysis due to their applicability in assessing information security-related properties like confidentiality. However, many existing tools for data flow analysis are limited by the assumption that data flows form acyclic graphs, which inhibits the analysis of cyclic data flows, common in real-world software systems. This paper addresses this gap by implementing a novel method to resolve cycles in data flow diagrams while preserving their semantics regarding information security. We validate our method, ensuring it is accurate, lucid and preserves information security-related behavior.
- KonferenzbeitragIntegrating Security-Enriched Data Flow Diagrams Into Architecture-Based Confidentiality Analysis(Softwaretechnik-Trends Band 44, Heft 4, 2024) Niehues, Nils; Arp, Benjamin; Hüller, Tom; Schwickerath, Felix; Boltz, Nicolas; Hahner, SebastianThe increasing complexity of modern software systems presents developers with significant challenges regarding the confidentiality of sensitive data. To this end, data flow diagrams serve as an effective tool for identifying potential confidentiality violations. Previous work in this area collected a data set comprising security-enriched data flow diagrams. Previous work on the security of microservice applications has created an extensive dataset of security-enriched data flow diagrams derived from open-source projects. The data set also includes security rules for microservices architectures specified in natural language. This paper presents an automated pipeline that converts descriptions of data flow diagrams with security rules into models suitable for automated information security analysis. Our evaluation based on the existing data set shows that the transformed models are highly accurate, establishing a gold standard for data flow-based confidentiality analysis.
- KonferenzbeitragIntegrating Security-Enriched Data Flow Diagrams Into Architecture-Based Confidentiality Analysis(Softwaretechnik-Trends Band 44, Heft 4, 2024) Niehues, Nils; Arp, Benjamin; Hüller, Tom; Schwickerath, Felix; Boltz, Nicolas; Hahner, SebastianThe increasing complexity of modern software systems presents developers with significant challenges regarding the confidentiality of sensitive data. To this end, data flow diagrams serve as an effective tool for identifying potential confidentiality violations. Previous work in this area collected a data set comprising security-enriched data flow diagrams. Previous work on the security of microservice applications has created an extensive dataset of security-enriched data flow diagrams derived from open-source projects. The data set also includes security rules for microservices architectures specified in natural language. This paper presents an automated pipeline that converts descriptions of data flow diagrams with security rules into models suitable for automated information security analysis. Our evaluation based on the existing data set shows that the transformed models are highly accurate, establishing a gold standard for data flow-based confidentiality analysis.
- KonferenzbeitragTowards a Data Flow Diagram-Centric Confidentiality Analysis in Palladio(Softwaretechnik-Trends Band 44, Heft 4, 2024) Hüller, Tom; Schwickerath, Felix; Arp, Benjamin; Niehues, Nils; Boltz, Nicolas; Hahner, SebastianThe Palladio approach enables software architects to create architectural models of their systems for early cost, performance, and maintainability analysis. Using a data flow-based confidentiality analysis, it is also possible to detect confidentiality violations in software systems modeled with the Palladio Component Model (PCM). However, many software architects work directly with Data Flow Diagrams (DFDs) because of their decreased complexity and their ability to make pinpointing specific information security issues easier. To achieve the best of both worlds, a conversion is needed that semantically preserves all security-related information. This paper presents a transformation of PCM instances into information security-annotated DFDs, that can be used by software architects to visualize the data flow analysis results graphically and identify potential confidentiality violations. In our evaluation, we show that the analysis results of the transformed DFDs are equivalent to those of the original PCM instances.
- KonferenzbeitragTowards a Data Flow Diagram-Centric Confidentiality Analysis in Palladio(Softwaretechnik-Trends Band 44, Heft 4, 2024) Hüller, Tom; Schwickerath, Felix; Arp, Benjamin; Niehues, Nils; Boltz, Nicolas; Hahner, SebastianThe Palladio approach enables software architects to create architectural models of their systems for early cost, performance, and maintainability analysis. Using a data flow-based confidentiality analysis, it is also possible to detect confidentiality violations in software systems modeled with the Palladio Component Model (PCM). However, many software architects work directly with Data Flow Diagrams (DFDs) because of their decreased complexity and their ability to make pinpointing specific information security issues easier. To achieve the best of both worlds, a conversion is needed that semantically preserves all security-related information. This paper presents a transformation of PCM instances into information security-annotated DFDs, that can be used by software architects to visualize the data flow analysis results graphically and identify potential confidentiality violations. In our evaluation, we show that the analysis results of the transformed DFDs are equivalent to those of the original PCM instances.