Logo des Repositoriums

Softwaretechnik-Trends 44(4) - 2024

https://dl.gi.de/handle/20.500.12116/45513
Auflistung nach:

Auflistung Softwaretechnik-Trends 44(4) - 2024 nach Schlagwort "confidentiality"

1 - 2 von 2
  • Konferenzbeitrag
    Integrating Security-Enriched Data Flow Diagrams Into Architecture-Based Confidentiality Analysis
    (Softwaretechnik-Trends Band 44, Heft 4, 2024) Niehues, Nils; Arp, Benjamin; Hüller, Tom; Schwickerath, Felix; Boltz, Nicolas; Hahner, Sebastian
    The increasing complexity of modern software systems presents developers with significant challenges regarding the confidentiality of sensitive data. To this end, data flow diagrams serve as an effective tool for identifying potential confidentiality violations. Previous work in this area collected a data set comprising security-enriched data flow diagrams. Previous work on the security of microservice applications has created an extensive dataset of security-enriched data flow diagrams derived from open-source projects. The data set also includes security rules for microservices architectures specified in natural language. This paper presents an automated pipeline that converts descriptions of data flow diagrams with security rules into models suitable for automated information security analysis. Our evaluation based on the existing data set shows that the transformed models are highly accurate, establishing a gold standard for data flow-based confidentiality analysis.
  • Konferenzbeitrag
    Integrating Security-Enriched Data Flow Diagrams Into Architecture-Based Confidentiality Analysis
    (Softwaretechnik-Trends Band 44, Heft 4, 2024) Niehues, Nils; Arp, Benjamin; Hüller, Tom; Schwickerath, Felix; Boltz, Nicolas; Hahner, Sebastian
    The increasing complexity of modern software systems presents developers with significant challenges regarding the confidentiality of sensitive data. To this end, data flow diagrams serve as an effective tool for identifying potential confidentiality violations. Previous work in this area collected a data set comprising security-enriched data flow diagrams. Previous work on the security of microservice applications has created an extensive dataset of security-enriched data flow diagrams derived from open-source projects. The data set also includes security rules for microservices architectures specified in natural language. This paper presents an automated pipeline that converts descriptions of data flow diagrams with security rules into models suitable for automated information security analysis. Our evaluation based on the existing data set shows that the transformed models are highly accurate, establishing a gold standard for data flow-based confidentiality analysis.