Logo des Repositoriums

Auflistung nach Schlagwort "confidentiality analysis"

1 - 2 von 2
  • Konferenzbeitrag
    Towards a Data Flow Diagram-Centric Confidentiality Analysis in Palladio
    (Softwaretechnik-Trends Band 44, Heft 4, 2024) Hüller, Tom; Schwickerath, Felix; Arp, Benjamin; Niehues, Nils; Boltz, Nicolas; Hahner, Sebastian
    The Palladio approach enables software architects to create architectural models of their systems for early cost, performance, and maintainability analysis. Using a data flow-based confidentiality analysis, it is also possible to detect confidentiality violations in software systems modeled with the Palladio Component Model (PCM). However, many software architects work directly with Data Flow Diagrams (DFDs) because of their decreased complexity and their ability to make pinpointing specific information security issues easier. To achieve the best of both worlds, a conversion is needed that semantically preserves all security-related information. This paper presents a transformation of PCM instances into information security-annotated DFDs, that can be used by software architects to visualize the data flow analysis results graphically and identify potential confidentiality violations. In our evaluation, we show that the analysis results of the transformed DFDs are equivalent to those of the original PCM instances.
  • Konferenzbeitrag
    Towards a Data Flow Diagram-Centric Confidentiality Analysis in Palladio
    (Softwaretechnik-Trends Band 44, Heft 4, 2024) Hüller, Tom; Schwickerath, Felix; Arp, Benjamin; Niehues, Nils; Boltz, Nicolas; Hahner, Sebastian
    The Palladio approach enables software architects to create architectural models of their systems for early cost, performance, and maintainability analysis. Using a data flow-based confidentiality analysis, it is also possible to detect confidentiality violations in software systems modeled with the Palladio Component Model (PCM). However, many software architects work directly with Data Flow Diagrams (DFDs) because of their decreased complexity and their ability to make pinpointing specific information security issues easier. To achieve the best of both worlds, a conversion is needed that semantically preserves all security-related information. This paper presents a transformation of PCM instances into information security-annotated DFDs, that can be used by software architects to visualize the data flow analysis results graphically and identify potential confidentiality violations. In our evaluation, we show that the analysis results of the transformed DFDs are equivalent to those of the original PCM instances.