Integrating Security-Enriched Data Flow Diagrams Into Architecture-Based Confidentiality Analysis
| dc.contributor.author | Niehues, Nils | |
| dc.contributor.author | Arp, Benjamin | |
| dc.contributor.author | Hüller, Tom | |
| dc.contributor.author | Schwickerath, Felix | |
| dc.contributor.author | Boltz, Nicolas | |
| dc.contributor.author | Hahner, Sebastian | |
| dc.contributor.editor | Herrmann, Andrea | |
| dc.date.accessioned | 2025-01-08T13:30:57Z | |
| dc.date.available | 2025-01-08T13:30:57Z | |
| dc.date.issued | 2024 | |
| dc.description.abstract | The increasing complexity of modern software systems presents developers with significant challenges regarding the confidentiality of sensitive data. To this end, data flow diagrams serve as an effective tool for identifying potential confidentiality violations. Previous work in this area collected a data set comprising security-enriched data flow diagrams. Previous work on the security of microservice applications has created an extensive dataset of security-enriched data flow diagrams derived from open-source projects. The data set also includes security rules for microservices architectures specified in natural language. This paper presents an automated pipeline that converts descriptions of data flow diagrams with security rules into models suitable for automated information security analysis. Our evaluation based on the existing data set shows that the transformed models are highly accurate, establishing a gold standard for data flow-based confidentiality analysis. | en |
| dc.identifier.issn | 0720-8928 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/45523 | |
| dc.language.iso | en | |
| dc.pubPlace | Bonn | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Softwaretechnik-Trends Band 44, Heft 4 | |
| dc.relation.ispartofseries | Softwaretechnik-Trends | |
| dc.subject | confidentiality | |
| dc.subject | data flow diagram | |
| dc.subject | transformation | |
| dc.subject | automated pipeline | |
| dc.title | Integrating Security-Enriched Data Flow Diagrams Into Architecture-Based Confidentiality Analysis | en |
| dc.type | Text/Conference Paper | |
| mci.conference.date | November 6-7, 2024 | |
| mci.conference.location | Linz, Austria | |
| mci.conference.sessiontitle | 15th Symposium on Software Performance 2024 | |
| mci.reference.pages | 48-50 |
Dateien
Originalbündel
1 - 1 von 1
Lade...
- Name:
- SSP24_15_camera-ready_9164.pdf
- Größe:
- 206.45 KB
- Format:
- Adobe Portable Document Format