Handling Environmental Uncertainty in Design Time Access Control Analysis

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216208%3A11320%2F22%3A10453484" target="_blank" >RIV/00216208:11320/22:10453484 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1109/SEAA56994.2022.00067" target="_blank" >https://doi.org/10.1109/SEAA56994.2022.00067</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/SEAA56994.2022.00067" target="_blank" >10.1109/SEAA56994.2022.00067</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Handling Environmental Uncertainty in Design Time Access Control Analysis

Popis výsledku v původním jazyce

The high complexity, connectivity, and data exchange of modern software systems make it crucial to consider confidentiality early. An often used mechanism to ensure confidentiality is access control. When the system is modeled during design time, access control can already be analyzed. This enables early identification of confidentiality violations and the ability to analyze the impact of what-if scenarios. However, due to the abstract view of the design time model and the ambiguity in the early stages of development, uncertainties exist in the system environment. These uncertainties can have a direct effect on the validity of access control attributes in use, which might result in compromised confidentiality.To handle such known uncertainty, we present a notion of confidence in the context of design time access control. We define confidence as a composition of known uncertainties in the environment of the system, which influence the validity of access control attributes. We extend an existing modeling and analysis approach for design time access control with our notion of confidence. For evaluation, we apply the notion of confidence to multiple real-world case studies and discuss the resulting benefits for different stages of system development. We also analyze the expressiveness of the extended approach in defining confidentiality constraints and measure the accuracy in identifying confidentiality violations. Our results show that using the notion of confidence increases expressiveness while being able to accurately identify access control violations.

Název v anglickém jazyce

Handling Environmental Uncertainty in Design Time Access Control Analysis

Popis výsledku anglicky

The high complexity, connectivity, and data exchange of modern software systems make it crucial to consider confidentiality early. An often used mechanism to ensure confidentiality is access control. When the system is modeled during design time, access control can already be analyzed. This enables early identification of confidentiality violations and the ability to analyze the impact of what-if scenarios. However, due to the abstract view of the design time model and the ambiguity in the early stages of development, uncertainties exist in the system environment. These uncertainties can have a direct effect on the validity of access control attributes in use, which might result in compromised confidentiality.To handle such known uncertainty, we present a notion of confidence in the context of design time access control. We define confidence as a composition of known uncertainties in the environment of the system, which influence the validity of access control attributes. We extend an existing modeling and analysis approach for design time access control with our notion of confidence. For evaluation, we apply the notion of confidence to multiple real-world case studies and discuss the resulting benefits for different stages of system development. We also analyze the expressiveness of the extended approach in defining confidentiality constraints and measure the accuracy in identifying confidentiality violations. Our results show that using the notion of confidence increases expressiveness while being able to accurately identify access control violations.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/GC20-24814J" target="_blank" >GC20-24814J: FluidTrust - popora důvěry pomocí dynamicky proměnlivého řízení přistupu k datům a zdrojům v systémech Průmyslu 4.0</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)

ISBN

978-1-66546-152-8

ISSN

—

e-ISSN

—

Počet stran výsledku

8

Strana od-do

382-389

Název nakladatele

IEEE

Místo vydání

Los Alamitos

Místo konání akce

Gran Canaria, Spain

Datum konání akce

31. 8. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—