Model-based Confidentiality Analysis under Uncertainty

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216208%3A11320%2F23%3A10474032" target="_blank" >RIV/00216208:11320/23:10474032 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1109/ICSA-C57050.2023.00062" target="_blank" >https://doi.org/10.1109/ICSA-C57050.2023.00062</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/ICSA-C57050.2023.00062" target="_blank" >10.1109/ICSA-C57050.2023.00062</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Model-based Confidentiality Analysis under Uncertainty

Popis výsledku v původním jazyce

In our connected world, ensuring the confidentiality of the software systems we build becomes increasingly difficult. Model-based design time confidentiality analyses have been proposed to cope with this complexity early. However, the usefulness of such analyses is limited due to uncertainty about the software architecture itself and the software&apos;s execution environment. This leads to conclusions about confidentiality violations that lack both precision and comprehensiveness. Although there exist approaches to deal with design time uncertainty, existing research lacks precise statements about the impact of uncertainty on confidentiality. To address this, we include uncertainty as part of our software architectural model. We extend a data flow-based analysis to include the impact of uncertainty on confidentiality violations. The results of the case study-based evaluation show high accuracy with typical design time uncertainty. Also, our analysis yields more precise statements about the impact of uncertainty on confidentiality than the state of the art.

Název v anglickém jazyce

Model-based Confidentiality Analysis under Uncertainty

Popis výsledku anglicky

In our connected world, ensuring the confidentiality of the software systems we build becomes increasingly difficult. Model-based design time confidentiality analyses have been proposed to cope with this complexity early. However, the usefulness of such analyses is limited due to uncertainty about the software architecture itself and the software&apos;s execution environment. This leads to conclusions about confidentiality violations that lack both precision and comprehensiveness. Although there exist approaches to deal with design time uncertainty, existing research lacks precise statements about the impact of uncertainty on confidentiality. To address this, we include uncertainty as part of our software architectural model. We extend a data flow-based analysis to include the impact of uncertainty on confidentiality violations. The results of the case study-based evaluation show high accuracy with typical design time uncertainty. Also, our analysis yields more precise statements about the impact of uncertainty on confidentiality than the state of the art.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/GC20-24814J" target="_blank" >GC20-24814J: FluidTrust - popora důvěry pomocí dynamicky proměnlivého řízení přistupu k datům a zdrojům v systémech Průmyslu 4.0</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2023 IEEE 20TH INTERNATIONAL CONFERENCE ON SOFTWARE ARCHITECTURE COMPANION, ICSA-C

ISBN

978-1-66546-459-8

ISSN

2768-427X

e-ISSN

—

Počet stran výsledku

8

Strana od-do

256-263

Název nakladatele

IEEE COMPUTER SOC

Místo vydání

LOS ALAMITOS

Místo konání akce

Aquila

Datum konání akce

13. 3. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000990534100046