[PDF][PDF] A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures.
SECRYPT, 2021•scitepress.org
Software architectures allow identifying confidentiality issues early and in a cost-efficient
way. Information Flow (IF) and Access Control (AC) are established confidentiality
mechanisms, so modeling and analysis approaches should support them. Because
confidentiality issues often trace back to data usage, data-oriented approaches are
promising. However, we could not identify a data-oriented approach handling both, IF and
AC. Therefore, we present a unified data-oriented modeling and analysis approach�…
way. Information Flow (IF) and Access Control (AC) are established confidentiality
mechanisms, so modeling and analysis approaches should support them. Because
confidentiality issues often trace back to data usage, data-oriented approaches are
promising. However, we could not identify a data-oriented approach handling both, IF and
AC. Therefore, we present a unified data-oriented modeling and analysis approach�…
Abstract
Software architectures allow identifying confidentiality issues early and in a cost-efficient way. Information Flow (IF) and Access Control (AC) are established confidentiality mechanisms, so modeling and analysis approaches should support them. Because confidentiality issues often trace back to data usage, data-oriented approaches are promising. However, we could not identify a data-oriented approach handling both, IF and AC. Therefore, we present a unified data-oriented modeling and analysis approach supporting both, IF and AC, within the same model in this paper. We demonstrate the integration into an existing architectural description language and evaluate the resulting expressiveness and accuracy by a case study considering 22 cases.
scitepress.org
Showing the best result for this search. See all results