A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures

Stephan Seifermann; Robert Heinrich; Dominik Werle; Ralf Reussner

doi:10.5220/0010515300260037

A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures

Stephan Seifermann, Robert Heinrich, Dominik Werle, Ralf Reussner

2021

Abstract

Software architectures allow identifying confidentiality issues early and in a cost-efficient way. Information Flow (IF) and Access Control (AC) are established confidentiality mechanisms, so modeling and analysis approaches should support them. Because confidentiality issues often trace back to data usage, data-oriented approaches are promising. However, we could not identify a data-oriented approach handling both, IF and AC. Therefore, we present a unified data-oriented modeling and analysis approach supporting both, IF and AC, within the same model in this paper. We demonstrate the integration into an existing architectural description language and evaluate the resulting expressiveness and accuracy by a case study considering 22 cases.

Download

Paper Citation

in Harvard Style

Seifermann S., Heinrich R., Werle D. and Reussner R. (2021). A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 26-37. DOI: 10.5220/0010515300260037

in Bibtex Style

@conference{secrypt21,
author={Stephan Seifermann and Robert Heinrich and Dominik Werle and Ralf Reussner},
title={A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={26-37},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010515300260037},
isbn={978-989-758-524-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures
SN - 978-989-758-524-1
AU - Seifermann S.
AU - Heinrich R.
AU - Werle D.
AU - Reussner R.
PY - 2021
SP - 26
EP - 37
DO - 10.5220/0010515300260037