Kurzfassung
|
In times of highly interconnected systems, confidentiality becomes a crucial security quality attribute. As fixing confidentiality breaches becomes costly the later they are found, software architects should address confidentiality early in the design time. During the architectural design process, software architects take Architectural Design Decisions (ADDs) to handle the degrees of freedom, i.e. uncertainty. However, ADDs are often subjected to assumptions and unknown or imprecise information. Assumptions may turn out to be wrong so they have to be revised which re-introduces uncertainty. Thus, the presence of uncertainty at design time prevents from drawing precise conclusions about the confidentiality of the system. It is, therefore, necessary to assess the impact of uncertainties at the architectural level before making a statement about confidentiality. To address this, we make the following contributions: First, we propose a novel uncertainty categorization approach to assess the impact of uncertainties in software architectures. Based on that, we provide an uncertainty template that enables software architects to structurally derive types of uncertainties and their impact on architectural element types for a domain of interest. Second, we provide an Uncertainty Impact Analysis (UIA) that enables software architects to specify which architectural elements are directly affected by uncertainties. Based on structural propagation rules, the tool automatically derives further architectural elements which are potentially affected. Using the large-scale open-source contract tracing application called Corona Warn App (CWA) as a case study, we show that the UIA achieves 100% recall while maintaining 44%-91% precision when analyzing the impact of uncertainties on architectural elements.
|