Architecture-based Uncertainty Impact Analysis for Confidentiality: Unterschied zwischen den Versionen

Aus SDQ-Institutsseminar
Keine Bearbeitungszusammenfassung
Keine Bearbeitungszusammenfassung
Zeile 6: Zeile 6:
|termin=Institutsseminar/2022-03-18
|termin=Institutsseminar/2022-03-18
|vortragsmodus=online
|vortragsmodus=online
|kurzfassung=TBD
|kurzfassung=In times of highly interconnected systems, confidentiality becomes a crucial security
quality attribute. As fixing confidentiality breaches becomes costly the later they are found,
software architects should address confidentiality early in the design time. During the
architectural design process, software architects take Architectural Design Decisions (ADDs)
to handle the degrees of freedom, i.e. uncertainty. However, ADDs are often subjected
to assumptions and unknown or imprecise information. Assumptions may turn out
to be wrong so they have to be revised which re-introduces uncertainty. Thus,
the presence of uncertainty at design time prevents from drawing precise conclusions
about the confidentiality of the system. It is, therefore, necessary to assess the impact of
uncertainties at the architectural level before making a statement about confidentiality.
To address this, we make the following contributions: First, we propose a novel
uncertainty categorization approach to assess the impact of uncertainties in software
architectures. Based on that, we provide an uncertainty template that enables software
architects to structurally derive types of uncertainties and their impact on architectural
element types for a domain of interest. Second, we provide an Uncertainty Impact Analysis
(UIA) that enables software architects to specify which architectural elements are directly
affected by uncertainties. Based on structural propagation rules, the tool automatically
derives further architectural elements which are potentially affected. Using the large-scale
open-source contract tracing application called Corona Warn App (CWA) as a case study,
we show that the UIA achieves 100% recall while maintaining 44%-91% precision when
analyzing the impact of uncertainties on architectural elements.
}}
}}

Version vom 21. Februar 2022, 15:47 Uhr

Vortragende(r) Niko Benkler
Vortragstyp Masterarbeit
Betreuer(in) Sebastian Hahner
Termin Fr 18. März 2022
Vortragssprache
Vortragsmodus online
Kurzfassung In times of highly interconnected systems, confidentiality becomes a crucial security

quality attribute. As fixing confidentiality breaches becomes costly the later they are found, software architects should address confidentiality early in the design time. During the architectural design process, software architects take Architectural Design Decisions (ADDs) to handle the degrees of freedom, i.e. uncertainty. However, ADDs are often subjected to assumptions and unknown or imprecise information. Assumptions may turn out to be wrong so they have to be revised which re-introduces uncertainty. Thus, the presence of uncertainty at design time prevents from drawing precise conclusions about the confidentiality of the system. It is, therefore, necessary to assess the impact of uncertainties at the architectural level before making a statement about confidentiality. To address this, we make the following contributions: First, we propose a novel uncertainty categorization approach to assess the impact of uncertainties in software architectures. Based on that, we provide an uncertainty template that enables software architects to structurally derive types of uncertainties and their impact on architectural element types for a domain of interest. Second, we provide an Uncertainty Impact Analysis (UIA) that enables software architects to specify which architectural elements are directly affected by uncertainties. Based on structural propagation rules, the tool automatically derives further architectural elements which are potentially affected. Using the large-scale open-source contract tracing application called Corona Warn App (CWA) as a case study, we show that the UIA achieves 100% recall while maintaining 44%-91% precision when analyzing the impact of uncertainties on architectural elements.