Architecture-Based Uncertainty Impact Analysis to Ensure Confidentiality

Abstract

Today’s software systems are neither built nor operated in isolation and have to adapt to their environment. Uncertainty in the software and its context is inherently unavoidable and should be actively analyzed and managed already at design time. This includes analyzing the impact of uncertainty on a system’s quality properties, which quickly becomes critical, e.g., regarding confidentiality. When not handled comprehensively, confidentiality violations can occur due to uncertainty that void previous analysis results. There exist many approaches to classify and handle uncertainty. However, without locating the impact of uncertainty, precise mitigation is often impossible. In this paper, we present an uncertainty impact analysis that shows potential confidentiality violations induced by different uncertainty types like structural, behavioral, or environmental uncertainty. This is achieved by combining software-architectural and data flow-based propagation of uncertainty. Our tool-supported approach is a first step towards predicting the impact of uncertainty without laborious modeling and testing of what-if scenarios. The case study-based evaluation shows that our impact analysis accurately predicts confidentiality violations with a high F1-score of 0.94 while reducing the effort of manual analysis by 82%.