Architecture-Based Uncertainty Impact Analysis to Ensure Confidentiality

Sebastian Hahner, R. Heinrich, R. Reussner
{"title":"Architecture-Based Uncertainty Impact Analysis to Ensure Confidentiality","authors":"Sebastian Hahner, R. Heinrich, R. Reussner","doi":"10.1109/SEAMS59076.2023.00026","DOIUrl":null,"url":null,"abstract":"Today’s software systems are neither built nor operated in isolation and have to adapt to their environment. Uncertainty in the software and its context is inherently unavoidable and should be actively analyzed and managed already at design time. This includes analyzing the impact of uncertainty on a system’s quality properties, which quickly becomes critical, e.g., regarding confidentiality. When not handled comprehensively, confidentiality violations can occur due to uncertainty that void previous analysis results. There exist many approaches to classify and handle uncertainty. However, without locating the impact of uncertainty, precise mitigation is often impossible. In this paper, we present an uncertainty impact analysis that shows potential confidentiality violations induced by different uncertainty types like structural, behavioral, or environmental uncertainty. This is achieved by combining software-architectural and data flow-based propagation of uncertainty. Our tool-supported approach is a first step towards predicting the impact of uncertainty without laborious modeling and testing of what-if scenarios. The case study-based evaluation shows that our impact analysis accurately predicts confidentiality violations with a high F1-score of 0.94 while reducing the effort of manual analysis by 82%.","PeriodicalId":262204,"journal":{"name":"2023 IEEE/ACM 18th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE/ACM 18th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SEAMS59076.2023.00026","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

Abstract

Today’s software systems are neither built nor operated in isolation and have to adapt to their environment. Uncertainty in the software and its context is inherently unavoidable and should be actively analyzed and managed already at design time. This includes analyzing the impact of uncertainty on a system’s quality properties, which quickly becomes critical, e.g., regarding confidentiality. When not handled comprehensively, confidentiality violations can occur due to uncertainty that void previous analysis results. There exist many approaches to classify and handle uncertainty. However, without locating the impact of uncertainty, precise mitigation is often impossible. In this paper, we present an uncertainty impact analysis that shows potential confidentiality violations induced by different uncertainty types like structural, behavioral, or environmental uncertainty. This is achieved by combining software-architectural and data flow-based propagation of uncertainty. Our tool-supported approach is a first step towards predicting the impact of uncertainty without laborious modeling and testing of what-if scenarios. The case study-based evaluation shows that our impact analysis accurately predicts confidentiality violations with a high F1-score of 0.94 while reducing the effort of manual analysis by 82%.
基于体系结构的不确定性影响分析以确保机密性
今天的软件系统既不是孤立地构建也不是孤立地运行,而是必须适应它们的环境。软件及其上下文中的不确定性本质上是不可避免的,应该在设计时就积极地分析和管理。这包括分析不确定性对系统质量属性的影响,这很快就变得至关重要,例如,关于机密性。如果处理不全面,由于不确定性而使先前的分析结果无效,可能会发生违反保密规定的情况。不确定性分类和处理的方法有很多。然而,如果不确定不确定性的影响,往往不可能精确地减轻影响。在本文中,我们提出了一个不确定性影响分析,显示了不同的不确定性类型,如结构、行为或环境不确定性引起的潜在保密违规。这是通过结合软件架构和基于数据流的不确定性传播来实现的。我们的工具支持的方法是预测不确定性影响的第一步,而不需要费力地建模和测试假设场景。基于案例分析的评估表明,我们的影响分析准确地预测了保密违规行为,f1得分高达0.94,同时减少了82%的人工分析工作量。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信