Handling Environmental Uncertainty in Design Time Access Control Analysis

The high complexity, connectivity, and data exchange of modern software systems make it crucial to consider confidentiality early. An often used mechanism to ensure confidentiality is access control. When the system is modeled during design time, access control can already be analyzed. This enables early identification of confidentiality violations and the ability to analyze the impact of what-if scenarios. However, due to the abstract view of the design time model and the ambiguity in the early stages of development, uncertainties exist in the system environment. These uncertainties can have a direct effect on the validity of access control attributes in use, which might result in compromised confidentiality.To handle such known uncertainty, we present a notion of confidence in the context of design time access control. We define confidence as a composition of known uncertainties in the environment of the system, which influence the validity of access control attributes. We extend an existing modeling and analysis approach for design time access control with our notion of confidence. For evaluation, we apply the notion of confidence to multiple real-world case studies and discuss the resulting benefits for different stages of system development. We also analyze the expressiveness of the extended approach in defining confidentiality constraints and measure the accuracy in identifying confidentiality violations. Our results show that using the notion of confidence increases expressiveness while being able to accurately identify access control violations.