skip to main content
10.1145/3652620.3688556acmconferencesArticle/Chapter ViewAbstractPublication PagesmodelsConference Proceedingsconference-collections
short-paper
Open access

ARC3N: A Collaborative Uncertainty Catalog to Address the Awareness Problem of Model-Based Confidentiality Analysis

Published: 31 October 2024 Publication History

Abstract

Identifying confidentiality violations is challenging as modern software-intensive systems exchange and store large amounts of data, and system deployment and context vary. Although modelbased analyses can identify such violations already at design time, uncertainty within a software system or its environment can void analysis results. Existing approaches to raising awareness of uncertainty sources are limited in usability and extendability and require expert knowledge for interpretation and analysis. This paper presents our collaborative tooling ARC3N for collecting, modeling, and analyzing uncertainty sources regarding confidentiality. Using an open web-based platform, we simplify both identifying and assessing uncertainty without requiring expert knowledge. We evaluate our approach with a user study with students, researchers, and practitioners (n = 17) and demonstrate its feasibility.

References

[1]
Maribel Acosta et al. 2022. Uncertainty in coupled models of cyber-physical systems. In MODELS-C.
[2]
Victor R. Basili et al. 1984. A Methodology for Collecting Valid Software Engineering Data. IEEE TSE (1984).
[3]
Marcello M. Bersani et al. 2023. A Conceptual Framework for Explainability Requirements in Software-Intensive Systems. In REW.
[4]
Nicolas Boltz et al. 2024. An Extensible Framework for Architecture-Based Data Flow Analysis for Information Security. In ECSA.
[5]
Bundeskriminalamt. 2021. Cybercrime Bundeslagebild.
[6]
Michael Colesky and Julio C. Caiza. 2018. A System of Privacy Patterns for Informing Users: Creating a Pattern System. In EuroPLoP.
[7]
Javier Cámara et al. 2024. Uncertainty Flow Diagrams: Towards a Systematic Representation of Uncertainty Propagation and Interaction in Adaptive Systems. In SEAMS.
[8]
Sebastian Gerdes et al. 2015. Decision Buddy: Tool Support for Constraint-Based Design Decisions during System Evolution. In FoSADA.
[9]
Dion Hoe-Lian Goh and Peng Kin Ng. 2007. Link decay in leading information science journals. JASIST (2007).
[10]
Sebastian Hahner et al. 2023. Architecture-Based Uncertainty Impact Analysis to Ensure Confidentiality. In SEAMS.
[11]
Sebastian Hahner et al. 2023. A Classification of Software-Architectural Uncertainty Regarding Confidentiality. In ICETE.
[12]
Sebastian Hahner et al. 2023. Model-based Confidentiality Analysis under Uncertainty. In ICSA-C.
[13]
Sebastian Hahner et al. 2024. ARC3N - Data Set.
[14]
Sara M. Hezavehi et al. 2021. Uncertainty in Self-adaptive Systems: A Research Community Perspective. TAAS (2021).
[15]
International Organization for Standardization. 2018. ISO 27000:2018.
[16]
Marco Konersmann et al. 2022. Evaluation Methods and Replicability of Software Architecture Research Objects. In ICSA.
[17]
James R Lewis. 2018. The system usability scale: past, present, and future. International Journal of Human-Computer Interaction (2018).
[18]
Ioanna Lytra and Uwe Zdun. 2013. Supporting architectural decision making for systems-of-systems design under uncertainty. In SESoS.
[19]
Diego Perez-Palacin and Raffaela Mirandola. 2014. Uncertainties in the modeling of self-adaptive systems. In ICPE.
[20]
Andres J. Ramirez et al. 2012. A taxonomy of uncertainty for dynamically adaptive systems. In SEAMS.
[21]
Ralf H Reussner et al. 2016. Modeling and simulating software architectures: The Palladio approach. MIT Press.
[22]
Per Runeson and Martin Höst. 2009. Guidelines for conducting and reporting case study research in software engineering. ESE (2009).
[23]
Stephan Seifermann et al. 2022. Detecting violations of access control and information flow policies in data flow diagrams. JSS (2022).
[24]
Dalia Sobhy et al. 2021. Evaluation of Software Architectures under Uncertainty: A Systematic Literature Review. TOSEM (2021).
[25]
Leonie Sterz et al. 2022--2023. Intelligente Verkehrssysteme - IT-Sicherheit in offenen Infrastrukturen. Recht der Datenverarbeitung (2022--2023).
[26]
Javier Troya et al. 2021. Uncertainty representation in software models: a survey. Software and Systems Modeling (2021).
[27]
Maximilian Walter et al. 2022. Architectural Optimization for Confidentiality Under Structural Uncertainty. In ECSA.
[28]
Danny Weyns. 2020. An introduction to self-adaptive systems: A contemporary software engineering perspective. John Wiley & Sons.
[29]
Danny Weyns et al. 2023. Towards a Research Agenda for Understanding and Managing Uncertainty in Self-Adaptive Systems. SEN (2023).

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
MODELS Companion '24: Proceedings of the ACM/IEEE 27th International Conference on Model Driven Engineering Languages and Systems
September 2024
1261 pages
ISBN:9798400706226
DOI:10.1145/3652620
This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2024

Check for updates

Author Tags

  1. model-driven security
  2. software architecture
  3. confidentiality
  4. uncertainty
  5. unknown unknowns
  6. uncertainty awareness problem

Qualifiers

  • Short-paper

Conference

MODELS Companion '24
Sponsor:

Acceptance Rates

Overall Acceptance Rate 144 of 506 submissions, 28%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 87
    Total Downloads
  • Downloads (Last 12 months)87
  • Downloads (Last 6 weeks)33
Reflects downloads up to 10 Feb 2025

Other Metrics

Citations

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media