An Extensible Framework for Architecture-Based Data Flow Analysis for Information Security
- URL: http://arxiv.org/abs/2403.09402v1
- Date: Thu, 14 Mar 2024 13:52:41 GMT
- Title: An Extensible Framework for Architecture-Based Data Flow Analysis for Information Security
- Authors: Nicolas Boltz, Sebastian Hahner, Christopher Gerking, Robert Heinrich,
- Abstract summary: Security-related properties are often analyzed based on data flow diagrams (DFDs)
We present an open and framework for data flow analysis.
The framework is compatible with DFDs and can also extract data flows from the Palladio architectural description language.
- Score: 1.7749883815108154
- License: http://creativecommons.org/licenses/by-sa/4.0/
- Abstract: The growing interconnection between software systems increases the need for security already at design time. Security-related properties like confidentiality are often analyzed based on data flow diagrams (DFDs). However, manually analyzing DFDs of large software systems is bothersome and error-prone, and adjusting an already deployed software is costly. Additionally, closed analysis ecosystems limit the reuse of modeled information and impede comprehensive statements about a system's security. In this paper, we present an open and extensible framework for data flow analysis. The central element of our framework is our new implementation of a well-validated data-flow-based analysis approach. The framework is compatible with DFDs and can also extract data flows from the Palladio architectural description language. We showcase the extensibility with multiple model and analysis extensions. Our evaluation indicates that we can analyze similar scenarios while achieving higher scalability compared to previous implementations.
Related papers
- Robust Incremental Structure-from-Motion with Hybrid Features [73.55745864762703]
We introduce an incremental Structure-from-Motion (SfM) system that leverages lines and their structured geometric relations.
Our system is consistently more robust and accurate compared to the widely used point-based state of the art in SfM.
arXiv Detail & Related papers (2024-09-29T22:20:32Z) - Technical Upgrades to and Enhancements of a System Vulnerability Analysis Tool Based on the Blackboard Architecture [0.0]
Generalization logic building on the Blackboard Architecture's rule-fact paradigm was implemented in this system.
The paper concludes with a discussion of avenues of future work, including the implementation of multithreading.
arXiv Detail & Related papers (2024-09-17T05:06:42Z) - How Dataflow Diagrams Impact Software Security Analysis: an Empirical
Experiment [5.6169596483204085]
We present the findings of an empirical experiment conducted to investigate DFDs’ impact on the performance of analysts in a security analysis setting.
We found that the participants performed significantly better in answering the analysis tasks correctly in the model-supported condition.
We identified three open challenges of using DFDs for security analysis based on the insights gained in the experiment.
arXiv Detail & Related papers (2024-01-09T09:22:35Z) - It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation [50.06412862964449]
Attack Graph (AG) represents the best-suited solution to support cyber risk assessment for multi-step attacks on computer networks.
Current solutions propose to address the generation problem from the algorithmic perspective and postulate the analysis only after the generation is complete.
This paper rethinks the classic AG analysis through a novel workflow in which the analyst can query the system anytime.
arXiv Detail & Related papers (2023-12-27T10:44:58Z) - Secure Instruction and Data-Level Information Flow Tracking Model for RISC-V [0.0]
Unauthorized access, fault injection, and privacy invasion are potential threats from untrusted actors.
We propose an integrated Information Flow Tracking (IFT) technique to enable runtime security to protect system integrity.
This study proposes a multi-level IFT model that integrates a hardware-based IFT technique with a gate-level-based IFT (GLIFT) technique.
arXiv Detail & Related papers (2023-11-17T02:04:07Z) - Serving Deep Learning Model in Relational Databases [70.53282490832189]
Serving deep learning (DL) models on relational data has become a critical requirement across diverse commercial and scientific domains.
We highlight three pivotal paradigms: The state-of-the-art DL-centric architecture offloads DL computations to dedicated DL frameworks.
The potential UDF-centric architecture encapsulates one or more tensor computations into User Defined Functions (UDFs) within the relational database management system (RDBMS)
arXiv Detail & Related papers (2023-10-07T06:01:35Z) - Tool-Supported Architecture-Based Data Flow Analysis for Confidentiality [1.6544671438664054]
We reimplemented a data flow analysis as a Java-based tool to identify access violations based on the data flow.
The evaluation for our tool indicates that we can analyze similar scenarios and scale for certain scenarios better than the existing analysis.
arXiv Detail & Related papers (2023-08-03T09:21:20Z) - Leveraging Traceability to Integrate Safety Analysis Artifacts into the
Software Development Process [51.42800587382228]
Safety assurance cases (SACs) can be challenging to maintain during system evolution.
We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models.
We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
arXiv Detail & Related papers (2023-07-14T16:03:27Z) - Distributed intelligence on the Edge-to-Cloud Continuum: A systematic
literature review [62.997667081978825]
This review aims at providing a comprehensive vision of the main state-of-the-art libraries and frameworks for machine learning and data analytics available today.
The main simulation, emulation, deployment systems, and testbeds for experimental research on the Edge-to-Cloud Continuum available today are also surveyed.
arXiv Detail & Related papers (2022-04-29T08:06:05Z) - Abstracting data in distributed ledger systems for higher level
analytics and visualizations [1.5381930379183162]
This article proposes an abstraction layer architecture that enables the design of high-level analytics of distributed ledger systems.
Based on the analysis of existing initiatives and identification of the relevant user requirements, this work aims to establish key insights and specifications.
arXiv Detail & Related papers (2021-02-19T19:34:12Z) - Edge-assisted Democratized Learning Towards Federated Analytics [67.44078999945722]
We show the hierarchical learning structure of the proposed edge-assisted democratized learning mechanism, namely Edge-DemLearn.
We also validate Edge-DemLearn as a flexible model training mechanism to build a distributed control and aggregation methodology in regions.
arXiv Detail & Related papers (2020-12-01T11:46:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.