Description and Purpose

Security is an essential quality property that has to be considered while building the software architecture in order to avoid costly fixes in later development phases. Confidentiality is an essential but frequently violated aspect of security. Despite of raising awareness regarding the need to consider confidentiality, the adoption in the early design and architectural phase is often low.

This tutorial introduces a static analysis operating on software architectures modeled within the Palladio approach. Besides foundational knowledge, the tutorial provides a practical hands-on session using the tool. The goal is to show that it is already possible to consider confidentiality in the early design process and that this consideration can be integrated into existing architectural design tools.

Covered Topics

The workshop will cover a mix of conceptual and practical topics.

The covered conceptual topics are about identifying essential aspects of a confidentiality analysis:

  • General idea of conducting a confidentiality analyses by label propagation
  • Conducting a Role-based Access Control (RBAC) analysis by label propagation

The following practical topics will be discussed in the context of Palladio and its tooling:

  • Component-based modeling of Software Architectures (short)
  • Extending software architectures by confidentiality properties
  • Detection of confidentiality violations in Palladio architecture models

Target Audience

The tutorial targets practitioners as well as researchers in the field of software architecture.

Practitioners are invited to get in touch with recent research results and accompanying tooling. While we are aware that our tooling is not industrial grade, we would be happy to get some feedback from practitioners if these tools would be useful for them or what had to be changed.

Researchers can get an in-depth look into research results and how to use them. This is not possible by reading condensed papers about the topic. Again, we are happy about feedback on the presented concepts and possible extensions.

We do not require any previous knowledge because we recap all required foundations. However, knowledge in component-based software development, Palladio or access control or information flow control are helpful.

Attending the Tutorial

The tutorial will be held on September, 13th at 5pm - 8pm CEST (UTC+2).

A registration to ECSA 2021 is mandatory to attend the tutorial. Please tick the box next to our tutorial during the registration to indicate that you plan to attend the tutorial.

We will inform all registered participants before the tutorial about necessary preparations. If you should not receive this information, please consult the material page to learn about the necessary preparations.

Chanelog

If we update this page, we will summarize changes in our changelog. There is also an RSS feed for that changelog.

Acknowledgement

This work is funded by the DFG (German Research Foundation) – project number 432576552, HE8596/1-1 (FluidTrust) and also supported by funding of the Helmholtz Association (HGF) through the Competence Center for Applied Security Technology (KASTEL) (46.23).

Organisation / Questions

The tutorial is organized by the people mentioned under presenters. For questions, please contact Stephan Seifermann (stephan.seifermann [AT] kit.edu).