An Extensible Framework for Architecture-Based Data Flow Analysis for Information Security

TL;DR

This paper presents an open and extensible framework for data flow analysis that is compatible with DFDs and can also extract data flows from the Palladio architectural description language and showcases the extensibility with multiple model and analysis extensions.

Abstract

The growing interconnection between software systems increases the need for security already at design time. Security-related properties like confidentiality are often analyzed based on data flow diagrams (DFDs). However, manually analyzing DFDs of large software systems is bothersome and error-prone, and adjusting an already deployed software is costly. Additionally, closed analysis ecosystems limit the reuse of modeled information and impede comprehensive statements about a system's security. In this paper, we present an open and extensible framework for data flow analysis. The central element of our framework is our new implementation of a well-validated data-flow-based analysis approach. The framework is compatible with DFDs and can also extract data flows from the Palladio architectural description language. We showcase the extensibility with multiple model and analysis extensions. Our evaluation indicates that we can analyze similar scenarios while achieving higher scalability compared to previous implementations.

Figures (7)

• Figure 1: Informal overview of the structure of the data flow analysis framework.
• Figure 2: Metamodel of data flow diagrams and data dictionaries.
• Figure 3: Screenshot of the web-based editor showing the DFD of a simplified online shop.
• Figure 4: Simplified PCM model of the online shop example and the corresponding data flow with annotated node labels, data labels, and numbered transformation traces.
• Figure 5: Analysis architecture as performed key activities.