Mining Security Documentation Practices in OpenAPIs Descriptions (ICSA 2025 - Research Papers) - ICSA 2025

Mon 31 March - Fri 4 April 2025 Odense, Denmark

Who

Diana Munoz, Souhaila Serbout, Cesare Pautasso

Track

ICSA 2025 Research Papers

Time Zone

The program is currently displayed in (GMT+02:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+02:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Thu 3 Apr 2025 10:30 - 10:45 at Hall 2 (U82) - Security and Privacy in Software Architecture Chair(s): Andres Diaz Pace
Thu 3 Apr 2025 15:49 - 15:51 at Main Hall (O100) - Speed Presentations Chair(s): Mahyar T. Moghaddam

Abstract

Security is an integral requirement of any trustworthy software architecture, particularly critical for application programming interfaces (APIs). In this paper, we survey security documentation practices, specifically API security schemes related to authentication and authorization, by mining a large collection of OpenAPI descriptions retrieved from open-source GitHub repositories. Our study focuses on detecting existing security schemes and evaluating their prevalence and positioning within API descriptions. We distinguish whether security schemes are introduced locally (at the path or operation level) or globally (for the entire API). Our analysis highlights scenarios where security schemes are featured in APIs in different proportions over time, thus tracking whether the API documentation tends to include more (or less) security details as the API evolves.

Link to Preprint

https://souhaila-serbout.me/pdfs/2025_APIACE_ICSA_API_Security.pdf

File attachments

Mining Security Documentation Practices in OpenAPI Descriptions (2025_APIACE_ICSA_API_Security.pdf)	1.75MiB

Diana Munoz

Souhaila Serbout

University of Zurich, Zurich, Switzerland

Switzerland

Cesare Pautasso

Software Institute, Faculty of Informatics, USI Lugano

Switzerland

Time Zone

The program is currently displayed in (GMT+02:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+02:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Thu 3 Apr
Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

	10:30 - 11:30	Security and Privacy in Software ArchitectureResearch Papers at Hall 2 (U82) Chair(s): Andres Diaz Pace UNICEN University

	10:30 15m Research paper		Mining Security Documentation Practices in OpenAPIs Descriptions Research Papers Diana Munoz , Souhaila Serbout University of Zurich, Zurich, Switzerland, Cesare Pautasso Software Institute, Faculty of Informatics, USI Lugano Pre-print File Attached
	10:45 15m Research paper		Data-Centric Model for Architecture’s Vulnerabilities Analysis Research Papers Michel Bourdelles , Jamal EL HACHEM IRISA (UMR CNRS) - Univ. Bretagne-Sud (UBS), Salah Sadou
	11:00 15m Research paper		An Architecture-Based Approach to Mitigate Confidentiality Violations Using Machine Learning Research Papers Nils Niehues Karlsruhe Institute of Technology (KIT), Sebastian Hahner Karlsruhe Institute of Technology (KIT), Robert Heinrich Karlsruhe Institute of Technology Pre-print
	11:15 15m Research paper		TrustMesh: A Blockchain-Enabled Trusted Distributed Computing Framework for Open Heterogeneous IoT Environments Research Papers Murtaza Rangwala University of Melbourne, Rajkumar Buyya University of Melbourne, Australia DOI Pre-print File Attached

	15:30 - 16:00	Speed PresentationsEarly Career Track / Research Papers / Software Architecture in Practice / Poster Track / New and Emerging Ideas / Journal First at Main Hall (O100) Chair(s): Mahyar T. Moghaddam University of Southern Denmark

	15:30 1m Paper		Toward a non-invasive architecture supporting traditional textile manufacturing systems in their transition to Industry 4.0 Early Career Track Giuseppe de Martino
	15:31 1m Poster		SecuRe - An Approach to Recommending Security Design Patterns Poster Track Alex R. Sabau RWTH Aachen University, Dominik Lammers , Horst Lichter RWTH Aachen University Pre-print
	15:33 1m Paper		Towards Architectural Pen Test Case Generation and Attack Surface Analysis to Support Secure Design Early Career Track Mahdi Jafari Sarvejahani Karlsruhe Institute of Technology (KIT)
	15:35 1m Poster		PRE-Share Data: Assistance Tool for Resource-aware Designing of Data-sharing Pipelines Poster Track Sepideh Masoudi
	15:37 1m Paper		A Measurement-Driven Approach to Enhancing Sustainability in Microservice Architectures Early Career Track Eoan O'Dea University of L'Aquila
	15:38 1m Paper		Automated Microservice Pattern Instance Detection Using Infrastructure-as-Code Artifacts and Large Language Models Early Career Track Carlos Eduardo Duarte INESC TEC, Faculdade de Engenharia, Universidade do Porto DOI Pre-print
	15:40 1m Paper		Survey on Operational Metrics for Reliable Machine Learning Systems Early Career Track Anders Launer Bæk-Petersen University of Southern Denmark, SDU Software Engineering Pre-print
	15:42 1m Paper		Energy-efficient Microservice-based Software Architectures in Cloud Environments Early Career Track César Perdigão Batista Télécom SudParis, Institut Polytechnique de Paris, Sophie Chabridon Télécom SudParis, Denis Conan SAMOVAR, Télécom SudParis, Institut Polytechnique de Paris
	15:44 1m Poster		Continuous Observability Assurance in Cloud-Native Applications Poster Track Maria C Borges Technische Universität Berlin, Sebastian Werner TU Berlin, Germany Pre-print
	15:45 1m Research paper		From Legacy to Intelligent IIoT Systems: Automation, Scalability and Elasticity Research Papers Gianluca Caiazza Ca' Foscari University of Venice, Teodors Lisovenko Ca' Foscari University of Venice, Pietro Ferrara Ca’ Foscari University of Venice, Fabio Berti , Francesca Ferrari , Alessandro Zaupa , Guangzheng Zhang
	15:47 1m Research paper		Investigating the Impact of Software Design Patterns on Energy Consumption Research Papers Adel Noureddine University of Pau and Pays de l'Adour, Olivier Le Goaër LIUPPA, Université de Pau et des Pays de l'Adour
	15:49 1m Research paper		Mining Security Documentation Practices in OpenAPIs Descriptions Research Papers Diana Munoz , Souhaila Serbout University of Zurich, Zurich, Switzerland, Cesare Pautasso Software Institute, Faculty of Informatics, USI Lugano Pre-print File Attached
	15:51 1m Research paper		Performance Analysis of Architectural Patterns for Federated Learning Systems Research Papers Ivan Compagnucci Gran Sasso Science Institute, Riccardo Pinciroli Gran Sasso Science Institute, Catia Trubiani Gran Sasso Science Institute Pre-print
	15:52 1m Journal Early-Feedback		Software architecture-based self-adaptation in robotics Journal First Elvin Alberts Vrije Universiteit Amsterdam & Delft University of Technology, Ilias Gerostathopoulos Vrije Universiteit Amsterdam, Ivano Malavolta Vrije Universiteit Amsterdam, Carlos Hernández Corbato Delft University of Technology, Patricia Lago Vrije Universiteit Amsterdam Link to publication DOI
	15:54 1m Paper		Axiomatic Software Architecture New and Emerging Ideas Aydin Homay TU Dresden, Mario De Sousa
	15:56 1m Paper		Design and Evaluation of An Event-Driven Cloud-Based Architecture for A Remote Patient Monitoring System Software Architecture in Practice Pedro Linhares , Pedro Wanderley , Marza Zaranza , Maria Andréia Formico Rodrigues University of Fortaleza, Nabor Mendonca University of Fortaleza
	15:58 1m Paper		Recovering Gropius Models with the Cluster Architecture Recovery Assistant Software Architecture in Practice Sandro Speth Institute of Software Engineering, University of Stuttgart, Elias Müller Institute of Software Engineering, University of Stuttgart, Philipp Recke , Niklas Krieger , Steffen Becker University of Stuttgart, Alexander Poth Volkswagen AG, Olsi Rrjolli Volkswagen AG File Attached