ICSA 2025
Mon 31 March - Fri 4 April 2025 Odense, Denmark

Today’s software systems have become increasingly connected and complex, requiring comprehensive analysis to ensure quality properties like confidentiality. Architecture-based confidentiality analysis enables the early identification of confidentiality violations to counter data breaches effectively. However, uncertainty within the software system and its environment hinders the precise and comprehensive analysis of software architectures. Furthermore, the complexity of both architectural models and uncertainties and their outcomes impede automated model repair due to combinatorial explosion. Ultimately, software architects must manually address all confidentiality violations, which is both bothersome and error-prone. Although existing approaches can identify confidentiality violations due to uncertainty, they fall short of mitigating their effects. In this paper, we address this by utilizing machine learning in the confidentiality analysis both to evaluate the criticality of identified violations and to automatically repair them. This bridges the gap between analysis and mitigation, thereby effectively supporting software architects. Evaluation results show that logistic regression provides the best ranking of the importance of uncertainty sources. Combined with incremental testing, our approach outperforms the state of the art and achieves up to a 60-fold reduction in runtime.

Thu 3 Apr

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

10:30 - 11:30
Security and Privacy in Software ArchitectureResearch Papers at Hall 2 (U82)
Chair(s): Andres Diaz Pace UNICEN University
10:30
15m
Research paper
Mining Security Documentation Practices in OpenAPIs Descriptions
Research Papers
Diana Munoz , Souhaila Serbout University of Zurich, Zurich, Switzerland, Cesare Pautasso Software Institute, Faculty of Informatics, USI Lugano
Pre-print File Attached
10:45
15m
Research paper
Data-Centric Model for Architecture’s Vulnerabilities Analysis
Research Papers
Michel Bourdelles , Jamal EL HACHEM IRISA (UMR CNRS) - Univ. Bretagne-Sud (UBS), Salah Sadou
11:00
15m
Research paper
An Architecture-Based Approach to Mitigate Confidentiality Violations Using Machine Learning
Research Papers
Nils Niehues Karlsruhe Institute of Technology (KIT), Sebastian Hahner Karlsruhe Institute of Technology (KIT), Robert Heinrich Karlsruhe Institute of Technology
Pre-print
11:15
15m
Research paper
TrustMesh: A Blockchain-Enabled Trusted Distributed Computing Framework for Open Heterogeneous IoT Environments
Research Papers
Murtaza Rangwala University of Melbourne, Rajkumar Buyya University of Melbourne, Australia
DOI Pre-print File Attached
:
:
:
: