Modeling Data Flow Constraints for Design-Time Confidentiality Analyses

With the increase in connectedness and the growing volume of data, ensuring confidentiality becomes increasingly critical. Data-driven analyses try to cope with this complexity by automatically verifying confidentiality at design time. However, confidentiality constraints are manifold. Thus, analyses limit the software architect’s possibilities of expression or require them to use the underlying verification formalism directly. We propose a domain-specific language to enable architects to formulate data flow constraints using the terminology and abstraction of the architectural domain. We present a mapping of data flow constraints and results which is compliant to the transformation of the architecture and evaluated based on real-world scenarios.