Final Report Abstract

The digitization of industry (Industry 4.0) enacts ad-hoc cooperation between organizations in supply and production chains that goes beyond rigid hierarchical processes and increases efficiency and individualization of end-products. Modern software-intensive systems in Industry 4.0 process data in dynamic contexts with distributed and decentralized computing resources according to multiple organizational roles with different privileges.The high level of heterogeneity, complexity and dynamicity make these systems different from traditional systems as the sheer number of possible situations that may occur at runtime results in high level of uncertainty. Access control in these systems requires significant paradigm shift with respect to existing approaches. The high level of dynamicity prohibits relying on static structures and deprecates many techniques to access control specification and analysis. The uncertainty poses even more significant hurdle as it collides with the traditional interpretation and modelling of access control where access/deny decisions are sharp and fully determined. In systems plagued with uncertainty, like Industry 4.0 systems, the rigid interpretation of access control causes many problems. For example, exceptional situations like partial failure of a card reader system should not prohibit supply trucks entering a factory, even though in a strict sense, they cannot be authorized properly. To strictly forbid access in such situations following fully determined rules may result in significant loss due to stop of production and thus is not acceptable. Instead, access control (and trust in general) must be understood in “fluid” sense, and not be determined by rigid rules, but rather as continuous space where risk and loss associated with access control models and together are tied to dynamic situations. Although several works have focused on context-dependent security and fuzzy rules, the connection between dynamicity (i.e., dynamically changing system structure and behavior) and uncertainty created a novel challenge that required novel basic research approaches. FluidTrust addressed specifically the novel combination of a high level of uncertainty and a high level of dynamicity and aimed at providing models and analysis techniques for design time specification, runtime enforcement, and guarantees of access control to data and physical resources in highly dynamic and uncertain systems. The solution pursued in the project connected approaches to fuzzy semantics and variation modelling with the specification of dynamic access control using autonomic component ensembles with architecture-based data flows that derived confidentiality requirements. This was a joint Czech-German project.

Publications

• Capturing Dynamicity and Uncertainty in Security and Trust via Situational Patterns. Lecture Notes in Computer Science, 295-310. Springer International Publishing.
  Bures, Tomas; Hnetynka, Petr; Heinrich, Robert; Seifermann, Stephan & Walter, Maximilian
  
• Context-Based Confidentiality Analysis for Industrial IoT. 2020 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 589-596. IEEE.
  Boltz, Nicolas; Walter, Maximilian & Heinrich, Robert
  
• “A taxonomy of dynamic changes affecting confidentiality,” in 11th Workshop Design For Future – Langlebige Softwaresysteme, 2020.
  M. Walter, S. Seifermann & R. Heinrich
  
• “Towards language-agnostic reuse of palladio quality analyses,” Softwaretechnik-Trends, vol. 40, no. 3, pp. 46–48, 2020, ISSN: 0720-8928.
  M. Reimann, S. Seifermann, M. Walter, R. Heinrich, T. Bures & P. Hnetynka
  
• A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures. Proceedings of the 18th International Conference on Security and Cryptography, 26-37. SCITEPRESS - Science and Technology Publications.
  Seifermann, Stephan; Heinrich, Robert; Werle, Dominik & Reussner, Ralf
  
• Aspect-Oriented Adaptation of Access Control Rules. 2021 47th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 363-370. IEEE.
  Bures, Tomas; Gerostathopoulos, Ilias; Hnetynka, Petr; Seifermann, Stephan; Walter, Maximilian & Heinrich, Robert
  
• Challenges in Aligning Enterprise Application Architectures to Business Process Access Control Requirements in Evolutional Changes. Proceedings of the 18th International Conference on e-Business, 13-24. SCITEPRESS - Science and Technology Publications.
  Pilipchuk, Roman; Seifermann, Stephan; Heinrich, Robert & Reussner, Ralf
  
• Enabling Consistency between Software Artefacts for Software Adaption and Evolution. 2021 IEEE 18th International Conference on Software Architecture (ICSA), 1-12. IEEE.
  Monschein, David; Mazkatli, Manar; Heinrich, Robert & Koziolek, Anne
  
• Modeling Data Flow Constraints for Design-Time Confidentiality Analyses. 2021 IEEE 18th International Conference on Software Architecture Companion (ICSA-C), 15-21. IEEE.
  Hahner, Sebastian; Seifermann, Stephan; Heinrich, Robert; Walter, Maximilian; Bures, Tomas & Hnetynka, Petr
  
• “Dealing with uncertainty in architectural confidentiality analysis,” in Proceedings of the Software Engineering 2021 Satellite Events, 46.23.03; LK 01, GI, 2021, pp. 1–6.
  S. Hahner
  
• “Identifying confidentiality violations in architectural design using palladio,” in ECSA-C, vol. 2978, CEUR-WS.org, 2021.
  S. Seifermann, M. Walter, S. Hahner, R. Heinrich & R. Reussner
  
• Accurate Performance Predictions with Component-Based Models of Data Streaming Applications. Lecture Notes in Computer Science, 83-98. Springer International Publishing.
  Werle, Dominik; Seifermann, Stephan & Koziolek, Anne
  
• Architectural Attack Propagation Analysis for Identifying Confidentiality Issues. 2022 IEEE 19th International Conference on Software Architecture (ICSA), 1-12. IEEE.
  Walter, Maximilian; Heinrich, Robert & Reussner, Ralf
  
• Architectural Optimization for Confidentiality Under Structural Uncertainty. Lecture Notes in Computer Science, 309-332. Springer International Publishing.
  Walter, Maximilian; Hahner, Sebastian; Seifermann, Stephan; Bures, Tomas; Hnetynka, Petr; Pacovský, Jan & Heinrich, Robert
  
• Attuning Adaptation Rules via a Rule-Specific Neural Network. Lecture Notes in Computer Science, 215-230. Springer Nature Switzerland.
  Bureš, Tomáš; Hnětynka, Petr; Kruliš, Martin; Plášil, František; Khalyeyev, Danylo; Hahner, Sebastian; Seifermann, Stephan; Walter, Maximilian & Heinrich, Robert
  
• Dataset - Architectural Attack Propagation Analysis for Identifying Confidentiality Issues. 2022 IEEE 19th International Conference on Software Architecture Companion (ICSA-C), 59-59. IEEE.
  Walter, Maximilian; Heinrich, Robert & Reussner, Ralf
  
• Detecting violations of access control and information flow policies in data flow diagrams. Journal of Systems and Software, 184, 111138.
  Seifermann, Stephan; Heinrich, Robert; Werle, Dominik & Reussner, Ralf
  
• Handling Environmental Uncertainty in Design Time Access Control Analysis. 2022 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 382-389. IEEE.
  Boltz, Nicolas; Hahner, Sebastian; Walter, Maximilian; Seifferman, Stephan; Heinrich, Robert; Bures, Tomas & Hnetynka, Petr
  
• A Classification of Software-Architectural Uncertainty Regarding Confidentiality. Communications in Computer and Information Science, 139-160. Springer Nature Switzerland.
  Hahner, Sebastian; Seifermann, Stephan; Heinrich, Robert & Reussner, Ralf
  
• Architecture-Based Attack Path Analysis for Identifying Potential Security Incidents. Lecture Notes in Computer Science, 37-53. Springer Nature Switzerland.
  Walter, Maximilian; Heinrich, Robert & Reussner, Ralf
  
• Architecture-based attack propagation and variation analysis for identifying confidentiality issues in Industry 4.0. at - Automatisierungstechnik, 71(6), 443-452.
  Walter, Maximilian; Hahner, Sebastian; Bureš, Tomáš; Hnětynka, Petr; Heinrich, Robert & Reussner, Ralf
  
• Architecture-Based Uncertainty Impact Analysis to Ensure Confidentiality. 2023 IEEE/ACM 18th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), 126-132. IEEE.
  Hahner, Sebastian; Heinrich, Robert & Reussner, Ralf
  
• Automatic Derivation of Vulnerability Models for Software Architectures. 2023 IEEE 20th International Conference on Software Architecture Companion (ICSA-C), 276-283. IEEE.
  Kirschner, Yves R.; Walter, Maximilian; Bossert, Florian; Heinrich, Robert & Koziolek, Anne
  
• Dynamic Access Control in Industry 4.0 Systems. Digital Transformation, 143-170. Springer Berlin Heidelberg.
  Heinrich, Robert; Seifermann, Stephan; Walter, Maximilian; Hahner, Sebastian; Reussner, Ralf; Bureš, Tomáš; Hnětynka, Petr & Pacovský, Jan
  
• Generating adaptation rule-specific neural networks. International Journal on Software Tools for Technology Transfer, 25(5-6), 733-746.
  Bureš, Tomáš; Hnětynka, Petr; Kruliš, Martin; Plášil, František; Khalyeyev, Danylo; Hahner, Sebastian; Seifermann, Stephan; Walter, Maximilian & Heinrich, Robert
  
• Model-based Confidentiality Analysis under Uncertainty. 2023 IEEE 20th International Conference on Software Architecture Companion (ICSA-C), 256-263. IEEE.
  Hahner, Sebastian; Bitschi, Tizian; Walter, Maximilian; Bureš, Tomáš; Hnětynka, Petr & Heinrich, Robert
  
• Tool-Based Attack Graph Estimation and Scenario Analysis for Software Architectures. Lecture Notes in Computer Science, 45-61. Springer International Publishing.
  Walter, Maximilian & Reussner, Ralf
  
• “Identifizierung von vertraulichkeitsproblemen mithilfe von angriffsausbreitung auf architektur,” in Software Engineering 2023, 46.23.03; LK 01, vol. 332, GI, 2023, pp. 123–124, ISBN: 978-3-88579-726-5.
  M. Walter, R. Heinrich & R. Reussner