The growing interconnection between software systems increases the need for security already at design time. Security-related properties like confidentiality are often analyzed based on data flow diagrams (DFDs). However, manually analyzing DFDs of large software systems is bothersome and error-prone, and adjusting an already deployed software is costly. Additionally, closed analysis ecosystems limit the reuse of modeled information and impede comprehensive statements about a system's security. In this paper, we present an open and extensible framework for data flow analysis. The central element of our framework is our new implementation of a well-validated data-flow-based analysis approach. The framework is compatible with DFDs and can also extract data flows from the Palladio architectural description language. We showcase the extensibility with multiple model and analysis extensions. Our evaluation indicates that we can analyze similar scenarios while achieving higher scalability compared to previous implementations.

翻译：软件系统之间的互联日益增强，这提高了在设计阶段就考虑安全性的需求。诸如机密性等与安全相关的属性通常基于数据流图（DFD）进行分析。然而，手动分析大型软件系统的DFD既繁琐又容易出错，且调整已部署的软件成本高昂。此外，封闭的分析生态系统限制了已建模信息的重用，并阻碍了对系统安全性进行全面评估。在本文中，我们提出了一种开放且可扩展的数据流分析框架。该框架的核心元素是我们对一种经过充分验证的基于数据流的分析方法的重新实现。该框架兼容DFD，并能从Palladio架构描述语言中提取数据流。我们通过多种模型和分析扩展展示了其可扩展性。我们的评估表明，与之前的实现相比，我们能够在分析类似场景的同时实现更高的可扩展性。