Suchergebnis

Titel des Experiments
Model-based Security Evaluation of Microservice Applications

Autoren
Schneider, Simon; Díaz Ferreyra, Nicolás E.; Simhandl, Georg; Zdun, Uwe; Scandariato, Riccardo

Kurzbeschreibung des Experiments
Dataflow Diagrams (DFDs) are models representing architectural components of software systems and information flows between them. In previous work, we've developed an approach that automatically extracts such DFDs from source code of microservice applications and enriches them with extensive (security and other) properties.
Since DFDs are the starting point for many software security assessment techniques, we want to investigate their impact on the performance of security assessments.
For this, we conduct an experiment in which we let master students of a software security course taught by us at TUHH perform tasks related to a software security assessment. The participants will be divided into two groups, one of which will receive the source code of a microservice application, a short textual documentation, and some general information about the microservice architecture. The second group will be provided the same resources plus a DFD of the application. In a second meeting, the groups will be switched and the examined application will be a comparable yet different one, such that each participant will work with and without DFDs once.
We will quantitively measure the participants' performance in solving the tasks and ask them to fill out a questionnaire containing a number of qualitative questions about the provided resources.

Downloads

Institutional Review Board Certificate (English)