microSecEnD: A dataset of security-enriched dataflow diagrams for microservice applications

Publikationstyp
Conference Paper
Date Issued
2023
Sprache
English
Author(s)
Schneider, Simon  
Software Security E-22  
Ozen, Tufan
Chen, Michael
Scandariato, Riccardo  
Software Security E-22  
TORE-URI
https://hdl.handle.net/11420/42718
Start Page
125
End Page
129
Article Number
190670
Citation
20th IEEE/ACM International Conference on Mining Software Repositories (MSR 2023)
Contribution to Conference
20th IEEE/ACM International Conference on Mining Software Repositories, MSR 2023  
Publisher DOI
10.1109/MSR59073.2023.00030
Scopus ID
2-s2.0-85166290315
Publisher
Institute of Electrical and Electronics Engineers Inc.
ISBN
9798350311846
Dataflow diagrams (DFDs) are useful resources in securing applications since they show a software system's architecture and allow assessing architectural security and weaknesses. Enriching them with annotations about implemented security features further strengthens this ability. This is especially true for microservice applications, as their most pressing security concerns stem from their separation into multiple services. Researchers need data to work on these issues and enhance microservices' architectural security. In this work, we present microSecEnD, a dataset of 17 manually created DFDs that are extensively annotated with information on implemented security features. We provide traceability for all model items. Further, a mapping to a list of 17 architectural security best-practices is provided. Finally, for each best-practice that an application violates, we present a model variant that does adhere to it.
Subjects
dataflow diagrams
dataset
microservices
security
DDC Class
004: Computer Sciences