A Systematic Mapping Study of Security Concepts for Configurable Data Storages

Richard May, Christian Biermann, Jacob Krüger, Gunter Saake, Thomas Leich

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

4 Citations (Scopus)

Abstract

Most modern software systems can be configured to fulfill specific customer requirements, adapting their behavior as required. However, such adaptations also increase the need to consider security concerns, for instance, to avoid that unintended feature interactions cause a vulnerability that an attacker can exploit. A particularly interesting aspect in this context are data storages (e.g., databases) used within the system, since the adapted behavior may change how (critical) data is collected, stored, processed, and accessed. Unfortunately, there is no comprehensive overview of the state-of-the-art on security concerns of configurable data storages. To address this gap, we conducted a systematic mapping study in which we analyzed 50 publications from the last decade (2013–2022). We compare these publications based on the configurable systems, data storages, and security concerns involved; using established classification criteria of the respective research fields. Overall, we identified 14 research opportunities, which we discuss in detail. Our key insight is that the security of configurable data storages seems to be under-explored and is rarely considered in a practice-oriented way, for instance, regarding relevant security standards. Furthermore, data storages and their security concerns are usually only mentioned briefly, even though they are either highly configurable or store critical data. Our mapping study aims to help practitioners and researchers to understand the current state-of-the-art research, identify open issues, and guide future research.
Original languageEnglish
Title of host publication26th ACM International Systems and Software Product Line Conference, SPLC 2022 - Proceedings
EditorsAlexander Felfernig, Lidia Fuentes, Jane Cleland-Huang, Wesley K.G. Assuncao, Wesley K.G. Assuncao, Andreas Falkner, Maider Azanza, Miguel A. Rodriguez Luaces, Megha Bhushan, Laura Semini, Xavier Devroey, Claudia Maria Lima Werner, Christoph Seidl, Viet-Man Le, Jose Miguel Horcas
PublisherAssociation for Computing Machinery, Inc
Pages108-119
Number of pages12
ISBN (Electronic)9781450394437
DOIs
Publication statusPublished - 12 Sept 2022

Bibliographical note

DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

Keywords

  • configurable systems
  • data storage
  • mapping study
  • security
  • software product line engineering

Fingerprint

Dive into the research topics of 'A Systematic Mapping Study of Security Concepts for Configurable Data Storages'. Together they form a unique fingerprint.

Cite this