Abstract
Most modern software systems can be configured to fulfill specific customer requirements, adapting their behavior as required. However, such adaptations also increase the need to consider security concerns, for instance, to avoid that unintended feature interactions cause a vulnerability that an attacker can exploit. A particularly interesting aspect in this context are data storages (e.g., databases) used within the system, since the adapted behavior may change how (critical) data is collected, stored, processed, and accessed. Unfortunately, there is no comprehensive overview of the state-of-the-art on security concerns of configurable data storages. To address this gap, we conducted a systematic mapping study in which we analyzed 50 publications from the last decade (2013–2022). We compare these publications based on the configurable systems, data storages, and security concerns involved; using established classification criteria of the respective research fields. Overall, we identified 14 research opportunities, which we discuss in detail. Our key insight is that the security of configurable data storages seems to be under-explored and is rarely considered in a practice-oriented way, for instance, regarding relevant security standards. Furthermore, data storages and their security concerns are usually only mentioned briefly, even though they are either highly configurable or store critical data. Our mapping study aims to help practitioners and researchers to understand the current state-of-the-art research, identify open issues, and guide future research.
Original language | English |
---|---|
Title of host publication | 26th ACM International Systems and Software Product Line Conference, SPLC 2022 - Proceedings |
Editors | Alexander Felfernig, Lidia Fuentes, Jane Cleland-Huang, Wesley K.G. Assuncao, Wesley K.G. Assuncao, Andreas Falkner, Maider Azanza, Miguel A. Rodriguez Luaces, Megha Bhushan, Laura Semini, Xavier Devroey, Claudia Maria Lima Werner, Christoph Seidl, Viet-Man Le, Jose Miguel Horcas |
Publisher | Association for Computing Machinery, Inc |
Pages | 108-119 |
Number of pages | 12 |
ISBN (Electronic) | 9781450394437 |
DOIs | |
Publication status | Published - 12 Sept 2022 |
Bibliographical note
DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.Keywords
- configurable systems
- data storage
- mapping study
- security
- software product line engineering