A Systematic Mapping Study of Security Concepts for Configurable Data Storages

Richard May, Christian Biermann, Jacob Krüger, Gunter Saake, Thomas Leich

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

4 Citaten (Scopus)

Samenvatting

Most modern software systems can be configured to fulfill specific customer requirements, adapting their behavior as required. However, such adaptations also increase the need to consider security concerns, for instance, to avoid that unintended feature interactions cause a vulnerability that an attacker can exploit. A particularly interesting aspect in this context are data storages (e.g., databases) used within the system, since the adapted behavior may change how (critical) data is collected, stored, processed, and accessed. Unfortunately, there is no comprehensive overview of the state-of-the-art on security concerns of configurable data storages. To address this gap, we conducted a systematic mapping study in which we analyzed 50 publications from the last decade (2013–2022). We compare these publications based on the configurable systems, data storages, and security concerns involved; using established classification criteria of the respective research fields. Overall, we identified 14 research opportunities, which we discuss in detail. Our key insight is that the security of configurable data storages seems to be under-explored and is rarely considered in a practice-oriented way, for instance, regarding relevant security standards. Furthermore, data storages and their security concerns are usually only mentioned briefly, even though they are either highly configurable or store critical data. Our mapping study aims to help practitioners and researchers to understand the current state-of-the-art research, identify open issues, and guide future research.
Originele taal-2Engels
Titel26th ACM International Systems and Software Product Line Conference, SPLC 2022 - Proceedings
RedacteurenAlexander Felfernig, Lidia Fuentes, Jane Cleland-Huang, Wesley K.G. Assuncao, Wesley K.G. Assuncao, Andreas Falkner, Maider Azanza, Miguel A. Rodriguez Luaces, Megha Bhushan, Laura Semini, Xavier Devroey, Claudia Maria Lima Werner, Christoph Seidl, Viet-Man Le, Jose Miguel Horcas
UitgeverijAssociation for Computing Machinery, Inc
Pagina's108-119
Aantal pagina's12
ISBN van elektronische versie9781450394437
DOI's
StatusGepubliceerd - 12 sep. 2022

Bibliografische nota

DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

Vingerafdruk

Duik in de onderzoeksthema's van 'A Systematic Mapping Study of Security Concepts for Configurable Data Storages'. Samen vormen ze een unieke vingerafdruk.

Citeer dit