TY - GEN
T1 - A Systematic Mapping Study of Security Concepts for Configurable Data Storages
AU - May, Richard
AU - Biermann, Christian
AU - Krüger, Jacob
AU - Saake, Gunter
AU - Leich, Thomas
N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.
PY - 2022/9/12
Y1 - 2022/9/12
N2 - Most modern software systems can be configured to fulfill specific customer requirements, adapting their behavior as required. However, such adaptations also increase the need to consider security concerns, for instance, to avoid that unintended feature interactions cause a vulnerability that an attacker can exploit. A particularly interesting aspect in this context are data storages (e.g., databases) used within the system, since the adapted behavior may change how (critical) data is collected, stored, processed, and accessed. Unfortunately, there is no comprehensive overview of the state-of-the-art on security concerns of configurable data storages. To address this gap, we conducted a systematic mapping study in which we analyzed 50 publications from the last decade (2013–2022). We compare these publications based on the configurable systems, data storages, and security concerns involved; using established classification criteria of the respective research fields. Overall, we identified 14 research opportunities, which we discuss in detail. Our key insight is that the security of configurable data storages seems to be under-explored and is rarely considered in a practice-oriented way, for instance, regarding relevant security standards. Furthermore, data storages and their security concerns are usually only mentioned briefly, even though they are either highly configurable or store critical data. Our mapping study aims to help practitioners and researchers to understand the current state-of-the-art research, identify open issues, and guide future research.
AB - Most modern software systems can be configured to fulfill specific customer requirements, adapting their behavior as required. However, such adaptations also increase the need to consider security concerns, for instance, to avoid that unintended feature interactions cause a vulnerability that an attacker can exploit. A particularly interesting aspect in this context are data storages (e.g., databases) used within the system, since the adapted behavior may change how (critical) data is collected, stored, processed, and accessed. Unfortunately, there is no comprehensive overview of the state-of-the-art on security concerns of configurable data storages. To address this gap, we conducted a systematic mapping study in which we analyzed 50 publications from the last decade (2013–2022). We compare these publications based on the configurable systems, data storages, and security concerns involved; using established classification criteria of the respective research fields. Overall, we identified 14 research opportunities, which we discuss in detail. Our key insight is that the security of configurable data storages seems to be under-explored and is rarely considered in a practice-oriented way, for instance, regarding relevant security standards. Furthermore, data storages and their security concerns are usually only mentioned briefly, even though they are either highly configurable or store critical data. Our mapping study aims to help practitioners and researchers to understand the current state-of-the-art research, identify open issues, and guide future research.
KW - configurable systems
KW - data storage
KW - mapping study
KW - security
KW - software product line engineering
UR - http://www.scopus.com/inward/record.url?scp=85139175920&partnerID=8YFLogxK
U2 - 10.1145/3546932.3546994
DO - 10.1145/3546932.3546994
M3 - Conference contribution
SP - 108
EP - 119
BT - 26th ACM International Systems and Software Product Line Conference, SPLC 2022 - Proceedings
A2 - Felfernig, Alexander
A2 - Fuentes, Lidia
A2 - Cleland-Huang, Jane
A2 - Assuncao, Wesley K.G.
A2 - Assuncao, Wesley K.G.
A2 - Falkner, Andreas
A2 - Azanza, Maider
A2 - Luaces, Miguel A. Rodriguez
A2 - Bhushan, Megha
A2 - Semini, Laura
A2 - Devroey, Xavier
A2 - Werner, Claudia Maria Lima
A2 - Seidl, Christoph
A2 - Le, Viet-Man
A2 - Horcas, Jose Miguel
PB - Association for Computing Machinery, Inc
ER -