An extensible data flow diagram constraint analysis framework for information security
xDECAF is an extensible framework for data flow analysis in information security.
It is released under a permissive open-source license, developed and maintained by the DSiS group from the Karlsruhe Institute of Technology (KIT), and subject to active research.
The framework is used in various research projects including KASTEL, ANYMOS, SofDCar, Trust 4.0, and FluidTrust.
For more information, documentation, publications, and usage examples, please see dataflowanalysis.org.
By analyzing all possible data flows in data flow diagrams and other software architecture models, we can identify information security issues like confidentiality violations. Exemplary questions are:
The framework is presented in this key publication:
N. Boltz and S. Hahner, et al., "An Extensible Framework for Architecture-Based Data Flow Analysis for Information Security",
ECSA, Springer, 2024, doi: 10.1007/978-3-031-66326-0_21.
Our analysis uses label propagation to analyze the characteristics of data flows. First, we extract all possible data flows from data flow diagrams or annotated software architecture models. The extracted data flows are represented as Transpose Flow Graph (TFGs) that contain all relevant information about the labels of the flowing data and its processing, e.g., by components or servers. We propagate these labels through the flow graphs and compare the result against pre-formulated constraints to detect violations of confidentiality, or privacy in general.
Palladio is a software architecture simulation approach which analyses software at the model level for performance bottlenecks, scalability issues, reliability threats, and allows for subsequent optimisation.