Identifying confidentiality violations is challenging as modern software-intensive systems exchange and store large amounts of data, and system deployment and context vary. Although modelbased analyses can identify such violations already at design time, uncertainty within a software system or its environment can void analysis results. Existing approaches to raising awareness of uncertainty sources are limited in usability and extendability and require expert knowledge for interpretation and analysis. This paper presents our collaborative tooling ARC3N for collecting, modeling, and analyzing uncertainty sources regarding confidentiality. Using an open web-based platform, we simplify both identifying and assessing uncertainty without requiring expert knowledge. We evaluate our approach with a user study with students, researchers, and practitioners (n = 17) and demonstrate its feasibility.
Zur Publikation