Principles and Properties for Reducing the Prevalence of Implicit Interactions in System Designs.

Early security considerations are essential to ensuring a system is adequately protected, but their ever-growing size and complexity often leaves full comprehension of a system's interconnections out of reach. This gives rise to implicit interactions. These unplanned or unforeseen communication sequences between components are security vulnerabilities that can be exploited to mount a cyberattack. Existing design-phase formal methods-based approaches exist to identify implicit interactions, but formal methods see limited adoption and the root cause of implicit interactions is not well understood. In this work, we extend the existing formal approach to suggest areas of a system to focus redesign efforts, while also providing alternative approaches that do not require formal expertise. These focus on graph-based measurements and providing a set of properties, quality attributes, and design principles with goals in line with the reduction of the prevalence of implicit interactions within a system design.