xDECAF is an extensible framework for data flow analysis in information security. It is released under a permissive open-source license, developed and maintained by the DSiS group from the Karlsruhe Institute of Technology (KIT), and subject to active research. The framework is used in various research projects including KASTEL, ANYMOS, SofDCar, Trust 4.0, and FluidTrust. For more information, documentation, publications, and usage examples, please see dataflowanalysis.org.
By analyzing all possible data flows in data flow diagrams and other software architecture models, we can identify information security issues like confidentiality violations. Exemplary questions are:
- Does personal data flow to unauthorized locations, violating the GDPR?
- Does data leave an internal server without being encrypted first?
- Does the access to sensitive data follow Role-based Access Control (RBAC)?
- Are there any data flows that merge two distinct types of data that would void anonymity?
The framework is presented in this key publication: N. Boltz and S. Hahner, et al., "An Extensible Framework for Architecture-Based Data Flow Analysis for Information Security", ECSA, Springer, 2024, doi: 10.1007/978-3-031-66326-0_21.
The following table shows the structure of the extensible analysis framework. The most important repositories are pinned below.
| # | Repository | Description | Status |
|---|---|---|---|
| 1 | DataFlowAnalysis | The main repository contains the analysis, converter logic, example models, and all documentation. |  |
| 4 | WebEditor | With this online available editor, data flow diagrams can be modeled and analyzed within your browser. |  |
| 3 | PCM-DataFlowAnalysis-Extension | This extension consists of meta models for annotating Palladio software architecture models than can serve as analysis input. |  |
Please see the download page for all relevant information. The easiest way to get started is by downloading our ready-to-use Eclipse product. Alternatively, all main repositories' artifacts are available on our Eclipse updatesite to be directly installed into the Eclipse Modeling Framework. After downloading, please see the getting started guide.
