In a connected world, confidentiality becomes increasingly critical. To cope with confidentiality on a higher abstraction level of software systems, architectural analyses have been proposed. By explicitly modeling data in the system design, the validity of access control policies can be ensured. However, the required information for such analyses is often too imprecise due to the high degree of uncertainty at design-time which results in incomplete and inaccurate policies. In this paper, we describe three key challenges while facing uncertainty and show how software architects could be supported in enhancing confidentiality throughout software design and evolution
