Dynamic label binding at run-time
Proceedings of the 2003 workshop on New security paradigms
Secured Information Flow for Asynchronous Sequential Processes
Electronic Notes in Theoretical Computer Science (ENTCS)
Compositional verification of application-level security properties
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
| Hi-index | 0.00 |
Software component technology facilitates the cost-effectivedevelopment of specialized applications. Nevertheless,due to the high number of principals involved in acomponent-structured system, it introduces special securityproblems which have to be tackled by a thorough securityanalysis. In particular, the diversity and complexity of informationflows between components hold the danger of leakinginformation. Since information flow analysis, however,tends to be expensive and error-prone, we apply our object-orientedsecurity analysis and modeling approach. It employsUML-based object-oriented modeling techniques andgraph rewriting in order to make the analysis easier and toassure its quality even for large systems. Information flowis modeled based on Myers' and Liskov's decentralized labelmodel combining label-based read access policy modelsand declassification of information with static analysis.We report on the principles of information flow analysis ofcomponent-based systems, clarify its application by meansof an example, and outline the corresponding tool-support.