• DocumentCode
    2359383
  • Title

    Information flow analysis of component-structured applications

  • Author

    Herrmann, Peter

  • Author_Institution
    Dept. of Comput. Sci., Dortmund Univ., Germany
  • fYear
    2001
  • fDate
    10-14 Dec. 2001
  • Firstpage
    45
  • Lastpage
    54
  • Abstract
    Software component technology facilitates the cost-effective development of specialized applications. Nevertheless, due to the high number of principals involved in a component-structured system, it introduces special security problems which have to be tackled by a thorough security analysis. In particular the diversity and complexity of information flows between components hold the danger of leaking information. Since information flow analysis, however, tends to be expensive and error-prone, we apply our object-oriented security analysis and modeling approach. It employs UML-based object-oriented modeling techniques and graph rewriting in order to make the analysis easier and to assure its quality even for large systems. Information flow is modeled based on the decentralized label model (Myers and Liskov, 1997) combining label-based read access policy models and declassification of information with static analysis. We report on the principles of information flow analysis of component-based systems, clarify its application by means of an example, and outline the corresponding tool-support.
  • Keywords
    authorisation; information systems; object-oriented methods; rewriting systems; specification languages; UML; component-structured applications; decentralized label model; graph rewriting; information declassification; information flow analysis; information leakage; information system security; object-oriented modeling; read access policy models; security analysis; software component technology; static analysis; tool support; Application software; Computer science; Cost accounting; Diversity reception; Government; Information analysis; Information security; Information technology; Object oriented modeling; Unified modeling language;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
  • Print_ISBN
    0-7695-1405-7
  • Type

    conf

  • DOI
    10.1109/ACSAC.2001.991520
  • Filename
    991520