DocumentCode
2359383
Title
Information flow analysis of component-structured applications
Author
Herrmann, Peter
Author_Institution
Dept. of Comput. Sci., Dortmund Univ., Germany
fYear
2001
fDate
10-14 Dec. 2001
Firstpage
45
Lastpage
54
Abstract
Software component technology facilitates the cost-effective development of specialized applications. Nevertheless, due to the high number of principals involved in a component-structured system, it introduces special security problems which have to be tackled by a thorough security analysis. In particular the diversity and complexity of information flows between components hold the danger of leaking information. Since information flow analysis, however, tends to be expensive and error-prone, we apply our object-oriented security analysis and modeling approach. It employs UML-based object-oriented modeling techniques and graph rewriting in order to make the analysis easier and to assure its quality even for large systems. Information flow is modeled based on the decentralized label model (Myers and Liskov, 1997) combining label-based read access policy models and declassification of information with static analysis. We report on the principles of information flow analysis of component-based systems, clarify its application by means of an example, and outline the corresponding tool-support.
Keywords
authorisation; information systems; object-oriented methods; rewriting systems; specification languages; UML; component-structured applications; decentralized label model; graph rewriting; information declassification; information flow analysis; information leakage; information system security; object-oriented modeling; read access policy models; security analysis; software component technology; static analysis; tool support; Application software; Computer science; Cost accounting; Diversity reception; Government; Information analysis; Information security; Information technology; Object oriented modeling; Unified modeling language;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
Print_ISBN
0-7695-1405-7
Type
conf
DOI
10.1109/ACSAC.2001.991520
Filename
991520
Link To Document