Title :
Analyzing information flow control policies in requirements engineering
Author :
Alghathbar, Khaled ; Wijesekera, Duminda
Author_Institution :
King Saud Univ., Riyadh, Saudi Arabia
Abstract :
Currently security features are implemented and validated during the last phases of the software development life cycle. This practice results in less secure software systems and higher cost of fixing defects software vulnerability. To achieve more secure systems, security features must be considered during the early phases of the software development process. This work presents a high-level methodology that analyzes the information flow requirements and ensures the proper enforcement of information flow control policies. The methodology uses requirements specified in the Unified Modeling Language (UML) as its input and stratified logic programming language as the analysis language. The methodology improves security by detecting unsafe information flows before proceeding to latter stages of the life cycle.
Keywords :
formal specification; programming languages; security of data; software development management; software maintenance; software reliability; specification languages; Unified Modeling Language; analysis language; high-level methodology; information flow control policies; logic programming language; requirements engineering; secure software systems; security features; software development life cycle; Control systems; Costs; Information analysis; Information security; Logic programming; Phase detection; Software quality; Software systems; Testing; Unified modeling language;
Conference_Titel :
Policies for Distributed Systems and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE International Workshop on
Print_ISBN :
0-7695-2141-X
DOI :
10.1109/POLICY.2004.1309167
