A formal design of secure information systems by using a Formal Secure Data Flow Diagram (FSDFD)

Data flow diagram (DFD) is a methodology which can be applied to design an information system and even the behaviour of a whole organization. It has the advantages of simplicity and popularity by using simple notations. But, it is semi formal which means it lacks representation of semantics. Also, it doesn ´t consider security features of the system. In, this paper, we describe our new proposed methodology called FSDFD (formal secure data flow diagram). The idea of this proposal has been born from an increasing need of organizations to secure their information systems by making a secure and a formal design of each information system component. FSDFD will not only design formally more secured systems but also it will automate some security activities like security audit, risk analysis and vulnerability assessment. Use of FSDFD will so let organizations reduce both supported risk and security costs and improve security and assurance levels of their system.