Analyzing information flow control policies in requirements engineering

Author

Alghathbar, Khaled ; Wijesekera, Duminda

Author_Institution

King Saud Univ., Riyadh, Saudi Arabia

fYear

2004

fDate

7-9 June 2004

Firstpage

193

Lastpage

196

Abstract

Currently security features are implemented and validated during the last phases of the software development life cycle. This practice results in less secure software systems and higher cost of fixing defects software vulnerability. To achieve more secure systems, security features must be considered during the early phases of the software development process. This work presents a high-level methodology that analyzes the information flow requirements and ensures the proper enforcement of information flow control policies. The methodology uses requirements specified in the Unified Modeling Language (UML) as its input and stratified logic programming language as the analysis language. The methodology improves security by detecting unsafe information flows before proceeding to latter stages of the life cycle.

Keywords

formal specification; programming languages; security of data; software development management; software maintenance; software reliability; specification languages; Unified Modeling Language; analysis language; high-level methodology; information flow control policies; logic programming language; requirements engineering; secure software systems; security features; software development life cycle; Control systems; Costs; Information analysis; Information security; Logic programming; Phase detection; Software quality; Software systems; Testing; Unified modeling language;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE International Workshop on

Print_ISBN

0-7695-2141-X

Type

conf

DOI

10.1109/POLICY.2004.1309167

Filename

1309167