Title :
A formal design of secure information systems by using a Formal Secure Data Flow Diagram (FSDFD)
Author :
Soudain, N. ; Raggad, Bel G. ; Zouari, Belhassen
Author_Institution :
LIP2 Lab., Univ. El Manar, El Manar, Tunisia
Abstract :
Data flow diagram (DFD) is a methodology which can be applied to design an information system and even the behaviour of a whole organization. It has the advantages of simplicity and popularity by using simple notations. But, it is semi formal which means it lacks representation of semantics. Also, it doesn ´t consider security features of the system. In, this paper, we describe our new proposed methodology called FSDFD (formal secure data flow diagram). The idea of this proposal has been born from an increasing need of organizations to secure their information systems by making a secure and a formal design of each information system component. FSDFD will not only design formally more secured systems but also it will automate some security activities like security audit, risk analysis and vulnerability assessment. Use of FSDFD will so let organizations reduce both supported risk and security costs and improve security and assurance levels of their system.
Keywords :
data flow analysis; information systems; organisational aspects; risk analysis; security of data; formal design; formal secure data flow diagram; information system security; risk analysis; security audit; vulnerability assessment; Cascading style sheets; Costs; Data security; Design for disassembly; Formal languages; Information security; Information systems; Laboratories; Proposals; Risk analysis; DFD; FSDFD; assurance level; formal secure design; secure information system; security activities; security level; semantics; system component;
Conference_Titel :
Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on
Conference_Location :
Toulouse
Print_ISBN :
978-1-4244-4498-4
Electronic_ISBN :
2151-4763
DOI :
10.1109/CRISIS.2009.5411965
