Abstract
This paper presents a practical and formal approach to analyze security-centric information flow policies at the level of the design model. Specifically, we focus on data confidentiality and data integrity objectives. In its guiding principles, the approach is meant to be amenable for designers (e.g., software architects) that have very limited or no background in formal models, logics, and the like. To this aim, we provide an intuitive graphical notation, which is based on the familiar Data Flow Diagrams, and which requires as little effort as possible in terms of extra security-centric information the designer has to provide. The result of the analysis algorithm is the early discovery of design flaws in the form of violations of the intended security properties. The approach is implemented as a publicly available plugin for Eclipse and evaluated with four real-world case studies from publicly available literature.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2019 IEEE International Conference on Software Architecture, ICSA 2019 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 191-200 |
| Number of pages | 10 |
| ISBN (Electronic) | 9781728105284 |
| DOIs | |
| Publication status | Published - 30 Apr 2019 |
| Externally published | Yes |
| Event | 2019 IEEE International Conference on Software Architecture, ICSA 2019 - Hamburg, Germany Duration: 25 Mar 2019 → 29 Mar 2019 |
Publication series
| Name | Proceedings - 2019 IEEE International Conference on Software Architecture, ICSA 2019 |
|---|
Conference
| Conference | 2019 IEEE International Conference on Software Architecture, ICSA 2019 |
|---|---|
| Country/Territory | Germany |
| City | Hamburg |
| Period | 25/03/19 → 29/03/19 |
Bibliographical note
Funding Information:This research was partially supported by the Swedish VIN-NOVA FFI project “HoliSec: Holistic Approach to Improve Data Security”. Musard Balliu was partially supported by the JointForce project financed by the Swedish Research Council and the TrustFull project financed by the Swedish Foundation for Strategic Research.
Publisher Copyright:
© 2019 IEEE.
Copyright:
Copyright 2019 Elsevier B.V., All rights reserved.
Funding
This research was partially supported by the Swedish VIN-NOVA FFI project “HoliSec: Holistic Approach to Improve Data Security”. Musard Balliu was partially supported by the JointForce project financed by the Swedish Research Council and the TrustFull project financed by the Swedish Foundation for Strategic Research.
Keywords
- Confidentiality
- Data Flow Diagram
- Integrity
- Secure design