Sciweavers

ACSAC
2001
IEEE

Information Flow Analysis of Component-Structured Applications

13 years 7 months ago
Information Flow Analysis of Component-Structured Applications
Software component technology facilitates the costeffective development of specialized applications. Nevertheless, due to the high number of principals involved in a component-structured system, it introduces special security problems which have to be tackled by a thorough security analysis. In particular, the diversity and complexity of information flows between components hold the danger of leaking information. Since information flow analysis, however, tends to be expensive and error-prone, we apply our objectoriented security analysis and modeling approach. It employs UML-based object-oriented modeling techniques and graph rewriting in order to make the analysis easier and to assure its quality even for large systems. Information flow is modeled based on Myers' and Liskov's decentralized label model combining label-based read access policy models and declassification of information with static analysis. We report on the principles of information flow analysis of component...
Peter Herrmann
Added 23 Aug 2010
Updated 23 Aug 2010
Type Conference
Year 2001
Where ACSAC
Authors Peter Herrmann
Comments (0)