Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICDCSW
2005
IEEE
2005
IEEE
Specifying Information-Flow Controls
The core problem in risk analysis - determining exploitable paths between attackers and system assets is essentially a problem of determining information flow. It is relatively straightforward to interpret design models for service-based distributed systems in information-flow terms, but the analysis results must be integrated into the system engineering process, and any resulting security controls must be meaningful to system practitioners as well as security analysts. The work reported here addresses these practical problems; it shows that information flow analysis can be integrated into the requirements traceability process, ensuring that security controls are specific about the properties they require. Communication between information-analyst and system practitioner is also addressed by tuning the analysis to reflect the exploitability of threat paths, and by defining security controls as patterns of information-flow constraints, rather than single predicates.
Real-time TrafficDistributed And Parallel Computing | ICDCSW 2005 | Information Flow | Security Controls | Service-based Distributed Systems |
Related Content
| Added | 24 Jun 2010 |
| Updated | 24 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | ICDCSW |
| Authors | Howard Chivers, Jeremy Jacob |
Comments (0)
Researcher Info
|
