Ecole d'ingénieur et centre de recherche en Sciences du numérique

Tracking dependent information flows

Zhioua, Zeineb; Roudier, Yves; Ameur Boulifa, Rabéa; Kechiche, Takoua; Short, Stuart

ICISSP 2017, 3rd International Conference on Information Systems Security and Privacy, February 19-21, 2017, Porto, Portugal

Ensuring the compliance of developed software with security requirements is a challenging task due to imprecision on the security guidelines definition, and to the lack of automatic and formal means to lead this verification. In this paper, we present our approach that aims at integrating the formal specification and verification of security guidelines in early stages of the development life cycle by combining the model checking together with information flow analysis. We formally specify security guidelines that involve dependent information flows as a basis to lead formal verification through model checking, and provide precise feedback to the developer.

Document Doi Bibtex

Titre:Tracking dependent information flows
Mots Clés:Security Guidelines, Formal Specification, Model Checking, Information Flow Analysis, Program Dependence Graph, Labeled Transition System
Type:Conférence
Langue:English
Ville:Porto
Pays:PORTUGAL
Date:
Département:Sécurité numérique
Eurecom ref:5207
Copyright: © Insticc. Personal use of this material is permitted. The definitive version of this paper was published in ICISSP 2017, 3rd International Conference on Information Systems Security and Privacy, February 19-21, 2017, Porto, Portugal and is available at : http://dx.doi.org/10.5220/0006209301790189
Bibtex: @inproceedings{EURECOM+5207, doi = {http://dx.doi.org/10.5220/0006209301790189}, year = {2017}, title = {{T}racking dependent information flows}, author = {{Z}hioua, {Z}eineb and {R}oudier, {Y}ves and {A}meur {B}oulifa, {R}ab{\'e}a and {K}echiche, {T}akoua and {S}hort, {S}tuart}, booktitle = {{ICISSP} 2017, 3rd {I}nternational {C}onference on {I}nformation {S}ystems {S}ecurity and {P}rivacy, {F}ebruary 19-21, 2017, {P}orto, {P}ortugal}, address = {{P}orto, {PORTUGAL}}, month = {02}, url = {http://www.eurecom.fr/publication/5207} }
Voir aussi: