Affiliation:
1. SINTEF, Norway
2. SINTEF, University of Oslo, Norway
Abstract
We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the system architecture and selects a set of security requirements (in the form of secure information flow properties) that the system must adhere to. The user then specifies each component of the system architecture using UML inspired state machines, and refines/transforms these (abstract) state machines into concrete state machines. It is shown that if the abstract specification adheres to the security requirements, then so does the concrete one provided that certain conditions are satisfied.
Reference37 articles.
1. Aredo, D. B. (2003). Semantics of UML statecharts in PVS. In Proc. of the 7th International Multi-Conference on Systemics, Cybernetics and Informatics (SCI2003).
2. Basin, D., Doser, J., & Lodderstedt, T. (2003). Model driven security for process-oriented systems. In Proc. of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT’03), (pp. 100–109). ACM.
3. Model driven security
4. Unwinding in Information Flow Security
5. Breu, R., Hafner, M., Weber, B., & Novak, A. (2005). Model driven security for inter-organizational workflows in e-government. In Proc. of the 2005 International Conference on E-Government: Towards Electronic Democracy (TCGOV’05), volume 3416 of Lecture Notes in Computer Science, (pp. 122–133). Springer.
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Model-Driven Information Flow Security for Component-Based Systems;From Programs to Systems. The Systems perspective in Computing;2014