Auflistung nach Schlagwort "information flow"
1 - 2 von 2
Treffer pro Seite
Sortieroptionen
- ConferencePaperComponent-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures(Software Engineering 2021, 2021) Gerking, Christopher; Schubert, DavidThis publication is based on our paper presented at the IEEE International Conference on Software Architecture 2019. Due to their close interconnection with the outside world, cyber-physical systems are vulnerable to information leaks. Accordingly, it is crucial for software engineers to regulate and analyze the flow of information through systems. The microservice architectural style requires engineers to refine the regulations into security policies for the constituent software components. These policies must be composable to secure the information flow from end to end. However, since security is hard to compose, a composition of secure components may lead to an insecure system. In our paper, we enable microservice architectures of cyber-physical systems to be composed securely. First, we provide engineers with a set of architectural well-formedness rules for the refinement of security policies, ensuring composability if the constituent components communicate by message passing. Second, we present a verification technique to analyze whether the real-time message passing of components adheres to their refined security policies. Since the analysis results are securely composable, we assure engineers that a composition of secure components will always lead to a secure system. We evaluated the accuracy of our contributions using an extension of the CoCoME case study.
- KonferenzbeitragDetecting Information Flow by Mutating Input Data(Software Engineering und Software Management 2018, 2018) Mathis, Björn; Avdiienko, Vitalii; Soremekun, Ezekiel O.; Böhme, Marcel; Zeller, Andreas[Accepted as full paper for ASE 2017] Analyzing information flow is central in assessing the security of applications. However, static and dynamic analyses of information flow are easily challenged by non-available or obscure code. We present a lightweight mutation-based analysis that systematically mutates dynamic values returned by sensitive sources to assess whether the mutation changes the values passed to sensitive sinks. If so, we found a flow between source and sink. In contrast to existing techniques, mutation-based flow analysis does not attempt to identify the specific path of the flow and is thus resilient to obfuscation. In its evaluation, our MUTAFLOW prototype for Android programs showed that mutation-based flow analysis is a lightweight yet effective complement to existing tools. Compared to the popular FLOWDROID static analysis tool, MUTAFLOW requires less than 10% of source code lines but has similar accuracy; on 20 tested real-world apps, it is able to detect 75 flows that FLOWDROID misses.