To main content

A Method for Model-Driven Information Flow Security

Abstract

We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the  system architecture and selects a set of security requirements (in the form of secure information flow properties) that the system must adhere to. The user then specifies each component of the systemarchitecture using UML inspired state machines, and refines/transforms these (abstract) state machines into concrete state machines. It is shown that if the abstract specification adheres to the security requirements, then so does the concrete one provided that certain conditions are satisfied.

Oppdragsgiver: Norwegian Research Council (NCR); European Commission (EC)

Category

Report

Client

  • SINTEF AS / 90B230; 90B245; 403328

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software and Service Innovation

Year

2009

Publisher

SINTEF

Issue

A11357

ISBN

9788214044348

View this publication at Cristin