Tracking Dependent Information Flows

Zeineb Zhioua, Yves Roudier, Rabéa Ameur Boulifa, Takoua Kechiche, Stuart Short
2017 Proceedings of the 3rd International Conference on Information Systems Security and Privacy  
Ensuring the compliance of developed software with security requirements is a challenging task due to imprecision on the security guidelines definition, and to the lack of automatic and formal means to lead this verification. In this paper, we present our approach that aims at integrating the formal specification and verification of security guidelines in early stages of the development life cycle by combining the model checking together with information flow analysis. We formally specify
more » ... ty guidelines that involve dependent information flows as a basis to lead formal verification through model checking, and provide precise feedback to the developer. MOTIVATION Information Flow Analysis Different security mechanisms, such as access control and encryption allow to protect sensitive data, but
doi:10.5220/0006209301790189 dblp:conf/icissp/ZhiouaRAKS17 fatcat:owzxqzjgi5axndvvcu2rcqtjcm