Internet Archive Scholar

On Information Flow Forensics in Business Application Scenarios

Claus Wonnemann, Rafael Accorsi, Günter Muller
2009 2009 33rd Annual IEEE International Computer Software and Applications Conference  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (172.6 kB)
https://web.archive.org/web/20110725040253/http://www.informatik.uni-freiburg.de:80/~accorsi/papers/stpsa09.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL. The file type is application/pdf.

To-date, security analysis techniques focus on the explicit access to data, thereby neglecting information flows happening over covert channels. As a result, critical business software applications and their deployment may be labeled secure, whereas in fact they are not. We present ongoing research towards information flow forensics, a novel approach for the a-posteriori detection of information flow. We motivate our work by illustrating the implications of illicit information flow in different
more » ... software application scenarios and demonstrate why current approaches fall short of effectively enforcing information flow policies in many cases. We show that information flow forensics can mitigate these drawbacks and outline some interesting research challenges involved in its realization.
doi:10.1109/compsac.2009.154 dblp:conf/compsac/WonnemannAM09 fatcat:s2utnhjbu5db7apotgovsy5j7i
Citation

Claus Wonnemann, Rafael Accorsi, Günter Muller. "On Information Flow Forensics in Business Application Scenarios." 2009 33rd Annual IEEE International Computer Software and Applications Conference (2009) 324-328