On Information Flow Forensics in Business Application Scenarios

Claus Wonnemann, Rafael Accorsi, Günter Muller
2009 2009 33rd Annual IEEE International Computer Software and Applications Conference  
To-date, security analysis techniques focus on the explicit access to data, thereby neglecting information flows happening over covert channels. As a result, critical business software applications and their deployment may be labeled secure, whereas in fact they are not. We present ongoing research towards information flow forensics, a novel approach for the a-posteriori detection of information flow. We motivate our work by illustrating the implications of illicit information flow in different
more » ... software application scenarios and demonstrate why current approaches fall short of effectively enforcing information flow policies in many cases. We show that information flow forensics can mitigate these drawbacks and outline some interesting research challenges involved in its realization.
doi:10.1109/compsac.2009.154 dblp:conf/compsac/WonnemannAM09 fatcat:s2utnhjbu5db7apotgovsy5j7i