A Method for Model-Driven Information Flow Security
Research report
Permanent lenke
http://hdl.handle.net/11250/2389194Utgivelsesdato
2009Metadata
Vis full innførselSamlinger
- Publikasjoner fra CRIStin - SINTEF AS [5801]
- SINTEF Digital [2501]
Originalversjon
SINTEF Rapport A11357, 56 p. SINTEF , 2009Sammendrag
We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the system architecture and selects a set of security requirements (in the form of secure information flow properties) that the system must adhere to. The user then specifies each component of the systemarchitecture using UML inspired state machines, and refines/transforms these (abstract) state machines into concrete state machines. It is shown that if the abstract specification adheres to the security requirements, then so does the concrete one provided that certain conditions are satisfied.
Oppdragsgiver: Norwegian Research Council (NCR); European Commission (EC)
Beskrivelse
-