Automating information flow control in component-based distributed systems

Abdellatif, Takoua; Sfaxi, Lilia; Robbana, Riadh; Lakhnech, Yassine

doi:10.1145/2000229.2000241

Cited by 15 publications

(8 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Information flow analysis at code level. Abdellatif et al [29] present an approach accompanied by a toolkit to automate information flow control in component-based systems. Their approach requires developers to specify the security properties with a configuration file, which in turn is used to validate the system for potential data leaks, before the security code is generated.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

Tuma

Scandariato

Balliu

2019

2019 IEEE International Conference on Software Architecture (ICSA)

View full text Add to dashboard Cite

This paper presents a practical and formal approach to analyze security-centric information flow policies at the level of the design model. Specifically, we focus on data confidentiality and data integrity objectives. In its guiding principles, the approach is meant to be amenable for designers (e.g., software architects) that have very limited or no background in formal models, logics, and the like. To this aim, we provide an intuitive graphical notation, which is based on the familiar Data Flow Diagrams, and which requires as little effort as possible in terms of extra security-centric information the designer has to provide. The result of the analysis algorithm is the early discovery of design flaws in the form of violations of the intended security properties. The approach is implemented as a publicly available plugin for Eclipse and evaluated with four real-world case studies from publicly available literature.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Yet, our work is unique with respect to label propagation and label specification for system components. In addition, our work defines attacker zones as part of a global security policy, while Abdellatif et al [29] do not model the attacker explicitly.…”

Section: Related Workmentioning

confidence: 99%

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

Tuma

Scandariato

Balliu

2019

2019 IEEE International Conference on Software Architecture (ICSA)

View full text Add to dashboard Cite

show abstract

“…In [18], a security configuration synthesis is provided but the adopted model does not deal with declassification and adaptation. Similarly, in [19], information flow security is applied to componentbased systems. Nevertheless, component code is required for label propagation, no formal model is provided and adaptation is not considered.…”

Section: Related Workmentioning

confidence: 99%

An End-to-End Security Model for Adaptive Service-Oriented Applications

Abdellatif

Bozga

2018

Service-Oriented Computing – ICSOC 2017 Workshops

Self Cite

View full text Add to dashboard Cite

In this paper, we present E2SM, an End-to-End Security Model and a set of algorithms to protect data confidentiality in complex adaptive Serviceoriented applications SOA. Starting from initial and intuitive business security constraints' settings, E2SM synthesizes a complete security configuration that is formally verified. E2SM is adapted to dynamic security constraints' modifications and to services' architecture reconfiguration. Thanks to its compositional verification, only impacted services' security is rechecked which makes E2SM suitable to adaptive and scalable SOA.

show abstract

“…Finally, our work is related to information flow security in component-based systems. In contrast to [23] where authors verify security in a component-based model by annotating the system ADL (Architecture Description Language) and tracking information flow at intra-and inter-components separately, this work provides a sound model with formal proofs guaranteeing system non-interference. Besides, and compared to our previous work [6] where we adopted a more general component-based model to build secure distributed systems, here we propose a simpler message-based send-receive model suitable to model applications with web-style primitives and communications like BPEL-based composed WS and we propose not only a security verification but also a practical solution for security configuration synthesis.…”

Section: Related Workmentioning

confidence: 99%

A Robust Framework for Securing Composed Web Services

Said

Abdellatif

Bensalem

et al. 2016

Formal Aspects of Component Software

Self Cite

View full text Add to dashboard Cite

This paper proposes a framework that automatically checks and configures data security in Web Services starting from high level business requirements. We consider BPEL-based composed Web Services. BPEL processes and initial security parameters are represented as component-based models labeled with security annotations. These models are formal and enable automated analysis and synthesis of security configurations, under the guidance of the service designer. The security property considered is the non-interference. The overall approach is practical since security is defined separately from functional processes and automatically verified. We illustrate its utility to solve intricate security problems using a smart grid application.

show abstract

Automating information flow control in component-based distributed systems

Cited by 15 publications

References 20 publications

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

An End-to-End Security Model for Adaptive Service-Oriented Applications

A Robust Framework for Securing Composed Web Services

Contact Info

Product

Resources

About