On Information Flow Forensics in Business Application Scenarios

Author

Wonnemann, Claus ; Accorsi, Rafael ; Müller, Günter

Author_Institution

Dept. of Telematics, Univ. of Freiburg, Freiburg, Germany

Volume

2

fYear

2009

fDate

20-24 July 2009

Firstpage

324

Lastpage

328

Abstract

To-date, security analysis techniques focus on the explicit access to data, thereby neglecting information flows happening over covert channels. As a result, critical business software applications and their deployment may be labeled secure, whereas in fact they are not. We present ongoing research towards information flow forensics, a novel approach for the a-posteriori detection of information flow. We motivate our work by illustrating the implications of illicit information flow in different software application scenarios and demonstrate why current approaches fall short of effectively enforcing information flow policies in many cases. We show that information flow forensics can mitigate these drawbacks and outline some interesting research challenges involved in its realization.

Keywords

business data processing; security of data; business application scenario; information flow forensic; security analysis technique; Application software; Computer applications; Computer security; Data flow computing; Data security; Forensics; Information analysis; Information security; Telematics; Timing; Automated Business Processes; Information Flow; Information Flow Forensics;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Software and Applications Conference, 2009. COMPSAC '09. 33rd Annual IEEE International

Conference_Location

Seattle, WA

ISSN

0730-3157

Print_ISBN

978-0-7695-3726-9

Type

conf

DOI

10.1109/COMPSAC.2009.154

Filename

5254046