Title :
On Information Flow Forensics in Business Application Scenarios
Author :
Wonnemann, Claus ; Accorsi, Rafael ; Müller, Günter
Author_Institution :
Dept. of Telematics, Univ. of Freiburg, Freiburg, Germany
Abstract :
To-date, security analysis techniques focus on the explicit access to data, thereby neglecting information flows happening over covert channels. As a result, critical business software applications and their deployment may be labeled secure, whereas in fact they are not. We present ongoing research towards information flow forensics, a novel approach for the a-posteriori detection of information flow. We motivate our work by illustrating the implications of illicit information flow in different software application scenarios and demonstrate why current approaches fall short of effectively enforcing information flow policies in many cases. We show that information flow forensics can mitigate these drawbacks and outline some interesting research challenges involved in its realization.
Keywords :
business data processing; security of data; business application scenario; information flow forensic; security analysis technique; Application software; Computer applications; Computer security; Data flow computing; Data security; Forensics; Information analysis; Information security; Telematics; Timing; Automated Business Processes; Information Flow; Information Flow Forensics;
Conference_Titel :
Computer Software and Applications Conference, 2009. COMPSAC '09. 33rd Annual IEEE International
Conference_Location :
Seattle, WA
Print_ISBN :
978-0-7695-3726-9
DOI :
10.1109/COMPSAC.2009.154
