Home   Research Publications Members Related Software
IndexBrowse   BibliographiesMy selection
 Search: in   (word length ≥ 3)
Publication no #494   Download bibtex file Type :   Html | Bib | Both
Add to my selection
Architecture Based Information Flow Analysis for Software Security

Kirti Garg, David Garlan and Bradley Schmerl.


Online links: PDF   Bibtex entry   Plain Text

Using information flow modeling to perform security analysis is a common technique used during software design. While much theoretical work has been conducted in this area, there are few tools to assist with such analysis. In many instances the security analysis must be done by hand, requiring consid-erable expertise, time, and effort. Most available tools require custom code to be written for the analysis, and are consequently not well integrated with the software process, and not easily tailored to different security requirements. In this paper we describe the use of an Architecture Description Language (ADL) to (a) represent information flow in a software system, and (b) analyze the security-related properties of a system. We use a formal predicate-based de-scription of the security properties and policies, which allows for automated analysis of the information flow to uncover common security vulnerabilities. A key advantage to using ADLs is that security properties become declarative and can be automatically checked by constraint-based tools and without the need to write custom code.

Keywords: Architectural Analysis, Science of Security.  
    Created: 2016-06-24 16:54:38
Feedback: ABLE Webmaster
Last modified: Tue June 20 2017 16:43:41