A Method for Model-Driven Information Flow Security

We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the system architecture and selects a set of security requirements (in the form of secure information flow properties) that the system must adhere to. The user then specifies each component of the system architecture using UML inspired state machines, and refines/transforms these (abstract) state machines into concrete state machines. It is shown that if the abstract specification adheres to the security requirements, then so does the concrete one provided that certain conditions are satisfied.

[1]  Ketil Stølen,et al.  Information flow security, abstraction and composition , 2009, IET Inf. Secur..

[2]  日本規格協会 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[3]  Janusz A. Brzozowski,et al.  Derivatives of Regular Expressions , 1964, JACM.

[4]  Peter Linz,et al.  An Introduction to Formal Languages and Automata , 1997 .

[5]  Susanna Donatelli,et al.  A compositional semantics for UML state machines aimed at performance evaluation , 2002, Sixth International Workshop on Discrete Event Systems, 2002. Proceedings..

[6]  Maritta Heisel,et al.  Confidentiality-preserving refinement , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[7]  David A. Basin,et al.  Model driven security for process-oriented systems , 2003, SACMAT '03.

[8]  Heiko Mantel,et al.  Preserving information flow properties under refinement , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[9]  J. Jacob,et al.  On the derivation of secure components , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[10]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[11]  Colin O'Halloran,et al.  A Calculus of Information Flow , 1990, ESORICS.

[12]  Mario Piattini,et al.  Extending OCL for Secure Database Development , 2004, UML.

[13]  Fredrik Hultin,et al.  Bridging Model-Based and Language-Based Security , 2003, ESORICS.

[14]  Mario Piattini,et al.  Model driven development of secure XML databases , 2006, SGMD.

[15]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[16]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[17]  Riccardo Focardi,et al.  Unwinding in Information Flow Security , 2004, MEFISTO.

[18]  Ursula Goltz,et al.  Refinement of actions and equivalence notions for concurrent systems , 2001, Acta Informatica.

[19]  Manfred Broy,et al.  Specification and development of interactive systems: focus on streams, interfaces, and refinement , 2001 .

[20]  Ketil Stølen,et al.  Adherence preserving refinement of trace-set properties in STAIRS: exemplified for information flow properties and policies , 2009, Software & Systems Modeling.

[21]  Jan Jürjens,et al.  Secrecy-Preserving Refinement , 2001, FME.

[22]  Heiko Mantel,et al.  Possibilistic definitions of security-an assembly kit , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[23]  Øystein Haugen,et al.  Refining UML Interactions with Underspecification and Nondeterminism , 2005, Nord. J. Comput..

[24]  Demissie B. Aredo Semantics of UML Statecharts in PVS , 2003 .

[25]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Ketil Stølen,et al.  A Fully General Operational Semantics for UML 2.0 Sequence Diagrams with Potential and Mandatory Choice , 2006, FM.

[27]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[28]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[29]  S C Kleene,et al.  Representation of Events in Nerve Nets and Finite Automata , 1951 .

[30]  Sabine Kuske,et al.  A Formal Semantics of UML State Machines Based on Structured Graph Transformation , 2001, UML.

[31]  Ketil Stølen,et al.  STAIRS towards formal design with sequence diagrams , 2005, Software & Systems Modeling.

[32]  Mass Soldal Lund,et al.  Operational analysis of sequence diagram specifications , 2007 .

[33]  Ruth Breu,et al.  Model Driven Security for Inter-organizational Workflows in e-Government , 2005, TCGOV.

[34]  E. Stewart Lee,et al.  A general theory of security properties , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[35]  Rajeev R. Raje,et al.  Model driven security: unification of authorization models for fine-grain access control , 2003, Seventh IEEE International Enterprise Distributed Object Computing Conference, 2003. Proceedings..

[36]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[37]  Manfred Broy,et al.  Specification and Development of Interactive Systems , 2001, Monographs in Computer Science.