Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

This paper presents a practical and formal approach to analyze security-centric information flow policies at the level of the design model. Specifically, we focus on data confidentiality and data integrity objectives. In its guiding principles, the approach is meant to be amenable for designers (e.g., software architects) that have very limited or no background in formal models, logics, and the like. To this aim, we provide an intuitive graphical notation, which is based on the familiar Data Flow Diagrams, and which requires as little effort as possible in terms of extra security-centric information the designer has to provide. The result of the analysis algorithm is the early discovery of design flaws in the form of violations of the intended security properties. The approach is implemented as a publicly available plugin for Eclipse and evaluated with four real-world case studies from publicly available literature.

[1]  Yassine Lakhnech,et al.  Automating information flow control in component-based distributed systems , 2011, CBSE '11.

[2]  Peter Gorm Larsen,et al.  A Formal Semantics of Data Flow Diagrams , 1994, Formal Aspects of Computing.

[3]  Riccardo Scandariato,et al.  Back to the Drawing Board - Bringing Security Constraints in an Architecture-centric Software Development Process , 2018, ICISSP.

[4]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[5]  Wouter Joosen,et al.  SPARTA: Security & Privacy Architecture Through Risk-Driven Threat Assessment , 2018, 2018 IEEE International Conference on Software Architecture Companion (ICSA-C).

[6]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[7]  Musard Balliu,et al.  We Are Family: Relating Information-Flow Trackers , 2017, ESORICS.

[8]  Karsten Sohr,et al.  Automatically Extracting Threats from Extended Data Flow Diagrams , 2016, ESSoS.

[9]  Xin Qi,et al.  Fabric: a platform for secure distributed computation and storage , 2009, SOSP '09.

[10]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[11]  Wouter Joosen,et al.  Empirical evaluation of a privacy-focused threat modeling methodology , 2014, J. Syst. Softw..

[12]  John Grundy,et al.  Automated software architecture security risk analysis using formalized signatures , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[13]  Ashwini Rao,et al.  Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements , 2014, Requirements Engineering.

[14]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[15]  Eric Bodden,et al.  A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks , 2014, NDSS.

[16]  Wouter Joosen,et al.  A Model for Provably Secure Software Design , 2017, 2017 IEEE/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE).

[17]  Riccardo Scandariato,et al.  Towards Security Threats that Matter , 2017, CyberICPS/SECPRE@ESORICS.

[18]  Wouter Joosen,et al.  A descriptive study of Microsoft’s threat modeling technique , 2015, Requirements Engineering.

[19]  Karsten Sohr,et al.  Extracting and Analyzing the Implemented Security Architecture of Business Applications , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[20]  Elisabetta Di Nitto,et al.  Defining, Enforcing and Checking Privacy Policies In Data-Intensive Applications , 2018, 2018 IEEE/ACM 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[21]  Albert L. Baker,et al.  Formal semantics for SA style data flow diagram specification languages , 1999, SAC '99.

[22]  Ghulam Rasool,et al.  A Survey on Design Pattern Recovery Techniques , 2011 .

[23]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[24]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[25]  Tai-hoon Kim,et al.  Formal Representations of the Data Flow Diagram: A Survey , 2008, 2008 Advanced Software Engineering and Its Applications.