KIT | KIT-Bibliothek | Impressum | Datenschutz

Detecting Violations of Access Control and Information Flow Policies in Data Flow Diagrams

Seifermann, Stephan ORCID iD icon; Heinrich, Robert; Werle, Dominik; Reussner, Ralf


The security of software-intensive systems is frequently attacked. High fines or loss in reputation are potential consequences of not maintaining confidentiality, which is an important security objective. Detecting confidentiality issues in early software designs enables cost-efficient fixes. A Data Flow Diagram (DFD) is a modeling notation, which focuses on essential, functional aspects of such early software designs. Existing confidentiality analyses on DFDs support either information flow control or access control, which are the most common confidentiality mechanisms. Combining both mechanisms can be beneficial but existing DFD analyses do not support this. This lack of expressiveness requires designers to switch modeling languages to consider both mechanisms, which can lead to inconsistencies. In this article, we present an extended DFD syntax that supports modeling both, information flow and access control, in the same language. This improves expressiveness compared to related work and avoids inconsistencies. We define the semantics of extended DFDs by clauses in first-order logic. A logic program made of these clauses enables the automated detection of confidentiality violations by querying it. ... mehr

Verlagsausgabe §
DOI: 10.5445/IR/1000139064/pub
Veröffentlicht am 23.11.2021
Postprint §
DOI: 10.5445/IR/1000139064/post
Veröffentlicht am 23.11.2021
Preprint §
DOI: 10.5445/IR/1000139064
Veröffentlicht am 11.11.2022
DOI: 10.1016/j.jss.2021.111138
Zitationen: 7
Web of Science
Zitationen: 2
Zitationen: 9
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Publikationstyp Zeitschriftenaufsatz
Publikationsmonat/-jahr 02.2022
Sprache Englisch
Identifikator ISSN: 0164-1212, 1873-1228
KITopen-ID: 1000139064
HGF-Programm 46.23.03 (POF IV, LK 01) Engineering Security for Mobility Systems
Erschienen in The journal of systems and software
Verlag Elsevier
Band 184
Seiten Art.-Nr. 111138
Vorab online veröffentlicht am 10.11.2021
Nachgewiesen in Web of Science
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page