Sciweavers

COMPSAC
2009
IEEE

On Information Flow Forensics in Business Application Scenarios

14 years 6 months ago
On Information Flow Forensics in Business Application Scenarios
To-date, security analysis techniques focus on the explicit access to data, thereby neglecting information flows happening over covert channels. As a result, critical business software applications and their deployment may be labeled secure, whereas in fact they are not. We present ongoing research towards information flow forensics, a novel approach for the a-posteriori detection of information flow. We motivate our work by illustrating the implications of illicit information flow in different software application scenarios and demonstrate why current approaches fall short of effectively enforcing information flow policies in many cases. We show that information flow forensics can mitigate these drawbacks and outline some interesting research challenges involved in its realization.
Claus Wonnemann, Rafael Accorsi, Günter M&uum
Added 20 May 2010
Updated 20 May 2010
Type Conference
Year 2009
Where COMPSAC
Authors Claus Wonnemann, Rafael Accorsi, Günter Müller
Comments (0)