Project Details
Developing Systems with Secure Information Flow
Applicant
Professor Dr. Wolfgang Reif
Subject Area
Software Engineering and Programming Languages
Term
from 2010 to 2018
Project identifier
Deutsche Forschungsgemeinschaft (DFG) - Project number 183481129
More and more private data is stored on mobile devices, and protection of this information against unauthorized access becomes more and more important. This concerns protection against outside attackers, but also protection against unintended information flows between apps and devices, and to the Internet. In this project we focus on the second aspect while also considering an external attacker. We develop a new approach that integrates formally verified information flow control (IFC) properties and language based IFC with a software engineering approach based on model-driven development. The approach starts with a UML model enhanced with application-specific specifications of information flow properties (e.g. credit card information is sent only after confirming a booking) that may be configured by the user. Model-to-model transformations generate platform-specific Java code as well as a formal specification. To verify information flow properties of programs, we use automatic techniques based on language-based IFC and abstract interpretation. The results of this analysis can be used as key theorems to establish application-specific security properties. The focus is on Android apps and Java web services.
DFG Programme
Priority Programmes
Subproject of
SPP 1496:
Reliably Secure Software Systems