Data security is increasingly threatened by the complexity of networked enterprise information systems. Classical methods of access control and authorization fail because threats often arise from unintentional or intentional activities of authorized users. In this project, we focus on controlling undesired information flow at the interface between system and user. Often undesired information flows result not from malicious attacks but from the interaction of several usage events and information exchanges that, on their own, appear to be quite harmless. Together, however, they break the security policy of the system. The goal of this project is to develop a technique to identify, model, and protect against undesirable information flows resulting from the interplay between human-computer, human-human and computer-computer interactions. To this end, we formalize system and user actions that could potentially result in information flow and develop a domain specific language to specify sequences of such actions. We identify these actions by (1) taking the viewpoint of an attacker, and (2) mining information flow activities from real users. Our approach include the definition of test cases to verify, measure and certify the level to which system are secure against the identified threats. We validate our approach by developing a demonstrator in the context of existing standard enterprise software.

DFG Programme Priority Programmes

Subproject of SPP 1496:  Reliably Secure Software Systems