Type-based and PDG-based information flow analysis techniques are currently developed independently in a competing manner, with different strengths regarding coverage of language features and security policies. In this article, we study the relationship between these two approaches. One key insight is that a type-based information flow analysis need not be less precise than a PDG-based analysis...

In multilevel systems it is important to avoid unwanted indirect information flow from higher levels to lower levels, namely the so called covert channels. Initial studies of information flow analysis were performed by abstracting away from time and probability. Recently, work has been done in order to consider also aspects either of time or of probability, but not both. In this paper we propos...

Although static systems for information flow security are well-studied, few works address run-time information flow monitoring. Run-time information flow control offers distinct advantages in precision and in the ability to support dynamically defined policies. To this end, we here develop a new run-time information flow system based on the run-time tracking of indirect dependencies between pro...

The paper presents the findings of a survey of 40 microsystems companies that was carried out to determine the use and the purpose of use of media forms and information flow models within these companies. These companies as ‘product-service systems’ delivered integrated products and services to realise customer solutions. Data collection was carried out by means of an online survey over 3 month...

The goal of information flow control is to enforce IF policies associated with variables in a program. Assume there is a mapping Γ from variables to labels, which represent desired IF policies. The enforcement mechanism should ensure that a program and the accompanied mapping Γ satisfy noninterference. For these notes, we consider the following definition of noninterference for confidentiality:...

In this contribution, we show how correctness proofs for intra[8] and interprocedural slicing [9] can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the...

In this work, a process algebra is designed around an ACUID equational theory extended with prefixes symbolizing actions, and by making parallel synchronous composition distributive over non-deterministic choice; such a synchronous composition is commutative and non-associative. Bisimulation between processes is then interpretable as congruence over such an equational theory. It is shown that i...

Communication is a key success factor of distributed software projects. Poor communication has been identified as a main obstacle to successful collaboration. Global projects are especially endangered by information gaps between collaborating sites. Different communication styles, technical equipment, and missing awareness of each other can cause severe problems. Knowledge about actual and desi...

A process algebra is defined where parallel composition is structured around synchronous communication. Its essential difference with CCS is the hypothesis that internal actions must be observable for the clock; consequently, in our formalism (strong) bisimulation will be the basis for information flow analysis, instead of equivalences based on trace or weak bisimulation. Bisimulation reduces i...

In Germán Puebla (Ed.): Pre-Proceedings of 16th International Symposium on Logic Based Program Syntehsis and Transformation (LOPSTR 2006), Venice, Italy, 85–101, 2006. c © Springer-Verlag (to be transferred) Abstract. When giving a program access to secret information, one must ensure that the program does not leak the secrets to untrusted sinks. For reducing the complexity of such an informati...