[HGI-News] HGI-Seminar, Montag 13.11.06: Formal Modeling and Analysis of Information Flow Security

Newsletter des Horst Görtz Instituts hgi-news at lists.ruhr-uni-bochum.de
Mo Nov 6 14:28:00 CET 2006 

                 Prof. Dr. Heiko Mantel, RWTH Aachen

           Montag 13. November 2006, 13:15 Uhr IC 4 / 39-41

      Formal Modeling and Analysis of Information Flow Security

Information security has become a complex concern as distributed computing,
mobility of devices, and dynamic extensibility provide malicious
individuals with manifold possibilities for attacks.  The trustworthiness
of distributed systems critically depends on three aspects: the
communication over open networks, the access to critical resources, and
the use of sensitive data in computations.  While reliable cryptographic
protocols and access control mechanisms exist and are widely used to
address the first two aspects, we do not yet have comparable techniques
for securing the flow of information during a program run.  Without
adequate information flow control, however, there is a danger that
programs might leak secrets while running and little hope for establishing
reliable, system-wide security guarantees.

In the talk, I will present advances in information flow security, while
considering multiple stages of software development.  I will present a
framework, the MAKS, that supports the formal specification of security
requirements.  Then, I will point out some fundamental difficulties that
arise during the stepwise development of secure systems, and I will sketch
a theory for assembling secure systems from secure components.  Finally,
I will motivate three directions for making type-based security analysis
for concurrent programs more practical, presenting initial solutions to
controlling deliberate information release, to automatically correcting
insecure programs, and to integrating different language-based analysis
techniques.


_____________________________________________________________________________
Die Webseite des HGI-Seminars mit allen Informationen zu vergangenen und
zukünftigen Vorträgen: http://www.hgi.rub.de/deutsch/lehrangebot/seminar.html

Mehr Informationen über die Mailingliste Hgi-News-Deutschland