Formal Information-Flow Analysis of Component-Based Systems
A central Question in IT Security is to ensure accessability to sensible data to authorized people only. Also, the use of component-based systems allows a modular design of software and increases reuability of parts of systems.
Our goal is to perform security analysis of component-based systems during system design. We concentrate on confidentiality of information and aim for a correct analysis method.
We choose, in coorperation with our project partner a real world example and provide a component model for this system. According to the implementation of the system, we refine the system into different part and provide a specification reflecting the actual behaviour of the parts. Finally, we analyse the model for security properties using information-flow analyis methods.