A central question in IT Security is to ensure accessibility to sensible data for authorized people only. Furthermore, the use of component-based systems allows a modular design of software and inmproves the reusability of system parts.
Our goal is to perform security analysis of component-based systems during system design. We concentrate on confidentiality of information and aim for a correct method of analysis.
In coorperation with our project partner, we choose a real world example and provide a matching component model of the system. According to the system implementation, we refine the system into different parts and provide a specification reflecting the actual behaviour of the parts. Finally, we analyse the model with respect to security properties using methods from information-flow analysis.