Formal Information-Flow Analysis of Component-Based Systems
A central question in IT Security is to ensure
accessibility to sensible data for authorized people
only. Furthermore, the use of component-based systems
allows a modular design of software and inmproves the
reusability of system parts.
Our goal is to perform security analysis of
component-based systems during system design. We
concentrate on confidentiality of information and
aim for a correct method of analysis.
In cooperation with our project partner, we choose
a real world example and provide a matching component model
of the system. According to the system implementation,
we refine the system into different parts
and provide a specification reflecting the actual
behaviour of the parts. Finally, we analyse the
model with respect to security properties using
methods from information-flow analysis.