On Information Flow Forensics in Business Application Scenarios

CC
COMPSAC
2009
2009 33rd Annual IEEE International Computer Software and Applications Conference
Abstract - On Information Flow Forensics in Business Application Scenarios

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Claus Wonnemann Articles by Rafael Accorsi Articles by Günter Müller

2009 33rd Annual IEEE International Computer Software and Applications Conference

Seattle, Washington, USA

July 20-July 24

ISBN: 978-0-7695-3726-9

	ASCII Text	x
	Claus Wonnemann, Rafael Accorsi, Günter Müller, "On Information Flow Forensics in Business Application Scenarios," Computer Software and Applications Conference, Annual International, vol. 2, pp. 324-328, 2009 33rd Annual IEEE International Computer Software and Applications Conference, 2009.

	BibTex	x
	@article{ 10.1109/COMPSAC.2009.154, author = {Claus Wonnemann and Rafael Accorsi and Günter Müller}, title = {On Information Flow Forensics in Business Application Scenarios}, journal ={Computer Software and Applications Conference, Annual International}, volume = {2}, year = {2009}, issn = {0730-3157}, pages = {324-328}, doi = {http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2009.154}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Software and Applications Conference, Annual International TI - On Information Flow Forensics in Business Application Scenarios SN - 0730-3157 SP324 EP328 A1 - Claus Wonnemann, A1 - Rafael Accorsi, A1 - Günter Müller, PY - 2009 KW - Information Flow KW - Information Flow Forensics KW - Automated Business Processes VL - 2 JA - Computer Software and Applications Conference, Annual International ER -

Claus Wonnemann

Rafael Accorsi

Günter Müller

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2009.154

To-date, security analysis techniques focus on the explicit access to data, thereby neglecting information flows happening over covert channels. As a result, critical business software applications and their deployment may be labeled secure, whereas in fact they are not. We present ongoing research towards information flow forensics, a novel approach for the a-posteriori detection of information flow. We motivate our work by illustrating the implications of illicit information flow in different software application scenarios and demonstrate why current approaches fall short of effectively enforcing information flow policies in many cases. We show that information flow forensics can mitigate these drawbacks and outline some interesting research challenges involved in its realization.

Index Terms:

Information Flow, Information Flow Forensics, Automated Business Processes

Citation:

Claus Wonnemann, Rafael Accorsi, Günter Müller, "On Information Flow Forensics in Business Application Scenarios," compsac, vol. 2, pp.324-328, 2009 33rd Annual IEEE International Computer Software and Applications Conference, 2009

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.