Analyzing information flow control policies in requirements engineering

摘要

Currently security features are implemented and validated during the last phases of the software development life cycle. This practice results in less secure software systems and higher cost of fixing defects software vulnerability. To achieve more secure systems, security features must be considered during the early phases of the software development process. This work presents a high-level methodology that analyzes the information flow requirements and ensures the proper enforcement of information flow control policies. The methodology uses requirements specified in the Unified Modeling Language (UML) as its input and stratified logic programming language as the analysis language. The methodology improves security by detecting unsafe information flows before proceeding to latter stages of the life cycle.