User-centric, Secure Information Flow Management in Enterprise Systems (USIFES)

Third Party Funds Group - Sub project

Overall project details

Overall project: SPP 1496: Reliably Secure Software Systems - Zuverlässig sichere Softwaresysteme

Project Details

Project leader:
Prof. Dr.-Ing. Felix Freiling

Contributing FAU Organisations:
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

Funding source: DFG / Schwerpunktprogramm (SPP)
Acronym: USIFES
Start date: 01/08/2010
End date: 30/08/2012

Abstract (technical / expert description):

Data security is increasingly threatened by the complexity of networked enterprise information systems. Classical methods of access control and authorization fail because threats often arise from unintentional or intentional activities of authorized users. In this project, we focus on controlling undesired information flow at the interface between system and user. Often undesired information flows result not from malicious attacks but from the interaction of several usage events and information exchanges that, on their own, appear to be quite harmless. Together, however, they break the security policy of the system. The goal of this project is to develop a technique to identify, model, and protect against undesirable information flows resulting from the interplay between human-computer, human-human and computer-computer interactions. To this end, we formalize system and user actions that could potentially result in information flow and develop a domain specific language to specify sequences of such actions. We identify these actions by (1) taking the viewpoint of an attacker, and (2) mining information flow activities from real users. Our approach include the definition of test cases to verify, measure and certify the level to which system are secure against the identified threats. We validate our approach by developing a demonstrator in the context of existing standard enterprise software.

External Partners

Technische Universität Darmstadt
Universität Mannheim

Last updated on 2018-24-09 at 13:09