Quantitative Information Flow Control by Construction for Component-Based Systems
Rasmus Carl Rønneberg
TL;DR
This work addresses securing data-driven software by enabling a constructive, component-based approach to quantitative information flow control at the architectural level. It proposes a repository of secure components whose interfaces include probabilistic distribution specifications and explicit upper bounds on information leakage, with secure implementations obtained through refinement rules and verified composition. By integrating correctness-by-construction with quantitative information flow, it aims to provide compositional guarantees and generate secure code from architectural designs. The approach targets security-critical mobility applications and envisions tool support to scale from architecture to source code, offering well-defined refinement and well-formedness rules to guide practitioners.
Abstract
Secure software architecture is increasingly important in a data-driven world. When security is neglected sensitive information might leak through unauthorized access. To mitigate this software architects needs tools and methods to quantify security risks in complex systems. This paper presents doctoral research in its early stages concerned with creating constructive methods for building secure component-based systems from a quantitative information flow specification. This research aim at developing a method that allows software architects to develop secure systems from a repository of secure components. Planned contributions are refinement rules for secure development of components from a specification and well-formedness rules for secure composition of said components.