Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Information Inference Diagrams: Complementing Privacy and Security Analyses Beyond Data Flows

Sebastian Rehms, Stefan Köpsell, Verena Klös, Florian Tschorsch

TL;DR

This paper addresses the gap in privacy and security analyses where data-flow visualizations fail to capture information-level propagation and inference. It proposes Information Inference Diagrams (I2Ds), a formal, modular framework that augments DFD-based threat modeling with explicit information items, inference rules, flows, normative declarations, and views. The authors provide precise definitions for entities, information items, flows, and rules, and demonstrate practical use through examples including a request/response scenario and a complex server-client-MITM analysis, along with transformations and schemata to guide analysis. They discuss translation from DFDs, reasoning during threat analysis, and the relation to threat modelling, highlighting that I2Ds complement rather than replace existing approaches, while acknowledging limitations such as rule formalism, time dependencies, and non-deletion of information. The work aims to enable more exact reasoning about information propagation and the impact of mitigations, with future directions toward automated reasoning engines and tighter tool integration (e.g., OWASP Threat Dragon).

Abstract

This work introduces Information Inference Diagrams (I2Ds), a modeling framework aiming to complement existing approaches for privacy and security analysis of distributed systems. It is intended to support established threat modeling processes. Our approach is designed to be compatible with Data Flow Diagrams~(DFDs), which form the basis of many established techniques and tools. Unlike DFDs, I2Ds represent information propagation, going beyond mere data flows to enable more formal reasoning in threat modeling while remaining practical. They define inference and sharing (flow) relations on information items to model how information moves through a system. To this end, we provide formal definitions for information items, entities, and flows. By introducing classes as a type system, our formal rules are both generic and allow conformance to existing vocabularies. We demonstrate the applicability of I2Ds through examples, that showcase their versatility in system analysis.

Information Inference Diagrams: Complementing Privacy and Security Analyses Beyond Data Flows

TL;DR

This paper addresses the gap in privacy and security analyses where data-flow visualizations fail to capture information-level propagation and inference. It proposes Information Inference Diagrams (I2Ds), a formal, modular framework that augments DFD-based threat modeling with explicit information items, inference rules, flows, normative declarations, and views. The authors provide precise definitions for entities, information items, flows, and rules, and demonstrate practical use through examples including a request/response scenario and a complex server-client-MITM analysis, along with transformations and schemata to guide analysis. They discuss translation from DFDs, reasoning during threat analysis, and the relation to threat modelling, highlighting that I2Ds complement rather than replace existing approaches, while acknowledging limitations such as rule formalism, time dependencies, and non-deletion of information. The work aims to enable more exact reasoning about information propagation and the impact of mitigations, with future directions toward automated reasoning engines and tighter tool integration (e.g., OWASP Threat Dragon).

Abstract

This work introduces Information Inference Diagrams (I2Ds), a modeling framework aiming to complement existing approaches for privacy and security analysis of distributed systems. It is intended to support established threat modeling processes. Our approach is designed to be compatible with Data Flow Diagrams~(DFDs), which form the basis of many established techniques and tools. Unlike DFDs, I2Ds represent information propagation, going beyond mere data flows to enable more formal reasoning in threat modeling while remaining practical. They define inference and sharing (flow) relations on information items to model how information moves through a system. To this end, we provide formal definitions for information items, entities, and flows. By introducing classes as a type system, our formal rules are both generic and allow conformance to existing vocabularies. We demonstrate the applicability of I2Ds through examples, that showcase their versatility in system analysis.
Paper Structure (20 sections, 11 equations, 4 figures)

This paper contains 20 sections, 11 equations, 4 figures.

Table of Contents

  1. Introduction
  2. Information Inference Diagrams
  3. Elements
  4. Entities and Information Items.
  5. Flows.
  6. Rules.
  7. Normative Declarations.
  8. Transformations
  9. Views
  10. Schemata
  11. Application Examples
  12. Example 1: Request/Response Scenario
  13. Example 2: Complex Analysis
  14. Discussion
  15. Translating DFDs to I2Ds.
  16. ...and 5 more sections

Figures (4)

  • Figure 1: Data Flow Diagram of a typical web application (request-response scenario).
  • Figure 2: A representation of the example system from the Introduction.
  • Figure 3: Views on two entities (without information items). The tree representation next to each entity shows the abstracted sub-tree. Colours indicate different possible views, which may vary between entities.
  • Figure 4: Development of a Server-Client relation.