Quantitative Analysis of Information Leakage in Security-Sensitive Software Processes
スポンサーリンク
概要
- 論文の詳細を見る
This paper presents a method to evaluate the risk of information leakage in software processes for security-sensitive applications. A software process is modeled as a series of sub-processes, each of which produces new work products from input products. Since a process is conducted usually by multiple developers, knowledge of work products is shared among the developers. Through the collaboration, a developer may share with others the knowledge of products that are not related to the process. We capture the transfer of such irrelevant product knowledge as information leakage in a software process. In this paper, we first formulate the problem of information leakage by introducing a formal software process model. Then, we propose a method to derive the probability that each developer d knows each work product p at a given process of software development. The probability reflects the possibility that someone leaked the knowledge of p to d. We also conduct three case studies to show the applicability of leakage to practical settings. In the case studies, we evaluate how the risk of information leakage is influenced by the collaboration among developers, the optimal developer assignment and the structure of the software process. As a result, we show that the proposed method provides a simple yet powerful means to perform quantitative analysis on information leakage in a security-sensitive software process.
著者
-
NAKAMURA Masahide
Graduate School of Information Science, Nara Institute of Science and Technology
-
Monden Akito
Graduate School Of Information Science Nara Institute Of Science And Technology
-
Igaki Hiroshi
Graduate School Of Information Science Nara Institute Of Science And Technology
-
Kanzaki Yuichiro
Graduate School Of Information Science Nara Institute Of Science And Technology
-
Matsumoto Ken-ichi
Graduate School Of Information Science Nara Institute Of Science And Technology
関連論文
- DJ-1, a Target Protein for an Endocrine Disrupter, Participates in the Fertilization in Mice
- Exploiting Eye Movements for Evaluating Reviewer's Performance in Software Review(Reliability, Maintainability and Safety Analysis)
- Java Birthmarks : Detecting the Software Theft(Application Information Security)
- Quantitative Analysis of Information Leakage in Security-Sensitive Software Processes (特集 多様な社会的責任を担うコンピュータセキュリティ技術)
- A Visual Framework for Monitoring and Controlling Distributed Service Components (日韓合同ワークショップ 1st Korea-Japan Joint Workshop on Ubiquitous Computing and Networking Systems (ubiCNS 2005))
- Feature Interaction Detection by Bounded Model Checking(Dependable Communication)(Dependable Computing)
- Mining quantitative rules in a software project data set (特集 ソフトウェア工学の理論と実践)
- A Comparison of Correlated Failures for Software Using Community Error Recovery and Software Breeding
- Quantitative Analysis of Information Leakage in Security-Sensitive Software Processes
- An Algorithm for Gradual Patch Acceptance Detection in Open Source Software Repository Mining
- Good or Bad Committers? —— A Case Study of Committer's Activities on the Eclipse's Bug Fixing Process
- Mining Quantitative Rules in a Software Project Data Set
- Mining Quantitative Rules in a Software Project Data Set
- An Experimental Evaluation of the Effect of Specifying a Selected Defect Type in Software Inspection
- Quantitative Analysis of Information Leakage in Security-Sensitive Software Processes
- Introducing Multiple Microphone Arrays for Enhancing Smart Home Voice Control