首页    期刊浏览 2024年11月30日 星期六
登录注册

文章基本信息

  • 标题:Quantitative Analysis of Information Leakage in Security-Sensitive Software Processes
  • 本地全文:下载
  • 作者:Yuichiro Kanzaki ; Hiroshi Igaki ; Masahide Nakamura
  • 期刊名称:Information and Media Technologies
  • 电子版ISSN:1881-0896
  • 出版年度:2006
  • 卷号:1
  • 期号:1
  • 页码:121-133
  • DOI:10.11185/imt.1.121
  • 出版社:Information and Media Technologies Editorial Board
  • 摘要:This paper presents a method to evaluate the risk of information leakage in software processes for security-sensitive applications. A software process is modeled as a series of sub-processes, each of which produces new work products from input products. Since a process is conducted usually by multiple developers, knowledge of work products is shared among the developers. Through the collaboration, a developer may share with others the knowledge of products that are not related to the process. We capture the transfer of such irrelevant product knowledge as information leakage in a software process. In this paper, we first formulate the problem of information leakage by introducing a formal software process model. Then, we propose a method to derive the probability that each developer d knows each work product p at a given process of software development. The probability reflects the possibility that someone leaked the knowledge of p to d . We also conduct three case studies to show the applicability of leakage to practical settings. In the case studies, we evaluate how the risk of information leakage is influenced by the collaboration among developers, the optimal developer assignment and the structure of the software process. As a result, we show that the proposed method provides a simple yet powerful means to perform quantitative analysis on information leakage in a security-sensitive software process.
国家哲学社会科学文献中心版权所有