Implementing a type system for secure information-flow. Potential security risks (eBook)

Master's Thesis from the year 2019 in the subject Computer Science - Software, grade: 77, City University London, course: Software Engineering, language: English, abstract: The objectives of this project are to design, implement and systematically demonstrate a chosen type system considering reliability, performance, and scalability. Furthermore, it aims to determine the limitations of the implementation and alternative architectural designs, to evaluate the extent to which the developed prototype scales up to real-life scenarios and to investigate the feasibility of a similar security type system for SAP systems.

Standard security practices, such as access controls, insufficiently assure secure end-to-end behaviour of an application. Any program flaw, no matter how small or big, poses a potential security risk. Static information flow analysis checks a program for confidential information leaks into public data containers at compile-time.

This design-and-build project’s aim is the prototypical implementation of a security type system for a simple demonstrative language to prevent programs leaking confidential information effectively. The project is based on existing research concerning security type systems as a means of enforcing information flow policies in a program. The results are discussed not only in terms of validity but also considering the feasibility of a similar security type system for SAP enterprise resource management systems.

Society relies heavily on software-intensive systems in all facets of life. Information is automatically processed in automobiles, phones, fridges, and countless web servers. Much of that information is personal data and can distinguish an individual’s identity, such as their name, biometric records, or email addresses. Intellectual property and confidential information are handled in mission-critical military, governmental, medical and business applications. Therefore, building trust in the handling of data by systems is a crucial aspect of software architecture design.