| With the rapid development of IoT, Cloud Computing, various applications are provided by all kinds of computer softwares. In order to simplify the integration process, shield the differences and improve the reusability of softwares, component-based design is widly used in the software development. In this design mode, the coorperation among different software components poses a great threat for the information flow security in multi security level systems because of the independence and difference among different components. It is not ensured that the information leak is not occured by other components in composite systems is secure even if information is secure in each component. Besides, the verification is also a high cost work for the composite systems. In order to address these issues, based on the classic information flow model and the verification approaches which are surveyed in section II, we propose a composable information flow security model and design multiple verification frameworks and approaches according to the requirements of different scenarios. The author’s major contributions are outlined as follows:1. In the mobile computing environments, the energy-limited nature of user terminal in mobile computing environments brings a significant challenge for the centralized information flow verification methodology with which the verification node need cost lots of computation and network resources. The WSS(Wireless Service System) is modelled first. For the multiple different candidate service components with same service function in WSS, we define the dynamic intra and inter dependences among different objects in composite service based on the PDG and specify the security constraints for each service participant based on the dependences and lattice-based model. Then we propose a decentralized information flow verification approach that cooperates different service participants to complete the verification process distributively with respect to their information flow policies. Through the experiments and evaluations, the results show it decreases the verification cost on single verification node and provide a better load balance on each service participant.2. In the hetergenerous networks, for the flaw of the high complexity and cost of the traditional model checking, we propose a composable information verification approach for the service chain. Based on the secure single service component, we analyze the dependences of the objects between the adjacent components, specify the security constraints for the component’s composibility and propose the information flow verification algorithms. Through the experiments and simulation, it shows that the composable verification approach can decrease the verification cost effectively and improve the efficiency of the verification.3. Information flow security is also an important security properties for embed system. However, because of the complexity of building model for the composite system, traditional information flow verification approach based on model checking is a high cost work. According to the theorems in Section4, we design and implement a verification tool for the information flow based on composable information flow verification approaches. The tool is detailed on the design of system funcation model, system architecture, the core verification algorithm and the process of implementation. Then a case of automatical flight control composite embed system is verified by the tool to prove its availability. Besides, the composable information verification tool can also be used for the verification for composite services. |
PDF Full Text Request