Projet ANR SESUR SFINCS (ANR-07-SESU-012)
The upsurge of a globally interconnected network of devices have had a deep impact on the environment, habits and even typology of computing devices end-users. These advances changed our behaviour in a lot of beneficial ways but also gave way to new threats that feed decades-old fears about liberty. Preserving privacy and security are thus more than ever at the heart of service users and providers concerns.
In an open, heterogeneous and highly concurrent context, enforcing private and business data confidentiality requires, beyond basic access control, fine-grained control over data usage by the various actors. This problem is known from the litterature as information flow control. Information flow analysis has been actively investigated for several years, leading to a rich theory. This problem has usually been tackled from a type-checking or static analysis viewpoint. However, it appears that this rich theory has been scarcely applied in the industry.
The SFINCS project aims at studying application of this theory on practical use-cases to identify bottlenecks that prevent wider industrial adoption of information flow control techniques. To this end, project SFINCS brings together complementary partners: From case studies provided by industrial partners, academic partners shall enrich information flow theory to take into account practical issues preventing thorough analysis of ubiquitous software systems. Provided case studies come from distance selling services and mobile telephony and thus will provide a wide array of the diverse problems encountered in the enforcement of needed security and privacy properties.
This project addresses varied problems: