Sep 27, 2016

Home

Partners

People

Private

Meetings

Work Package

Documents

GForge

edit SideBar

Search

Projet ANR SESUR SFINCS (ANR-07-SESU-012)

The upsurge of a globally interconnected network of devices have had a deep impact on the environment, habits and even typology of computing devices end-users. These advances changed our behaviour in a lot of beneficial ways but also gave way to new threats that feed decades-old fears about liberty. Preserving privacy and security are thus more than ever at the heart of service users and providers concerns.

In an open, heterogeneous and highly concurrent context, enforcing private and business data confidentiality requires, beyond basic access control, fine-grained control over data usage by the various actors. This problem is known from the litterature as information flow control. Information flow analysis has been actively investigated for several years, leading to a rich theory. This problem has usually been tackled from a type-checking or static analysis viewpoint. However, it appears that this rich theory has been scarcely applied in the industry.

The SFINCS project aims at studying application of this theory on practical use-cases to identify bottlenecks that prevent wider industrial adoption of information flow control techniques. To this end, project SFINCS brings together complementary partners: From case studies provided by industrial partners, academic partners shall enrich information flow theory to take into account practical issues preventing thorough analysis of ubiquitous software systems. Provided case studies come from distance selling services and mobile telephony and thus will provide a wide array of the diverse problems encountered in the enforcement of needed security and privacy properties.

This project addresses varied problems:

  • Sofware engineering and programming problems, like analysis of programs using shared libraries through public APIs or external streams (eg. XML),
  • Theoretical problems about information analysis, like tracking information in arrays or collections,
  • Security engineering problems, like expressing of security rules or selective authorisation of information leaking through safe channels (eg. using cryptography).

Page Actions

Recent Changes

Group & Page

Back Links