Characterizing dynamics of information leakage in security-sensitive software process

Yuichiro Kanzaki, Hiroshi Igaki, Masahide Nakamura, Akito Monden, Ken Ichi Matsumoto

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Minimizing information leakage is a crucial problem in DRM software development processes, where security information (e.g., device keys and S-BOX of CPRM systems) must be rigorously managed. This paper presents a method to evaluate the risk of information leakage in a software process for security-sensitive applications. A software process is modeled as a series of sub-processes, each of which produces new work products from input products. Since a process is conducted usually by multiple developers, knowledge of work products is shared among the developers. Through the collaboration, a developer may tell others the knowledge of products that are not related to the process. We capture the transfer of such irrelevant product knowledge as the information leakage in a software process. In this paper, we first formulate the problem of information leakage by introducing a formal software process model. Then, we propose a method to derive the probability that each developer d knows each work product p at a given process of software development. The probability reflects the possibility that someone leaked the knowledge of p to d, unless it is equal to 1.0. We also conduct a quantitative case study to demonstrate how the information leakage varies depending on the assignment of developers.

Original languageEnglish
Title of host publicationACSW Frontiers 2005 - Third Australasian Workshop on Grid Computing and e-Research, AusGrid 2005 and the Third Australasian Information Security Workshop, AISW 2005
Pages145-151
Number of pages7
Publication statusPublished - Dec 1 2005
Externally publishedYes
Event3rd Australasian Workshop on Grid Computing and e-Research, AusGrid 2005 and 3rd Australasian Information Security Workshop, AISW 2005 - Newcastle, NSW, Australia
Duration: Jan 31 2005Feb 1 2005

Publication series

NameConferences in Research and Practice in Information Technology Series
Volume44
ISSN (Print)1445-1336

Other

Other3rd Australasian Workshop on Grid Computing and e-Research, AusGrid 2005 and 3rd Australasian Information Security Workshop, AISW 2005
CountryAustralia
CityNewcastle, NSW
Period1/31/052/1/05

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Information Systems
  • Software

Fingerprint Dive into the research topics of 'Characterizing dynamics of information leakage in security-sensitive software process'. Together they form a unique fingerprint.

  • Cite this

    Kanzaki, Y., Igaki, H., Nakamura, M., Monden, A., & Matsumoto, K. I. (2005). Characterizing dynamics of information leakage in security-sensitive software process. In ACSW Frontiers 2005 - Third Australasian Workshop on Grid Computing and e-Research, AusGrid 2005 and the Third Australasian Information Security Workshop, AISW 2005 (pp. 145-151). (Conferences in Research and Practice in Information Technology Series; Vol. 44).