Characterizing dynamics of information leakage in security-sensitive software process

Yuichiro Kanzaki, Hiroshi Igaki, Masahide Nakamura, Akito Monden, Ken Ichi Matsumoto

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Minimizing information leakage is a crucial problem in DRM software development processes, where security information (e.g., device keys and S-BOX of CPRM systems) must be rigorously managed. This paper presents a method to evaluate the risk of information leakage in a software process for security-sensitive applications. A software process is modeled as a series of sub-processes, each of which produces new work products from input products. Since a process is conducted usually by multiple developers, knowledge of work products is shared among the developers. Through the collaboration, a developer may tell others the knowledge of products that are not related to the process. We capture the transfer of such irrelevant product knowledge as the information leakage in a software process. In this paper, we first formulate the problem of information leakage by introducing a formal software process model. Then, we propose a method to derive the probability that each developer d knows each work product p at a given process of software development. The probability reflects the possibility that someone leaked the knowledge of p to d, unless it is equal to 1.0. We also conduct a quantitative case study to demonstrate how the information leakage varies depending on the assignment of developers.

Original languageEnglish
Title of host publicationConferences in Research and Practice in Information Technology Series
Pages145-151
Number of pages7
Volume44
Publication statusPublished - 2005
Externally publishedYes
Event3rd Australasian Workshop on Grid Computing and e-Research, AusGrid 2005 and 3rd Australasian Information Security Workshop, AISW 2005 - Newcastle, NSW, Australia
Duration: Jan 31 2005Feb 1 2005

Other

Other3rd Australasian Workshop on Grid Computing and e-Research, AusGrid 2005 and 3rd Australasian Information Security Workshop, AISW 2005
CountryAustralia
CityNewcastle, NSW
Period1/31/052/1/05

    Fingerprint

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Information Systems
  • Software

Cite this

Kanzaki, Y., Igaki, H., Nakamura, M., Monden, A., & Matsumoto, K. I. (2005). Characterizing dynamics of information leakage in security-sensitive software process. In Conferences in Research and Practice in Information Technology Series (Vol. 44, pp. 145-151)