Dynamic Information Flow Graphs with Flow Rules

We introduce a static information flow analysis for dynamic systems. Based on user-configurable trust assumptions, our approach computes an information flow graph on top of a system model graph. The edges in this information flow graph are annotated with dependencies on the trust assumptions’ conditions, which operate on node attributes and connectivity. A dynamic system model is described as a graph delta of incremental and decremental node and edge changes as well as node attribute changes. Our differential analysis computes the impact of a system model graph delta on the information flow graph based on the information flow edges’ dependencies. We apply our approach to the practical and important problem of tenant isolation in dynamic virtualized infrastructures.

Keywords: Gross, Moedersheim, Modersheim

By: S. Bleikertz, T. Groß, S Mödersheim

Published in: RZ3893 in 2016


This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.


Questions about this service can be mailed to reports@us.ibm.com .