Information Flow Security in Tree-Manipulating Processes

Enterprise workflows and web services may be highly security critical, because they may be in control of important processes of organizations, while communicating with external partners over the network. On the other hand, these technologies frequently represent data as XML documents, which can be modeled as trees. Therefore, this work introduces general methods to enforce and verify information flow properties of computer programs, which are later specialized to tree-manipulating processes. First, the class of programs are considered that implement transformations from initial states into final states. A runtime monitor and a static analysis are introduced for the enforcement and verification of the information flow properties of these programs. Later, a model checking approach is presented, in order to verify systems that exchange a potentially unbounded sequence of data values with their environment during an execution. In all of the methods discussed abstraction techniques are applied to overapproximate the sets of positions of secrets in the tree-shaped data-values before they are released to the environment.