Project-POPS:ANR SESUR 2007 “Securing Flow of INformation for Computing pervasive Systems” (SFINCS) (2008-2010)

Inria / Raweb 2009
Presentation of the Project POPS

Section: Contracts and Grants with Industry

ANR SESUR 2007 “Securing Flow of INformation for Computing pervasive Systems” (SFINCS) (2008-2010)

Participants : Arnaud Fontaine, Dorina Ghindici, Gilles Grimaud, Samuel Hym, Isabelle Simplot-Ryl [ project leader ] .

The upsurge of a globally interconnected network of devices have had a deep impact on the environment, habits and even typology of computing devices end-users. These advances changed our behaviour in a lot of beneficial ways but also gave way to new threats that feed decades-old fears about liberty. Preserving privacy and security are thus more than ever at the heart of service users and providers concerns.

In an open, heterogeneous and highly concurrent context, enforcing private and business data confidentiality requires, beyond basic access control, fine-grained control over data usage by the various actors. This problem is known from the literature as information flow control. Information flow analysis has been actively investigated for several years, leading to a rich theory. This problem has usually been tackled from a type-checking or static analysis viewpoint. However, it appears that this rich theory has been scarcely applied in the industry.

The SFINCS project aims at studying application of this theory on practical use-cases to identify bottlenecks that prevent wider industrial adoption of information flow control techniques. To this end, project SFINCS brings together complementary partners: From case studies provided by industrial partners, academic partners shall enrich information flow theory to take into account practical issues preventing thorough analysis of ubiquitous software systems. Provided case studies come from distance selling services and mobile telephony and thus will provide a wide array of the diverse problems encountered in the enforcement of needed security and privacy properties.

This project addresses varied problems:

Software engineering and programming problems, like analysis of programs using shared libraries through public APIs or external streams (eg. XML),
Theoretical problems about information analysis, like tracking information in arrays or collections,
Security engineering problems, like expressing of security rules or selective authorization of information leaking through safe channels (eg. using cryptography).

List of participants: LIFL (G. Grimaud, S. Hym, I. Simplot-Ryl), LIF, Univ. of Provence (J.-M. Talbot), VERIMAG (Laurent Mounier, Michael Périn, Yassine Lakhnech, Pascal Lafoucarde), NORSYS/SI3SI (Pascal Flamant, Arnaud Bailly), Trusted Labs (Anthony Ferrari, Erci Vétillard).

http://sfincs.gforge.inria.fr/ .

Logo Inria