Model-Driven Development of Information Flow-Secure Systems with IFlow

In our increasingly interconnected world, privacy can seem like an unattainable goal. We are surrounded by countless devices and web services that acquire and collect our personal data as we interact with them. In many cases, the confidentiality of such data is not guaranteed and is frequently (if not always intentionally) violated. Smartphone apps and Internet web services in particular are known to often leak their users' confidential data to other users or (affiliated) third parties. We present a novel model-driven approach called IFlow that allows the development of distributed applications consisting of mobile apps and web services with secure information flow. In IFlow, a UML model of an information flow-sensitive application is used to automatically generate deployable app and web service code as well as a formal model. By employing automatic, language-based information flow control as well as interactive verification, IFlow enables the developer to give verifiable guarantees to the user about how his private data is being treated by the application.