Information Inference Diagrams: Complementing Privacy and Security Analyses Beyond Data Flows

TL;DR

Information Inference Diagrams (I2Ds) are a formal modeling framework that enhances privacy and security threat analysis by representing information propagation beyond simple data flows, supporting formal reasoning and compatibility with existing tools.

Contribution

The paper introduces I2Ds, a novel formalism that extends data flow diagrams to model information inference and sharing, enabling more rigorous threat modeling in distributed systems.

Findings

I2Ds effectively model information propagation in systems.

They are compatible with existing data flow diagram tools.

Demonstrated versatility through practical examples.

Abstract

This work introduces Information Inference Diagrams (I2Ds), a modeling framework aiming to complement existing approaches for privacy and security analysis of distributed systems. It is intended to support established threat modeling processes. Our approach is designed to be compatible with Data Flow Diagrams~(DFDs), which form the basis of many established techniques and tools. Unlike DFDs, I2Ds represent information propagation, going beyond mere data flows to enable more formal reasoning in threat modeling while remaining practical. They define inference and sharing (flow) relations on information items to model how information moves through a system. To this end, we provide formal definitions for information items, entities, and flows. By introducing classes as a type system, our formal rules are both generic and allow conformance to existing vocabularies. We demonstrate the applicability of I2Ds through examples, that showcase their versatility in system analysis.