University of Frankfurt
This extended paper outlines the FORTES project for the forensic analysis of information flow properties. FORTES claims that information flow control can be made usable as a core of an audit-control system. For this purpose, it reconstructs work flow models from secure log files (i.e. execution traces) and, applying security policies, analyzes the information flows to distinguish information flows according to their relevance. FORTES thus cannot prevent security policy violations, but by detecting them with well-founded analysis, improve the precision of audit controls and the generated certificates.