# A verification approach to applied system security

@article{Brucker2004AVA, title={A verification approach to applied system security}, author={Achim D. Brucker and B. Wolff}, journal={International Journal on Software Tools for Technology Transfer}, year={2004}, volume={7}, pages={233-247} }

We present a method for the security analysis of realistic models over off-the-shelf systems and their configuration by formal, machine-checked proofs. The presentation follows a large case study based on a formal security analysis of a CVS-Server architecture.The analysis is based on an abstract architecture (enforcing a role-based access control), which is refined to an implementation architecture (based on the usual discretionary access control provided by the POSIX environment). Both… Expand

#### 13 Citations

Specifying and Verifying Hysteresis Signature System with HOL-Z

- Computer Science
- 2005

A case-study in using the data-oriented modeling language Z to formalize a security architecture for administering digital signatures and its architectural security requirements and provides formal machine-checked proofs of the correctness of the architecture with respect to its requirements. Expand

A model transformation semantics and analysis methodology for SecureUML

- Computer Science
- MoDELS'06
- 2006

A semantics for SecureUML is presented in terms of a model transformation to standard uml/ocl, used as part of an implementation of a tool chain ranging from front-end visual modeling tools over code-generators to the interactive theorem proving environment hol-ocl. Expand

Formal firewall conformance testing: an application of test and proof techniques

- Computer Science
- Softw. Test. Verification Reliab.
- 2015

A formal model of both stateless and stateful firewalls (packet filters), including NAT, is presented to which a specification‐based conformance test case generation approach is applied and a verified optimisation technique for this approach is presented. Expand

Verified Firewall Policy Transformations for Test Case Generation

- Computer Science
- 2010 Third International Conference on Software Testing, Verification and Validation
- 2010

This work derives a collection of semantics-preserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage from a formal model for firewall policies in higher-order logic. Expand

A Formal Security Model for Verification of Automotive Embedded Applications

- 2010

Intelligent Transport Systems (ITS) arose several years ago as a promising solution to decrease road casualties [1]. ITS are based upon heterogeneous wireless networks of vehicles and road side… Expand

POUR PDF - copie

- 2012

HOL-TestGen/CirTA is a theorem-prover based environment for test generation from specifications written in Circus. Circus is a formal specification language which combines the notions of states and… Expand

HOL-TestGen 1.0.0 User Guide

- Computer Science
- 2005

The approach is a specification-based unit test, which shows that Dijkstra’s Verdict is no longer true under all circumstances, and that it simply does not apply in practically important situations. Expand

HOL-TestGen 1.8.0 User Guide

- Computer Science
- 2010

The approach is a specification-based unit test, which shows that Dijkstra’s Verdict is no longer true under all circumstances, and that it simply does not apply in practically important situations. Expand

Introductory paper

- Computer Science
- International Journal on Software Tools for Technology Transfer
- 2005

This special section of STTT on Formal Methods for Industrial Critical Systems is named after the ERCIM working group FMICS and contains the mature full versions of the best papers from the 8th international E RCIM workshop on formal methods for industrial critical systems, held in June 2003. Expand

Recent advances in interactive and automated analysis

- Computer Science
- International Journal on Software Tools for Technology Transfer
- 2017

This work discusses some recent advances in the field of formal methods equipped with powerful and versatile analysis tools, and introduces five papers selected from the 22th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2016). Expand

#### References

SHOWING 1-10 OF 24 REFERENCES

A CVS-Server Security Architecture — Concepts and Formal Analysis

- Computer Science
- 2002

The CVS-server is uses cvsauth, that provides protection of passwords and protection of some internal data of the CVS repository and the approach can be seen as a method to give a formal underpinning for the usually tricky business of system administrators. Expand

HOL-Z 2.0: A Proof Environment for Z-Specifications

- Computer Science, Mathematics
- J. Univers. Comput. Sci.
- 2003

A new proof environment for the specification language Z is presented, integrating Z into a well-known and trusted theorem prover with advanced deduction technology such as higher-order rewriting, tableaux-based provers and arithmetic decision procedures. Expand

The Inductive Approach to Verifying Cryptographic Protocols

- Computer Science
- J. Comput. Secur.
- 1998

Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-state… Expand

Confidentiality-Preserving Refinement is Compositional - Sometimes

- Computer Science
- ESORICS
- 2002

It turns out that the refinement relation is not composition in general, but the condition for compositionality can be stated in a way that builds on the analysis of subsystems thus aiding system designers in analyzing a composition. Expand

Role-Based Access Control Models

- Computer Science
- Computer
- 1996

Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed. Expand

An Introduction to Software Architecture

- Computer Science
- Advances in Software Engineering and Knowledge Engineering
- 1993

This paper provides an introduction to the emerging field of software architecture by considering a number of common architectural styles upon which many systems are currently based and showing how different styles can be combined in a single design. Expand

The Theory and Practice of Concurrency

- Computer Science
- 1997

This book provides a detailed foundation for working with CSP, using as little mathematics as possible, and introduces the ideas behind operational, denotational and algebraic models of CSP. Expand

Introduction to HOL: a theorem proving environment for higher order logic

- Mathematics
- 1993

Part I. Tutorial: 1. Introduction to ML 2. The HOL logic 3. Introduction to proof with HOL 4. Goal-oriented proof: tactics and tacticals 5. Example: a simple parity checker 6. How to program a proof… Expand

Secrecy-Preserving Refinement

- Computer Science
- FME
- 2001

A useful paradigm of system development is that of stepwise refinement, but many security properties proposed in the literature are not preserved under refinement (refinement paradox). Expand

Using Z - specification, refinement, and proof

- Mathematics, Computer Science
- Prentice Hall international series in computer science
- 1996

The book discusses data Refinement, Relaxing and Unwinding Data Refinement and Z, and the importance of Equality and Definite Description in the application of data refinement. Expand