A verification approach to applied system security

@article{Brucker2004AVA,
  title={A verification approach to applied system security},
  author={Achim D. Brucker and B. Wolff},
  journal={International Journal on Software Tools for Technology Transfer},
  year={2004},
  volume={7},
  pages={233-247}
}
We present a method for the security analysis of realistic models over off-the-shelf systems and their configuration by formal, machine-checked proofs. The presentation follows a large case study based on a formal security analysis of a CVS-Server architecture.The analysis is based on an abstract architecture (enforcing a role-based access control), which is refined to an implementation architecture (based on the usual discretionary access control provided by the POSIX environment). Both… Expand
Specifying and Verifying Hysteresis Signature System with HOL-Z
TLDR
A case-study in using the data-oriented modeling language Z to formalize a security architecture for administering digital signatures and its architectural security requirements and provides formal machine-checked proofs of the correctness of the architecture with respect to its requirements. Expand
A model transformation semantics and analysis methodology for SecureUML
TLDR
A semantics for SecureUML is presented in terms of a model transformation to standard uml/ocl, used as part of an implementation of a tool chain ranging from front-end visual modeling tools over code-generators to the interactive theorem proving environment hol-ocl. Expand
Formal firewall conformance testing: an application of test and proof techniques
TLDR
A formal model of both stateless and stateful firewalls (packet filters), including NAT, is presented to which a specification‐based conformance test case generation approach is applied and a verified optimisation technique for this approach is presented. Expand
Verified Firewall Policy Transformations for Test Case Generation
TLDR
This work derives a collection of semantics-preserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage from a formal model for firewall policies in higher-order logic. Expand
A Formal Security Model for Verification of Automotive Embedded Applications
Intelligent Transport Systems (ITS) arose several years ago as a promising solution to decrease road casualties [1]. ITS are based upon heterogeneous wireless networks of vehicles and road sideExpand
POUR PDF - copie
HOL-TestGen/CirTA is a theorem-prover based environment for test generation from specifications written in Circus. Circus is a formal specification language which combines the notions of states andExpand
HOL-TestGen 1.0.0 User Guide
TLDR
The approach is a specification-based unit test, which shows that Dijkstra’s Verdict is no longer true under all circumstances, and that it simply does not apply in practically important situations. Expand
HOL-TestGen 1.8.0 User Guide
TLDR
The approach is a specification-based unit test, which shows that Dijkstra’s Verdict is no longer true under all circumstances, and that it simply does not apply in practically important situations. Expand
Introductory paper
  • T. Arts, J. V. D. Pol
  • Computer Science
  • International Journal on Software Tools for Technology Transfer
  • 2005
TLDR
This special section of STTT on Formal Methods for Industrial Critical Systems is named after the ERCIM working group FMICS and contains the mature full versions of the best papers from the 8th international E RCIM workshop on formal methods for industrial critical systems, held in June 2003. Expand
Recent advances in interactive and automated analysis
  • Radu Mateescu
  • Computer Science
  • International Journal on Software Tools for Technology Transfer
  • 2017
TLDR
This work discusses some recent advances in the field of formal methods equipped with powerful and versatile analysis tools, and introduces five papers selected from the 22th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2016). Expand
...
1
2
...

References

SHOWING 1-10 OF 24 REFERENCES
A CVS-Server Security Architecture — Concepts and Formal Analysis
TLDR
The CVS-server is uses cvsauth, that provides protection of passwords and protection of some internal data of the CVS repository and the approach can be seen as a method to give a formal underpinning for the usually tricky business of system administrators. Expand
HOL-Z 2.0: A Proof Environment for Z-Specifications
TLDR
A new proof environment for the specification language Z is presented, integrating Z into a well-known and trusted theorem prover with advanced deduction technology such as higher-order rewriting, tableaux-based provers and arithmetic decision procedures. Expand
The Inductive Approach to Verifying Cryptographic Protocols
Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-stateExpand
Confidentiality-Preserving Refinement is Compositional - Sometimes
TLDR
It turns out that the refinement relation is not composition in general, but the condition for compositionality can be stated in a way that builds on the analysis of subsystems thus aiding system designers in analyzing a composition. Expand
Role-Based Access Control Models
TLDR
Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed. Expand
An Introduction to Software Architecture
  • D. Garlan, M. Shaw
  • Computer Science
  • Advances in Software Engineering and Knowledge Engineering
  • 1993
TLDR
This paper provides an introduction to the emerging field of software architecture by considering a number of common architectural styles upon which many systems are currently based and showing how different styles can be combined in a single design. Expand
The Theory and Practice of Concurrency
TLDR
This book provides a detailed foundation for working with CSP, using as little mathematics as possible, and introduces the ideas behind operational, denotational and algebraic models of CSP. Expand
Introduction to HOL: a theorem proving environment for higher order logic
Part I. Tutorial: 1. Introduction to ML 2. The HOL logic 3. Introduction to proof with HOL 4. Goal-oriented proof: tactics and tacticals 5. Example: a simple parity checker 6. How to program a proofExpand
Secrecy-Preserving Refinement
TLDR
A useful paradigm of system development is that of stepwise refinement, but many security properties proposed in the literature are not preserved under refinement (refinement paradox). Expand
Using Z - specification, refinement, and proof
  • J. Woodcock, J. Davies
  • Mathematics, Computer Science
  • Prentice Hall international series in computer science
  • 1996
TLDR
The book discusses data Refinement, Relaxing and Unwinding Data Refinement and Z, and the importance of Equality and Definite Description in the application of data refinement. Expand
...
1
2
3
...