Security Specification and Verification
نویسنده
چکیده
Formalizing security requirements has received a significant attention since the 70s. However, a general method for specifying security requirements is still missing. Especially, little work has been presented on specifying and verifying that a given application is a secure resource consumer. The purpose of this work is to set up a methodology for (1)specifying security requirements of service providers and (2)proving that some application securely uses some resources. The developed theory will be evaluated and applied in two different areas: secure mobile code development and secure COTS-based software development.
منابع مشابه
A model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملWeb Service Choreography Verification Using Z Formal Specification
Web Service Choreography Description Language (WS-CDL) describes and orchestrates the services interactions among multiple participants. WS-CDL verification is essential since the interactions would lead to mismatches. Existing works verify the messages ordering, the flow of messages, and the expected results from collaborations. In this paper, we present a Z specification of WS-CDL. Besides ve...
متن کاملVerifying an im plem entation of SSH
We present a case study in the formal verification of an open source Java implementation of SSH. We discuss the security flaws we found and fixed by means of formal specification and verification – using the specification language JML and the program verification tool ESC/Java2 – and by more basic manual code inspection. Of more general interest is the methodology we propose to formalise securi...
متن کاملA Survey of Verification Techniques for Security Protocols
Security protocols aim to allow secure electronic communication despite the potential presence of eavesdroppers. Guaranteeing their correctness is vital in many applications. This report briefly surveys the many formal specification and verification techniques proposed for describing and analysing security protocols.
متن کاملA methodology for secure interactive systems
This dissertation introduces a methodology for formal specification and verification of user interfaces under security aspects. The methodology allows to use formal methods pervasively in the specification and verification of human-computer interaction. This work consists of three parts. In the first part, a formal methodology for the description of human-computer interaction is developed. In t...
متن کاملA Logic Programming Approach for Formal Verification of NetBill Security and Transactions Protocol
Use of formal techniques for verifying the security features of electronic commerce protocols would facilitate, the enhancement of reliability of such protocols, thereby increasing their usability. This paper projects the application of logic programming techniques for formal verification of a well referred security and transactions protocol, the NetBill. The paper uses ALSP (Action Language fo...
متن کامل