Mind the Gap: Formal Verification and the Common Criteria (Discussion Paper)
نویسندگان
چکیده
It is a common belief that the rise of standardized software certification schemes like the Common Criteria (CC) would give a boost to formal verification, and that software certification may be a killer application for program verification. However, while formal models are indeed used throughout high-assurance certification, verification of the actual implementation is not required by the CC and largely neglected in certification practice – despite the great advances in program verification over the last decade. In this paper we discuss the gap between program verification and CC software certification, and we point out possible uses of code-level program verification in the CC certification process.
منابع مشابه
Considering the Common Criteria: Introduction to Panel Discussion
This paper provides a brief introduction to the draft security standard known us the Common Criteria and suggests possible related topics for penel discussion. Suggestions for discussion In order for a system to be judged secure, there must, be a coherent and comprehensive set of criteria against which it can be measured. In recent years, a number of different security standards have been devel...
متن کاملWeb Service Choreography Verification Using Z Formal Specification
Web Service Choreography Description Language (WS-CDL) describes and orchestrates the services interactions among multiple participants. WS-CDL verification is essential since the interactions would lead to mismatches. Existing works verify the messages ordering, the flow of messages, and the expected results from collaborations. In this paper, we present a Z specification of WS-CDL. Besides ve...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملA short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملTransforming Fuzzy State Diagram to Fuzzy Petri net
UML is known as one of the most common methods in software engineering. Since this language is semi-formal, many researches and efforts have been performed to transform this language into formal methods including Petri nets. Thus, the operation of verification and validation of the qualitative and nonfunctional parameters could be achieved with more ability. Since the majority of the real world...
متن کامل