Formally Testing Fail-Safety of Electronic Purse Protocols
نویسندگان
چکیده
Designing and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of securitycritical systems using the CASE tool AutoFocus. Cryptographic systems are formally specified with state transition diagrams, a notation for state machines in the AutoFocus system. We show how to systematically generate test sequences for security properties based on the model that can be used to test the implementation for vulnerabilities. In particular, we focus on the principle of fail-safety. We explain our method at the example of a part of the Common Electronic Purse Specifications (CEPS), a candidate for an international electronic purse standard. Most commonly, attacks address vulnerabilities in the way security mechanisms are used, rather than the mechanisms themselves. Being able to treat security aspects with a general This work was partially supported by the Studienstiftung des deutschen Volkes, and by the German Ministry of Economics within the FairPay project , tel. +44 1865 284104, fax +44 1865 273839 Wolfson Building, Parks Road, Oxford OX1 3QD, Great Britain , tel. +49 89 289 28362, fax +49 89 289 25310 TU München, 80290 München, Germany CASE tool within the context of system development enables detection of such vulnerabilities.
منابع مشابه
Formally testing fail-safety of Electronic Purse Protocols Extended Abstract
Designing and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of securitycritical systems using the CASE tool AutoFocus. Cryptographic systems are formally specified with state transition diagrams, a notation for state machines in the AutoFocus...
متن کاملFormally Testing Fail - Safety of Electronic
Designing and implementing security-critical systems correctly is difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of security-critical systems using the CASE tool AutoFocus. Cryptographic systems are formally specified with state transition diagrams, a notation for state machines in the AutoFocus sys...
متن کاملConformance Testing from UML Specifications. Experience Report
UMLAUT is a framework for building tools dedicated to the manipulation of models described using the Unified Modeling Language (UML). TGV is a tool for the generation of conformance test suites for protocols. Both tools are connected so that it is possible to specify an application in UML and derive automatically some test cases. In this article, the integration of those tools in an industrial ...
متن کاملSecurity Modelling for Electronic Commerce: The Common Electronic Purse Specifications
Designing security-critical systems correctly is very difficult. We present work on software engineering of security critical systems, supported by the CASE tool AUTOFOCUS. Security critical systems are specified with extended structure diagrams, message sequence charts for the protocols and statecharts for the attacker, translated into an AUTOFOCUS system model and examined for security weakne...
متن کاملTools for automated conformance testing of Java Card applets
In this article we describe a methodology enabling to automatically gener ate test suits for Java Card applets The considered case study is a classical electronic purse We use two complementary tools TGV to generate test data and Umlaut to design an object oriented model and to translate it into the input format of TGV The integration of those tools in an industrial process is evaluated in the ...
متن کامل