Formal Security Analysis with Interacting State Machines
نویسندگان
چکیده
We introduce the ISM approach, a framework for modeling and verifying reactive systems in a formal, even machine-checked, way. The framework has been developed for applications in security analysis. It is based on the notion of Interacting State Machines (ISMs), kind of high-level Input/Output Automata. The ISM framework is used to define system models and present them graphically with the AutoFocus tool, to let them be checked for consistency and translated to a representation within the theorem prover Isabelle/HOL (or alternatively to define them directly as Isabelle theory sections), and finally to employ the theorem prover for performing any kind of syntactic and semantic checks, in particular semi-automatic verification. We demonstrate that the framework can be fruitfully applied for formal system analysis by two classical application examples: the LKW model of the Infineon SLE 66 smart card chip and Lowe’s fix of the Needham-Schroeder Public-Key Protocol.
منابع مشابه
Formal Semantics for Interacting UML subsystems
State Machines Formal semantics for large part of UML using Abstract State Machines (Gurevich). Transition systems. States: multi-sorted first-order structures (set with function names and function interpretations). ASM: set of states (incl. initial state) and update rule. Jan Jürjens, TU Munich: Formal Semantics for Interacting UML subsystems 6 Abstract State Machines: Update rules Update rule...
متن کاملFormal approach on modeling and predicting of software system security: Stochastic petri net
To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...
متن کاملA Formal Approach for Security Evaluation
This paper discusses security issues and considers the extent to which internal relations among entities in a system should be taken into account when carrying out security analysis. We present a concrete and flexible security model expressed in terms of the internal relations in the system, rather than abstract state machines. Based on this model, security analysis can be carried out by decomp...
متن کاملVerifying Interacting Finite State Machines : Complexity
In this report we carry out a computational complexity analysis of a simple model of concurrency consisting of interacting nite state machines with fairness constraints (IFSMs). This model is based on spec-iication languages used for system speciication by actual formal verii-cation tools, and it allows compact representation of complex systems. We categorize the complexity of two problems aris...
متن کاملAnalysis of Security Protocols using Finite-State Machines
This paper demonstrates a comprehensive analysis method using formal methods such as finite-state machine. First, we describe the modified version of our new protocol and briefly explain the encrypt-then-authenticate mechanism, which is regarded as more a secure mechanism than the one used in our protocol. Then, we use a finite-state verification to study the behaviour of each machine created f...
متن کامل