Formal Analysis and Verification of Systems Security Models with Gnosis
نویسندگان
چکیده
Emergent context-dependent non-functional requirements, such as those involving systems security activities and processes are, almost by definition, difficult to assess for their adequacy. One cannot easily anticipate and measure the effectiveness of systems defences in advance of actual field deployment until it is, of course, too late and the damage has been done. Our approach to security requirements assessment involves explicitly building systems security models using Gnosis, a process modelling simulation language developed at HP Labs. Gnosis models capture security situations which typically include aspects of the threat environment. In this paper we present the core aspects of this approach and discuss our latest work on developing explicit-state model checking of properties of multiple simulation runs.
منابع مشابه
Modeling and Evaluation of Stochastic Discrete-Event Systems with RayLang Formalism
In recent years, formal methods have been used as an important tool for performance evaluation and verification of a wide range of systems. In the view points of engineers and practitioners, however, there are still some major difficulties in using formal methods. In this paper, we introduce a new formal modeling language to fill the gaps between object-oriented programming languages (OOPLs) us...
متن کاملModeling and Evaluation of Stochastic Discrete-Event Systems with RayLang Formalism
In recent years, formal methods have been used as an important tool for performance evaluation and verification of a wide range of systems. In the view points of engineers and practitioners, however, there are still some major difficulties in using formal methods. In this paper, we introduce a new formal modeling language to fill the gaps between object-oriented programming languages (OOPLs) us...
متن کاملA short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملComputationally secure multiple secret sharing: models, schemes, and formal security analysis
A multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants. in such a way a multi-secret sharing scheme (MSS) allows a dealer to share multiple secrets among a set of participants, such that any authorized subset of participants can reconstruct the secrets. Up to now, existing MSSs either require too long shares for participants to be perfect secur...
متن کاملReachability checking in complex and concurrent software systems using intelligent search methods
Software system verification is an efficient technique for ensuring the correctness of a software product, especially in safety-critical systems in which a small bug may have disastrous consequences. The goal of software verification is to ensure that the product fulfills the requirements. Studies show that the cost of finding and fixing errors in design time is less than finding and fixing the...
متن کامل