Skip to main content
SpringerLink
Log in

Developing Provable Secure M-Commerce Applications

  • Conference paper
Emerging Trends in Information and Communication Security (ETRICS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3995))

Abstract

We present a modeling framework and a verification technique for m-commerce applications. Our approach supports the development of secure communication protocols for such applications as well as the refinement of the abstract protocol descriptions into executable Java code without any gap. The technique is explained using an interesting m-commerce application, an electronic ticketing system for cinema tickets. The verification has been done with KIV [BRS + 00].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R., Needham, R.: Programming Satan’s Computer. In: van Leeuwen, J. (ed.) Computer Science Today. LNCS, vol. 1000, Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  2. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Proceedings of the Royal Society of London (Series A, 426, 1871) (1989)

    Google Scholar 

  3. Bolton, C., Davies, J., Woodcock, J.C.P.: On the refinement and simulation of data types and processes. In: Araki, K., Galloway, A., Taguchi, K. (eds.) Proceedings of the International conference of Integrated Formal Methods (IFM), pp. 273–292. Springer, Heidelberg (1999)

    Google Scholar 

  4. Tickets on your Mobile (last seen March 16, 2006), http://www.beep.nl

  5. Borisov, N., Goldberg, I., Wagner, D.: Intercepting Mobile Mommunications: The Insecurity of 802.11. In: MobiCom 2001: Proceedings of the 7th annual international conference on Mobile computing and networking, pp. 180–189. ACM Press, New York (2001)

    Google Scholar 

  6. Basin, D., Mödersheim, S., Viganò, L.: An On-the-Fly Model-Checker for Security Protocol Analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Börger, E.: The ASM Refinement Method. Formal Aspects of Computing 15(1–2), 237–257 (2003)

    Article  MATH  Google Scholar 

  8. Balser, M., Reif, W., Schellhorn, G., Stenzel, K., Thums, A.: Formal System Development with KIV. In: Maibaum, T. (ed.) FASE 2000. LNCS, vol. 1783, p. 363. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  9. Börger, E., Stärk, R.F.: Abstract State Machines—A Method for High-Level System Design and Analysis. Springer, Heidelberg (2003)

    Book  MATH  Google Scholar 

  10. Derrick, J., Boiten, E.: Refinement in Z and in Object-Z: Foundations and Advanced Applications. In: FACIT, Springer, Heidelberg (2001)

    Google Scholar 

  11. de Roever, W., Engelhardt, K.: Methods of Algorithmic Language Implementation. Cambridge Tracts in Theoretical Computer Science, vol. 47. Cambridge University Press, Cambridge (1998)

    Book  MATH  Google Scholar 

  12. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29 (1983)

    Google Scholar 

  13. Grandy, H., Stenzel, K., Reif, W.: Object-Oriented Verification Kernels for Secure Java Applications. In: Aichering, B., Beckert, B. (eds.) SEFM 2005 – 3rd IEEE International Conference on Software Engineering and Formal Methods. IEEE Press, Los Alamitos (2005)

    Google Scholar 

  14. Gurevich, M.: Evolving algebras 1993: Lipari guide. In: Börger, E. (ed.) Specification and Validation Methods, pp. 9–36. Oxford University Press, Oxford (1995)

    Google Scholar 

  15. Haneberg, D., Grandy, H., Reif, W., Schellhorn, G.: Verifying Security Protocols: An ASM Approach. In: Beauquier, D., Börger, E., Slissenko, A. (eds.) 12th Int. Workshop on Abstract State Machines, ASM 2005, University Paris 12 – Val de Marne, Créteil, France (March 2005)

    Google Scholar 

  16. Jifeng, H., Hoare, C.A.R., Sanders, J.W.: Data refinement refined. In: Robinet, B., Wilhelm, R. (eds.) ESOP 1986. LNCS, vol. 213, pp. 187–196. Springer, Heidelberg (1986)

    Chapter  Google Scholar 

  17. Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. MIT Press, Cambridge (2000)

    MATH  Google Scholar 

  18. Haneberg, D., Reif, W., Stenzel, K.: A Method for Secure Smartcard Applications. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, p. 319. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  19. Web presentation of KIV projects, http://www.informatik.uni-augsburg.de/swt/projects/

  20. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  21. Meadows, C.: The NRL protocol analyzer: An overview. Journal of Logic Programming 26(2), 113–131 (1996)

    Article  MATH  Google Scholar 

  22. Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6, 85–128 (1998)

    Article  Google Scholar 

  23. Schellhorn, G.: Verification of ASM Refinements Using Generalized Forward Simulation. Journal of Universal Computer Science (J.UCS) 7(11), 952–979 (2001), http://hyperg.iicm.tu-graz.ac.at/jucs/

    MathSciNet  Google Scholar 

  24. Schellhorn, G.: ASM Refinement and Generalizations of Forward Simulation in Data Refinement: A Comparison. Journal of Theoretical Computer Science 336(2-3), 403–435 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  25. Stenzel, K.: A Formally Verified Calculus for Full Java Card. In: Rattray, C., Maharaj, S., Shankland, C. (eds.) AMAST 2004. LNCS, vol. 3116, pp. 491–505. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  26. Stenzel, K.: Verification of Java Card Programs. PhD thesis, Universität Augsburg, Fakultät für Angewandte Informatik (2005), http://www.opus-bayern.de/uni-augsburg/volltexte/2005/122/

  27. Sun Microsystems Inc. Java Micro Edition, http://java.sun.com/j2me/index.jsp

  28. Woodcock, J.C.P., Davies, J.: Using Z: Specification, Proof and Refinement. Prentice Hall International Series in Computer Science (1996)

    Google Scholar 

  29. Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. In: 2nd USENIX Workshop on Electronic Commerce, (November 1996) (A revised version is available at), http://www.schneier.com/paper-ssl.html

Download references

Author information

Authors and Affiliations

  1. Lehrstuhl für Softwaretechnik und Programmiersprachen, Institut für Informatik, Universität Augsburg, 86135, Augsburg, Germany

    Holger Grandy, Dominik Haneberg, Wolfgang Reif & Kurt Stenzel

Authors
  1. Holger Grandy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dominik Haneberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wolfgang Reif
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kurt Stenzel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Informatik und Gesellschaft, Abt. Telematik, Albert-Ludwigs-Universität Freiburg, Friedrichstr. 50, 79098, Freiburg, Germany

    Günter Müller

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Grandy, H., Haneberg, D., Reif, W., Stenzel, K. (2006). Developing Provable Secure M-Commerce Applications. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_9

Download citation

  • DOI: https://doi.org/10.1007/11766155_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34640-1

  • Online ISBN: 978-3-540-34642-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation