Skip to main content
SpringerLink
Log in

Formal Verification of Application-Specific Security Properties in a Model-Driven Approach

  • Conference paper
Book cover Engineering Secure Software and Systems (ESSoS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5965))

Included in the following conference series:

Abstract

We present a verification method that allows to prove security for security-critical systems based on cryptographic protocols. Designing cryptographic protocols is very difficult and error-prone and most tool-based verification approaches only consider standard security properties such as secrecy or authenticity. In our opinion, application-specific security properties give better guarantees. In this paper we illustrate how to verify properties that are relevant for e-commerce applications, e.g. ’The provider of a copying service does not lose money’. This yields a more complex security property that is proven using interactive verification. The verification of this kind of application-specific property is part of the SecureMDD approach which provides a method to model a security-critical application with UML and automatically generates executable code as well as a formal specification for interactive verification from the UML models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems 8(1), 18–36 (1990)

    Article  Google Scholar 

  2. Bella, G.: Mechanising a Protocol for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, p. 19. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Blanchet, B.: Automatic Verification of Correspondences for Security Protocols. Journal of Computer Security 17(4), 363–434 (2009)

    Google Scholar 

  4. Bella, G., Massacci, F., Paulson, L.C.: Verifying the SET purchase protocols. Journal of Automated Reasoning 36(1-2), 5–37 (2006)

    Article  MATH  Google Scholar 

  5. Basin, D.A., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. Int. J. Inf. Sec. 4(3), 181–208 (2005)

    Article  Google Scholar 

  6. Balser, M., Reif, W., Schellhorn, G., Stenzel, K., Thums, A.: Formal system development with KIV. In: Maibaum, T. (ed.) FASE 2000. LNCS, vol. 1783, p. 363. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  7. Börger, E., Stärk, R.F.: Abstract State Machines—A Method for High-Level System Design and Analysis. Springer, Heidelberg (2003)

    MATH  Google Scholar 

  8. Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proc. 22th IEEE Symposium on Foundations of Computer Science. IEEE, Los Alamitos (1981)

    Google Scholar 

  9. Haneberg, D., Grandy, H., Reif, W., Schellhorn, G.: Verifying Smart Card Applications: An ASM Approach. In: Davies, J., Gibbons, J. (eds.) IFM 2007. LNCS, vol. 4591, pp. 313–332. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  11. Jürjens, J.: Developing high-assurance secure systems with UML: a smartcard-based purchase protocol. In: IEEE International Symposium on High Assurance Systems Engineering (2004)

    Google Scholar 

  12. Jones, C., Woodcock, J. (eds.): Formal Aspects of Computing, vol. 20 (1). Springer, Heidelberg (2008)

    Google Scholar 

  13. Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Google Scholar 

  14. Meadows, C.: The NRL protocol analyzer: An overview. Journal of Logic Programming 26(2), 113–131 (1996)

    Article  MATH  Google Scholar 

  15. Moebius, N., Stenzel, K., Grandy, H., Reif, W.: SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications. In: Third International Workshop on Secure Software Engineering, SecSE, at ARES 2009. IEEE Press, Los Alamitos (2009)

    Google Scholar 

  16. Moebius, N., Stenzel, K., Reif, W.: Modeling Security-Critical Applications with UML in the SecureMDD Approach. International Journal on Advances in Software 1(1) (2008)

    Google Scholar 

  17. Moebius, N., Stenzel, K., Reif, W.: Generating Formal Specifications for Security-Critical Applications - A Model-Driven Approach. In: ICSE 2009 Workshop: International Workshop on Software Engineering for Secure Systems (SESS 2009). IEEE/ACM Digital Libary (2009)

    Google Scholar 

  18. Paulson, L.C.: The Inductive Approach to Verifying Cryptographic Protocols. J. Computer Security 6 (1998)

    Google Scholar 

  19. Lopez Pimental, J.C., Monroy, R.: Formal support to security protocol development: A survey. Computacion y Sistemas 12(1) (2008)

    Google Scholar 

  20. Woodcock, J.: First Steps in the Verified Software Grand Challenge. IEEE Computer 39(10), 57–64 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Software and Systems Engineering, University of Augsburg, 86135, Augsburg, Germany

    Nina Moebius, Kurt Stenzel & Wolfgang Reif

Authors
  1. Nina Moebius
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kurt Stenzel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wolfgang Reif
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento Ingegneria e Scienza dell’Informazione, Università di Trento, Via Sommarive 14, 38050, Povo (Trento), Italy

    Fabio Massacci

  2. Department of Computer Science, Rice University, 3122 Duncan Hall, 6100 Main Street, TX 77005, Houston, USA

    Dan Wallach

  3. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5612, Eindhoven, AZ, The Netherlands

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Moebius, N., Stenzel, K., Reif, W. (2010). Formal Verification of Application-Specific Security Properties in a Model-Driven Approach. In: Massacci, F., Wallach, D., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2010. Lecture Notes in Computer Science, vol 5965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11747-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11747-3_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11746-6

  • Online ISBN: 978-3-642-11747-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation