Integrating Formal Analysis and Design to Preserve Security Properties | IEEE Conference Publication | IEEE Xplore