• Corpus ID: 6427232

A Verification Approach for Applied System Security

@inproceedings{Brucker2004AVA,
  title={A Verification Approach for Applied System Security},
  author={Achim D. Brucker and Burkhart Wolff},
  year={2004},
  url={https://api.semanticscholar.org/CorpusID:6427232}
}
A method for the security analysis of realistic models over off-the-shelf systems and their configuration by formal, machine-checked proofs by formal, machine-checked proofs is presented.
No Paper Link Available
13 Citations
Background Citations
6
Methods Citations
1

Figures from this paper

13 Citations

Specifying and Verifying Hysteresis Signature System with HOL-Z

A case-study in using the data-oriented modeling language Z to formalize a security architecture for administering digital signatures and its architectural security requirements and provides formal machine-checked proofs of the correctness of the architecture with respect to its requirements.

A model transformation semantics and analysis methodology for SecureUML

A semantics for SecureUML is presented in terms of a model transformation to standard uml/ocl, used as part of an implementation of a tool chain ranging from front-end visual modeling tools over code-generators to the interactive theorem proving environment hol-ocl.

Formal firewall conformance testing: an application of test and proof techniques

A formal model of both stateless and stateful firewalls (packet filters), including NAT, is presented to which a specification‐based conformance test case generation approach is applied and a verified optimisation technique for this approach is presented.

Verified Firewall Policy Transformations for Test Case Generation

This work derives a collection of semantics-preserving policy transformation rules and an algorithm that optimizes the specification with respect of the number of test cases required for path coverage from a formal model for firewall policies in higher-order logic.

POUR PDF - copie

This report presents a first case study performed on a component of a real-world medical monitoring system written in Java and shows that a specific test generation tactic is more efficient than the generic procedure.

A Formal Security Model for Verification of Automotive Embedded Applications

This work proposes a validation methodology that assists the design of such embedded systems, and is based on a Formal Security Model that mainly targets model checking and relies on the decoupling between system design and security issues whilst all are integrated in the same framework.

HOL-TestGen 1.0.0 User Guide

The approach is a specification-based unit test, which shows that Dijkstra’s Verdict is no longer true under all circumstances, and that it simply does not apply in practically important situations.

HOL-TestGen 1.8.0 User Guide

The approach is a specification-based unit test, which shows that Dijkstra’s Verdict is no longer true under all circumstances, and that it simply does not apply in practically important situations.

Recent advances in interactive and automated analysis

This work discusses some recent advances in the field of formal methods equipped with powerful and versatile analysis tools, and introduces five papers selected from the 22th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2016).

Introductory paper

This special section of STTT on Formal Methods for Industrial Critical Systems is named after the ERCIM working group FMICS and contains the mature full versions of the best papers from the 8th international E RCIM workshop on formal methods for industrial critical systems, held in June 2003.

21 References

A CVS-Server Security Architecture — Concepts and Formal Analysis

The CVS-server is uses cvsauth, that provides protection of passwords and protection of some internal data of the CVS repository and the approach can be seen as a method to give a formal underpinning for the usually tricky business of system administrators.

HOL-Z 2.0: A Proof Environment for Z-Specifications

A new proof environment for the specification language Z is presented, integrating Z into a well-known and trusted theorem prover with advanced deduction technology such as higher-order rewriting, tableaux-based provers and arithmetic decision procedures.

The inductive approach to verifying cryptographic protocols

Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-state

Isabelle/HOL: A Proof Assistant for Higher-Order Logic

    Computer Science, Mathematics
  • 2002
This presentation discusses Functional Programming in HOL, which aims to provide students with an understanding of the programming language through the lens of Haskell.

Confidentiality-Preserving Refinement is Compositional - Sometimes

It turns out that the refinement relation is not composition in general, but the condition for compositionality can be stated in a way that builds on the analysis of subsystems thus aiding system designers in analyzing a composition.

The Theory and Practice of Concurrency

This book provides a detailed foundation for working with CSP, using as little mathematics as possible, and introduces the ideas behind operational, denotational and algebraic models of CSP.

Role-Based Access Control Models

Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.

Secrecy-Preserving Refinement

A useful paradigm of system development is that of stepwise refinement, but many security properties proposed in the literature are not preserved under refinement (refinement paradox).

Using Z - specification, refinement, and proof

    J. WoodcockJ. Davies
    Computer Science, Mathematics
    Prentice Hall international series in computer…
  • 1996
The book discusses data Refinement, Relaxing and Unwinding Data Refinement and Z, and the importance of Equality and Definite Description in the application of data refinement.

Open Source Development with CVS

The goal of this book is to document this new culture and provide concrete advice for people managing or participating in Open Source projects, and to tell you everything you need to know to use CVS, with an eye toward using it on Open source projects.