71,820 Hits in 2.9 sec

A logic for constraint-based security protocol analysis

R. Corin, A. Saptawijaya
2006 2006 IEEE Symposium on Security and Privacy (S&P'06)  
A preliminary attempt to use logic for specifying local security properties in a constraint-based setting has been carried out [3] .  ...  However, none of these constraint-based systems provide enough flexibility and expresiveness in specifying security properties.  ...  We provide a Prolog implementation and have analysed several security protocols. There are many directions for improvement.  ... 
doi:10.1109/sp.2006.3 dblp:conf/sp/CorinES06 fatcat:ooxcdxojy5gwlaaais2kd6alsu

A Declarative Framework for Security: Secure Concurrent Constraint Programming [chapter]

Hugo A. López, Catuscia Palamidessi, Jorge A. Pérez, Camilo Rueda, Frank D. Valencia
2006 Lecture Notes in Computer Science  
In recent years, there has been a growing interest in the analysis of security protocols and one promising approach is the development of formalisms that model communicating processes, in particular Process  ...  Concurrent Constraint Programming (CCP) is a well-established formalism which generalizes Logic Programming [Sar93].  ...  The main goal is to develop a CCP-based framework for security protocols. The novelty is the combination in one unique formalism of behavioral and logical techniques.  ... 
doi:10.1007/11799573_43 fatcat:7lrxu4tni5bablcdcnvbjmgzs4

A Novel Logic for Analyzing Electronic Payment Protocols

Yi Liu, Xing-Tong Liu, Chao-Jing Tang, T. Gong, T. Yang, J. Xu
2016 ITM Web of Conferences  
The novel method extends Qing-Zhou approach based on logic reasoning by adding a simple time expression and analysis method.  ...  At the same time, its idea has a certain guiding value for improving the security of other security protocols.  ...  Approach based on logic is a kind of important formal analysis method of electronic payment protocol in recent years.  ... 
doi:10.1051/itmconf/20160701002 fatcat:26vr2exzfrgubawxgpgshyeb5e

Model Driven Security Analysis of IDaaS Protocols [chapter]

Apurva Kumar
2011 Lecture Notes in Computer Science  
We extend an important belief logic (the so-called BAN logic) used for analyzing security in authentication protocols to support new concepts that are specific to browser based IDaaS protocols.  ...  We also address the problem of automating belief based security analysis through a UML based model driven approach which can be easily integrated with existing software engineering tools.  ...  An important set of approaches for security protocol analysis are based on the Burrows, Abadi, Needham (BAN) [1] logic which is used to express and reason about beliefs for secure communication.  ... 
doi:10.1007/978-3-642-25535-9_21 fatcat:wnvboxlxh5ak7dsriu7bskrgl4

Believing the Integrity of a System

Simon N. Foley
2005 Electronical Notes in Theoretical Computer Science  
This paper examines the meaning of integrity and and describes a simple belief logic approach for analysing the integrity of a system configuration.  ...  An integrity policy defines the situations when modification of information is authorised and is enforced by the protection mechanisms of a system.  ...  Development and implementation of the Theory Generation encoding of the Simple Logic verifier was by Daithi O'Crualaoich and its adaptation to an automatic protocol generator by Hongbin Zhou.  ... 
doi:10.1016/j.entcs.2004.09.037 fatcat:yn6kvlm3knd4rm5l6j2rzsraoi

Tools for model-based security engineering

Jan Jürjens, Yijun Yu
2007 Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering - ASE '07  
Advanced users can use this open-source framework to implement verification routines for the constraints of self-defined security requirements.  ...  In the approach supported by these tools, one firstly specifies the securitycritical part of the system (e.g. a crypto protocol) using the UML security extension UMLsec.  ...  Towards this goal, the security extension UMLsec for the Unified Modeling Language (UML) [3] allows us to include security requirements as stereotypes with logical constraints.  ... 
doi:10.1145/1321631.1321736 dblp:conf/kbse/JurjensY07 fatcat:s3sfewbyx5hzpmaocuee75lmei

Modeling and Verifying Time Sensitive Security Protocols with Constraints

Ti Zhou, Mengjun Li, Zhoujun Li, Huowang Chen
2008 Electronical Notes in Theoretical Computer Science  
And then, by appending linear arithmetic constraints to the Horn logic model, the extended Horn logic model of security protocols and the modified-version verification method with time constraints are  ...  All operations and the strategy of verification are defined for our constraints system. Thirdly, a method is given to determine whether the constraints has a solution or not.  ...  Xiaoyu Song for useful discussions about the structure of this paper and useful modifications for its presentation.  ... 
doi:10.1016/j.entcs.2008.04.056 fatcat:b4rslhxiyjhp3int4bnufylqlq

Automatic Generation of Certifiable Space Communication Software

Johann Schumann, Ewen Denney
2007 2007 IEEE Aerospace Conference  
Our tools are based upon rigorous logical and mathematical foundations, and are capable of automatically generating high-quality communication software from a high-level model.  ...  Moreover, heightened needs for operations security in recent years add complexity to communication system requirements.  ...  Our protocol analysis tool is designed for this purpose. For formalization of the security proper-ties, it uses the well-known BAN (Burrows, Abadi, Needham) [3] logic.  ... 
doi:10.1109/aero.2007.352903 fatcat:2u2p5l6zyfeb5hpmtqwtyxfvde

Interference Analysis for Dependable Systems Using Refinement and Abstraction [chapter]

Claus Pahl
2002 Lecture Notes in Computer Science  
A common requirement for modern distributed and reactive systems is a high dependability guaranteeing reliability and security.  ...  Refinement and abstraction form the basis for an interference analysis method for security properties and for automated test case generation.  ...  The author would like to thank the anonymous reviewers for their valuable comments.  ... 
doi:10.1007/3-540-45614-7_19 fatcat:ytatdqup4rgx7chd77rp3n4swe

An Overview of FORCES: An INRIA Project on Declarative Formalisms for Emergent Systems [chapter]

Jesús Aranda, Gerard Assayag, Carlos Olarte, Jorge A. Pérez, Camilo Rueda, Mauricio Toro, Frank D. Valencia
2009 Lecture Notes in Computer Science  
The FORCES project aims at providing robust and declarative formalisms for analyzing systems in the emerging areas of Security Protocols, Biological Systems and Multimedia Semantic Interaction.  ...  Concurrent Constraint Programming (CCP) based calculi [1] are computational models that combine the operational view of process calculi with a declarative one based upon logic.  ...  As an application of the semantics, we identified a language for security protocols that can be represented as closure operators over a cryptographic constraint system.  ... 
doi:10.1007/978-3-642-02846-5_44 fatcat:p5icbugmf5cilciphhqle7rhci

Sound methods and effective tools for model-based security engineering with UML

Jan Jürjens
2005 Proceedings of the 27th international conference on Software engineering - ICSE '05  
Thus a sound methodology supporting secure systems development is urgently needed. We present an extensible verification framework for verifying UML models for security requirements.  ...  The work aims to contribute towards usage of UML for secure systems development in practice by offering automated analysis routines connected to popular CASE tools.  ...  Robert Schmidt and Thomas Kuhn and helpful discussions with Gernot Stenz and Matthias Schwan are gratefully acknowledged, as well as interesting discussions with Carlo Montangero about constructing UML security  ... 
doi:10.1145/1062455.1062519 dblp:conf/icse/Jurjens05 fatcat:ktgzyrpznbg4pfolguurvx6ope

Tools for model-based security engineering

Jan Jürjens, Jorge Fox
2006 Proceeding of the 28th international conference on Software engineering - ICSE '06  
We focus on a verification routine that automatically verifies crypto-based software for security requirements by using automated theorem provers.  ...  Advanced users can use this open-source framework to implement verification routines for the constraints of selfdefined security requirements.  ...  BAN logic is a modal belief logic used to formulate the beliefs of protocol participants during protocol execution.  ... 
doi:10.1145/1134285.1134423 dblp:conf/icse/JurjensF06 fatcat:amyu7yvrjvg4bgin5atfaidcce

Network Decoupling for Secure Communications in Wireless Sensor Networks

Wenjun Gu, Xiaole Bai, Sriram Chellappan, Dong Xuan
2006 IEEE International Workshop on Quality of Service, IWQoS  
With this methodology, a wireless sensor network is decoupled into a logical key-sharing network and a physical neighborhood network, which significantly releases the constraint in key path construction  ...  Our contributions are three-fold. 5 Network Decoupling: We propose a methodology called network decoupling for secure communications in wire-  ...  ACKNOWLEDGMENT We thank the anonymous reviewers for their invaluable feedback. This work was partially supported by NSF under grants No. ACI-0329155 and CCF-0546668.  ... 
doi:10.1109/iwqos.2006.250468 dblp:conf/iwqos/GuBCX06 fatcat:wgigdsnvpzdu5odqynbxmns7nu

Model-Based Security Engineering with UML [chapter]

Jan Jürjens
2005 Lecture Notes in Computer Science  
Munich: Model-based Security Engineering with UML 2  ...  Jan Jürjens, TU Munich: Model-based Security Engineering with UML 51 First-order logic: basic rules For initial adversary knowledge (K 0 ): Define knows(E) for any E initially known to the adversary (protocol-specific  ...  Jan Jürjens, TU Munich: Model-based Security Engineering with UML 50 Security analysis in first-order logic Idea: approximate set of possible data values flowing through system from above.  ... 
doi:10.1007/11554578_2 fatcat:rpa3lkle45c4bes434zjmzzduq

Model-Driven Development Meets Security: An Evaluation of Current Approaches

K Kasal, J Heurix, T Neubauer
2011 2011 44th Hawaii International Conference on System Sciences  
Deficiencies in software design are the main reasons for security incidents, resulting in severe economic consequences for (i) the organizations using the software and (ii) the development companies.  ...  This paper evaluates current efforts that position security as a fundamental element in model-driven development, highlights their deficiencies and identifies current research challenges.  ...  This work was supported by grants of the Austrian Government's BRIDGE Research Initiative (contract 824884), the FIT-IT Research Initiative (contract 816158) and was performed at the research center Secure  ... 
doi:10.1109/hicss.2011.310 dblp:conf/hicss/KasalHN11 fatcat:eujsqve6ovgpbagm6nmftoi7li
« Previous Showing results 1 — 15 out of 71,820 results