Automatic Compositional Verification of Some Security Properties.

1 The Compositional Security Checker (CSC for short) is a semantic tool for the automatic veri cation of some compositional information ow properties. ... The information ow security properties which can be veri ed by CSC are some of those classi ed in 4]. They are derivations of some classic notions, e.g. Non Interference 6]. ... The aim of this work is to present a tool called Compositional Security Checker which can be used to check automatically ( nite state) SPA speci cations against some information ow security properties. ...

doi:10.1007/3-540-61042-1_44 fatcat:p4osbdfevnhhjogunyhvim5upa

We apply state-of-the art deductive verification tools to check security-relevant properties of cryptographic software, including safety, absence of error propagation, and correctness with respect to reference ... These techniques allow us to integrate automatic proof tools with an interactive proof assistant, where the latter is used off-line to prove once-and-for-all fundamental lemmas about properties of programs ... Some of the generated proof-obligations would not however be discharged by an automatic prover. ...

doi:10.1007/s11334-010-0127-y fatcat:ppds2e2jlndujpujasiksuzcxm

Key features include automation of: extraction of models, generation and composition of intrusion models, and verification of security properties. ... Verifying security properties of protocols requires developers to manually create protocol-specific intruder models, which could be tedious and error prone. ... composition of the models and providing the counterexamples for property violations in terms of the domain language. ...

doi:10.1109/icse-companion.2009.5071045 dblp:conf/icse/HannaR09 fatcat:jawejil4fne6zebinaz6y36uee

Presentation on D-MILS project overview and verification framework ... requirement: the system satisfy functional and security requirements even if some subcomponents fail n System requirements guaranteed by the properties of the subcomponents Requirements and properties ... on a compositional approach n System properties are inferred by component properties n Advantages: n Formalized assumptions: components' expectations on their environment t Assumptions must ...

doi:10.5281/zenodo.47985 dblp:conf/hipeac/RuessT15 fatcat:ovbvzpwbarh5dmeckjxa3ru2e4

Open Access

Our techniques solve some of the automation problems that had previously been identified for the self-composition technique [26] . This work will be revised in more detail in Section 2. ... We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. ... The availability of these lemmas will allow automatic provers to carry out the verification process, validating the potentially large number of verification conditions generated by the self-composition ...

doi:10.1016/j.scico.2011.10.008 fatcat:k4jaosxejraejdgqhyfp6dcly4

Szczepanski

Several formalisms and (semi-)automatic tools for the verification of security protocols have been developed. ... In this paper we identify a number of issues that are relevant to applying formal methods to the problem of security protocol composition. ... This layer of abstraction has enabled formal analysis and automatic verification of security protocols. ...

doi:10.1016/j.entcs.2004.12.047 fatcat:imwclgyajzb7digp6nz6r6axf4

Open Access

using call-graph abstractions and compositional techniques; (iii) Formalisation and analysis of security properties, in the areas of information flow control, authorisation, and verification of security ... To deal with post-issuence loading, we adopt a compositional approach to verification, allowing global control-flow properties of the whole system to be reduced to local controlflow properties of the individual ...

doi:10.1016/s1571-0661(04)80824-7 fatcat:3rhsokuaw5haxa32nhwne63h7q

Open Access

In this paper, a verification methodology of a composition of UML behavioural diagrams (State Machine, Activity Diagram, and Sequence Diagram) is proposed. ... In addition, this operator posses a nice property which allows to handle the verification of large system efficiently. To demonstrate the effectiveness of our approach, a case study is presented. ... [5] investigate how the verification of security properties can be enabled by adding formal constraints to UML-based security patterns. ...

doi:10.1007/978-3-642-13273-5_11 fatcat:bqr4g347nvdkhlnizwri4io6bq

Web service composition lets developers create applications on top of serviceoriented computing's native description, discovery, and communication capabilities. ... There are many existing approaches to service composition, ranging from abstract methods to those aiming to be industry standards. The authors describe four key issues for Web service composition. ... Composition correctness requires verification of the composed service's properties, such as security or dependability. ...

doi:10.1109/mic.2004.58 fatcat:e4evym4phbelvevbrbb7eql4qy

It supports early rapid modelling of complex HES through smooth refinements, an open interface based on IP-XACT extensions for secure composition of HES components, and automatic testbench generation over ... This work proposes an advanced methodology based on an open source virtual prototyping framework for verification of complex Heterogeneous Embedded Systems (HES). ... verification of functional and non-functional properties Testbench for verification of functional properties Acceler- ation Generators Automatic testbench generation Automatic conversion ...

doi:10.1109/date.2012.6176482 dblp:conf/date/BeckerDFMPV12 fatcat:ehp4n5fhkfce7nzhu5eooi6bpu

They have defined semantics of the models and applied various logics and formal methods to verification of the rigorousness. ... This paper focuses on formal verification of the models and surveys the efforts. We also discuss the prospect of the solutions. ... The followings are process-algebraic approaches to specify and verify secure compositions of business processes. ...

doi:10.1007/978-3-540-69387-1_58 fatcat:thdl3ghdcrc2bnzqtih6czsyzi

In this paper, we review the state-of-the-art related to security specification, verification, and quantification for software and systems that are modeled by using UML or SysML language. ... The reviewed work fall into the field of secure software and systems engineering that aims at fulfilling the security as an afterthought in the development of secure systems. ... Those research directions are considered as hot research topics in security and formal verification in both software and hardware modeling for the next years. ...

doi:10.1007/s00607-015-0445-x fatcat:yuifxclfgfcmhoxjfpateksysq

specification, formalization, model checking verification and integration steps of desired concrete composite service. ... The integration of Non-Functional Requirements (NFRs) in each step of service composition process, starting with abstract service composition specification to the generation of the verified and concrete ... Whereas the semi-automatic verification consists on adding some adjustments into the generated UPPAAL's automata modeling then running the verification of designer's properties. ...

doi:10.14569/ijacsa.2021.0120377 fatcat:ovsvi5nr4ndhrocudw3oth353u

Szczepanski

The compiler allows the fully automatic translation of an abstract description of a proof goal into an executable implementation. ... Finally, our compiler is certifying, in the sense that it automatically produces a formal proof of the soundness of the compiled protocol for a large class of protocols using the Isabelle/HOL theorem prover ... Also, we would like to thank Stefania Barzan for implementing a preliminary version of the PVT. ...

doi:10.1007/978-3-642-15497-3_10 fatcat:3iizfdskrzal5hb64k5ibm6g2a

A security flaw in the initial version of TLS specification was revealed using a semi-automatic theorem prover, Isabelle/HOL. ... In this paper, we present a theory that allows (1) to specify distributed systems formally, (2) to verify their cryptographic wrt. composition properties, and (3) to demonstrate the correctness of syntactic ... In this work we focus on modelling of security aspects and the corresponding properties of composition. ...

arXiv:1807.01928v1 fatcat:ker7ea54vjgzjlzoxpng6lzjsm

Automatic compositional verification of some Security properties [chapter]

Preserved Fulltext

Deductive verification of cryptographic software

Preserved Fulltext

Slede: Framework for automatic verification of sensor network security protocol implementations

Preserved Fulltext

Distributed Mils (D-Mils) Specification, Analysis, Deployment, And Assurance Of Distributed Critical Systems

Preserved Fulltext

Formal verification of side-channel countermeasures using self-composition

Preserved Fulltext

Compositionality of Security Protocols: A Research Agenda

Preserved Fulltext

Formal Methods Research at SICS and KTH

Preserved Fulltext

Verification of the Correctness in Composed UML Behavioural Diagrams [chapter]

Preserved Fulltext

Current solutions for Web service composition

Preserved Fulltext

MOUSSE: Scaling modelling and verification to complex Heterogeneous Embedded Systems evolution

Preserved Fulltext

A Survey of Formal Verification for Business Process Modeling [chapter]

Preserved Fulltext

Specification, verification, and quantification of security in model-based systems

Preserved Fulltext

Deep Attention on Measurable and Behavioral-driven Complete Service Composition Design Process

Preserved Fulltext

A Certifying Compiler for Zero-Knowledge Proofs of Knowledge Based on Σ-Protocols [chapter]

Preserved Fulltext

FocusST Solution for Analysis of Cryptographic Properties [article]

Preserved Fulltext