Design and Validation of a General Security Model with the Alloy Analyzer

We define secure communication to require message integrity, confidentiality, authentication and non-repudiation. This high-level definition forms the basis for many widely accepted definitions of secure communication. In order to understand how security constrains the design of our secure connectors, we have created new logical formulas that define these security properties. Our novel definitions use first-order epistemic and modal logics to precisely describe the constituent properties of secure communications. Our definitions should be applicable to describe security in the general case. We subsequently codified our logical formulas into the Alloy language and executed them using the Alloy Analyzer to validate that our models are correct. This paper presents the definition of our security model, our Alloy implementation, and the results of our validation efforts.