Validation of a Security Model with the Alloy Analyzer

نویسندگان

Paul S Grisham

Charles L. Chen

Sarfraz Khurshid

Dewayne E. Perry

چکیده

We define secure communication to require message integrity, confidentiality, authentication and non-repudiation. This high-level definition forms the basis for many widely accepted definitions of secure communication. In order to understand how security constrains the design of our secure connectors, we have created new logical formulas that define these security properties. Our novel definitions use first-order epistemic and modal logics to precisely describe the constituent properties of secure communications. Our definitions should be applicable to describe security in the general case. We subsequently codified our logical formulas into the Alloy language and executed them using the Alloy Analyzer to validate that our models are correct. This paper presents the definition of our security model, our Alloy implementation, and the results of our validation efforts.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Design and Validation of a General Security Model with the Alloy Analyzer

متن کامل

Modeling and Validating the Clinical Information Systems Policy Using Alloy

Information systems security defines three properties of information: confidentiality, integrity, and availability. These characteristics remain major concerns throughout the commercial and military industry. In this work, we focus on the integrity aspect of commercial security applications by exploring the nature and scope of the famous integrity policy the Clinical Information Systems Policy....

متن کامل

A Security Domain Model for Implementing Trusted Subject Behaviors

Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. We present a formal definition for trusted subject behaviors, which depends upon a rep...

متن کامل

Safety and Security Assessment of Behavioral Properties Using Alloy

In this paper, we propose a formal approach to supporting safety and security engineering, in the spirit of Model-Based Safety Assessment, using the Alloy language. We first implement a system modeling framework, called Coy, allowing to model system architectures and their behavior with respect to component failures. Then we illustrate the use of Coy by defining a fire detection system example ...

متن کامل

Aspect Oriented Modeling of Impersonation Attack for A Secure Account based Protocol for Mobile Payment

In this paper we propose aspect oriented modeling and verification of a secure account based protocol for mobile payment when the application is under impersonation attack during the purchase phase of the protocol. The proposed work addresses the attack aspect and attack mitigation aspects that are woven inside secure account based protocol for mobile payment. The model proposed in this work gi...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2007

Validation of a Security Model with the Alloy Analyzer

نویسندگان

چکیده

منابع مشابه

Design and Validation of a General Security Model with the Alloy Analyzer

Modeling and Validating the Clinical Information Systems Policy Using Alloy

A Security Domain Model for Implementing Trusted Subject Behaviors

Safety and Security Assessment of Behavioral Properties Using Alloy

Aspect Oriented Modeling of Impersonation Attack for A Secure Account based Protocol for Mobile Payment

عنوان ژورنال:

اشتراک گذاری