Abstract Machines for Communication Security
نویسندگان
چکیده
We use an existing formal software developement method called B in order to build and verify specica-tions of a communication channel, cryptographic functions and security properties. We show on an example how these basic specications may be combined in order to write abstract specications of cryptographic protocols and to verify their security. 1 Introduction Security evaluation criteria recommend that developers produce mathematical models of their systems and use these models in order to prove the security of their product. But developers are often reluctant to use formal methods because they have no evidence that this would actually increase the security of their products. They often consider that using mathematical notations produces very complex descriptions of real systems from which security proofs are very di-cult to obtain. Moreover, in general, formal methods cannot easily be integrated in usual development practices. This leads to the undesirable situation where the formal modeling work is treated separately from the development. Formal methods when used to study functional cor-rectness seem to have reached a higher level of maturity. This might help to change the relunctance to use formal methods. These methods are able to treat (to give a formal counterpart to) structuration concepts used to simplify the development of software as layer, service, module, interface. Furthermore, these methods are supported by tools that assist the user during the writing of specications and during the proofs. In this paper, we would like to show that it is possible to verify some aspects of security using available and general purpose technology. We were more particularly interested in the verication of the security of cryptographic protocols. We used, for that purpose , a formal software developement method called B [1]. This method contains a specication language that is state-oriented as Z [12] or FDM [8]. We also used B-Toolkit [2], a tool that supports every aspects of this method, in order to build the various abstract
منابع مشابه
Verifying Security Protocols: An ASM Approach
In this paper we present a modeling technique for security protocols using Abstract State Machines [BS03,Gur95] (ASMs). We describe how we model the different agents in the scenario, the attacker and the communication between them.
متن کاملProving Reachability and Non-Interference in B
This paper proposes an approach to prove interference freedom for a reachability property of the form AG ψ ⇒ EF φ in a B specification. Such properties frequently occur in security policies and information systems. Reachability is proved by constructing using stepwise algorithmic refinement an abstract program that refines AG ψ ⇒ EF φ. We propose proof obligations to show non-interference, ie, ...
متن کاملA Security Logic for Abstract State Machines
We extend the logic for Abstract State Machines by a read predicate that allows to make precise statements about the accesses of locations of an ASM. The logic can be used to prove security properties of ASMs like that the machine does not read locations containing critical information or that all accesses of the machine are in a well-defined region of the abstract memory. The new read predicat...
متن کاملVerifying Smart Card Applications: An ASM Approach
We present a formal model for security protocols of smart card applications using Abstract State Machines [BS03, Gur95] (ASMs) and a suitable method for verifying security properties of such protocols. The main part of this article describes the structure of the protocol-ASM and all its relevant parts. Integrated in the ASM are all relevant aspects of the scenario: The agents participating in t...
متن کاملConsistent ASM Updates from Atomic Composition
We propose an approach to the consistent update problem of Abstract State Machines through a correctness preserving composition operator. Inconsistent updates are transparently isolated and cause local failure rather systemic failure. This is achieved by a source-to-source translation rather than changing the semantics of Abstract State Machines, thus preserving findings of previous studies on ...
متن کاملCommunication in Abstract State Machines
Up to recently the majority of applications of the Abstract State Machines method for design and verification of computational systems used the shared variable approach. However in particular with distributed systems only various forms of communication may be available to share information. We define communicating ASMs by using instead of shared locations an explicit, abstract concept of Sendin...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1993