Modelling and verification of layered security protocols: A bank application

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2788, Issue , 2003, Pages 116-129

  Grünbauer, Johannes ^a   Hollmann, Helia ^b   Jürjens, Jan ^a   Wimmel, Guido ^a  

^a TECHNICAL UNIVERSITY OF MUNICH   (Germany)

^b Secaron AG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTERS;

AUTO-FOCUS; COMPUTER AIDED SYSTEMS ENGINEERING; LAYERED SECURITY; SECURITY PROPERTIES; SECURITY REQUIREMENTS; SECURITY-CRITICAL;

NETWORK SECURITY;

EID: 18944394652     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-39878-3_10     Document Type: Article

References (31)

1. R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2001.
2. S. Anderson, S. Bologna, and M. Felici, editors. SAFECOMP 2002 - The 21st International Conference on Computer Safety, Reliability and Security, volume 2434 of Lecture Notes in Computer Science. Springer-Verlag, Berlin, 2002.
3. R. Bloomfield, D. Craigen, F. Koob, M. Ullmann, and S. Wittmann. Formal methods diffusion: Past lessons and future prospects. In F. Koornneef and M. van der Meulen, editors, Computer Safety, Reliability and Security 19th International Conference, SAFECOMP 2000, volume 1943 of Lecture Notes in Computer Science, pages 211-226, Rotterdam, The Netherlands, Oct. 2000.
4. M. Broy, F. Dederich, C. Dendorfer, M. Fuchs, T. Gritzner, and R. Weber. The design of distributed systems - an introduction to FOCUS. Technical Report TUM-I9202, Technische Universität München, 1992.
5. M. Broy and K. Stolen, editors. Specification and Development of Interactive Systems. Springer, 2001.
6. M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Proceedings of the Royal Society of London A, 426:233-271, 1989.
7. P. Daniel. Security of critical systems - management issues. In Critical Systems Conference 2001, Birmingham, 23rd-24th Oct. 2001. The Safety-Critical Systems Club and Software Reliability and Metrics Club.
8. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198-208, 1983.
9. E. Allen Emerson. Temporal and modal logic. In Jan van Leeuwen, editor, Handbook of Theoretical Computer Science, volume B, chapter 16, pages 995-1072. Elsevier Science Publishers, 1990.
10. R. Fredriksen, M. Kristiansen, B. Gran, K. Stolen, T. Opperud, and T. Dimitrakos. The CORAS framework for a model-based risk management process. In Anderson et al. [2], pages 94-105.
11. D. Gollmann. Computer Security. J. Wiley, 1999.
12. Johannes Grünbauer. Modellbasierte Sicherheitsanalyse einer Bankapplikation. Master's thesis, Technische Universität München, 2003.
13. Joshua D. Guttman. Security goals: Packet trajectories and strand spaces. Lecture Notes in Computer Science, 2171:197ff, 2001.
14. F. Huber, S. Molterer, A. Rausch, B. Schätz, M. Sihling, and O. Slotosch. Tool supported Specification and Simulation of Distributed Systems. In International Symposium on Software Engineering for Parallel and Distributed Systems, pages 155-164, 1998.
15. F. Huber, S. Molterer, B. Schätz, O. Slotosch, and A. Vilbig. Traffic Lights - An AutoFocus Case Study. In 1998 International Conference on Application of Concurrency to System Design, pages 282-294. IEEE Computer Society, 1998.
16. ITU. ITU-TS Recommendation Z.120: Message Sequence Chart (MSC). ITU-TS, Geneva, 1996.
17. J. Jürjens. Critical Systems Development with UML. In SAFECOMP 2002 - The 21st International Conference on Computer Safety, Reliability and Security, Catania, Italy, Sept. 9-13 2002. EWICS TC7. Half-day tutorial.
18. J. Jürjens. Secure Systems Development with UML. Springer-Verlag, Berlin, 2003. To be published.
19. Jan Jürjens and Guido Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In First IFIP conference on e-commerce, e-business, and e-government (I3E). Kluwer, 2001.
20. F. Koob, M. Ullmann, and S. Wittmann. The new topicality of using formal models of security policy within the security engineering process. In D. Hutter, W. Stephan, P. Traverso, and M. Ullmann, editors, Applied Formal Methods - FM-Trends 98, International Workshop on Current Trends in Applied Formal Method, volume 1641 of Lecture Notes in Computer Science, pages 302-310, Boppard, Germany, Oct. 7-9, 1998 1999. Springer-Verlag, Berlin.
21. K. Lano, D. Clark, and K. Androutsopoulos. Safety and security analysis of object-oriented models. In Anderson et al. [2].
22. G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. In Margaria and Steffen, editors, TACAS, volume 1055 of Lecture Notes in Computer Science, pages 147-166. Springer-Verlag, Berlin, 1996.
23. K. L. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, Boston, 1993.
24. John C. Mitchell, Vitaly Shmatikov, and Ulrich Stern. Finite-state analysis of ssl 3.0. In Seventh USENIX Security Symposium, pages 201-216, 1998.
25. Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1-2):85-128, 1998.
26. J. Philipps and O. Slotosch. The Quest for Correct Systems: Model Checking of Diagrams and Datatypes. In Asia Pacific Software Engineering Conference 1999, 1999.
27. T. Rottke, D. Hatebur, M. Heisel, and M. Heiner. A problem-oriented approach to common criteria certification. In Anderson et al. [2].
28. T. Santen, A. Pfitzmann, and M. Heisel. Specification and refinement of secure it-systems. In T. Muntean M. Butler, editor, International Workshop on Refinement of Critical Systems: Methods, Tools and Experience (RCS'2002), 2002.
29. O. Slotosch. Quest: Overview over the Project. In D. Hutter, W. Stephan, P Traverso, and M. Ullmann, editors, Applied Formal Methods - FM-Trends 98, pages 346-350. Springer LNCS 1641, 1998.
30. S. Thompson. Haskell: The Craft of Functional Programming. Addison-Wesley Longman, 1999.
31. Guido Wimmel and Alexander Wißpeintner. Extended Description Techniques for Security Engineering. In Trusted Information, the New Decade Challege. 16th International Conference on Information Security (IFIP/Sec), 2001.