Extended description techniques for security engineering

IFIP Advances in Information and Communication Technology

Volumn 65, Issue , 2002, Pages 469-485

  Wimmel, Guido ^a   Wisspeintner, Alexander ^a  

^a TECHNICAL UNIVERSITY OF MUNICH   (Germany)

Author keywords

Autofocus; Case; Design patterns; Formal methods; Graphical description techniques; Requirements engineering; Security engineering; Security patterns; Security properties; Software engineering; Uml rt

Indexed keywords

COMPUTER AIDED SOFTWARE ENGINEERING; FORMAL METHODS; REQUIREMENTS ENGINEERING; SECURITY OF DATA; SOFTWARE ENGINEERING;

AUTO-FOCUS; DESIGN PATTERNS; GRAPHICAL DESCRIPTION; SECURITY ENGINEERING; SECURITY PATTERNS; SECURITY PROPERTIES; UML-RT;

SECURITY SYSTEMS;

EID: 84883274584     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: None     Document Type: Conference Paper

References (24)

1. Bell, D. E. and LaPadula, L. (1973). Secure computer systems: Mathematical foundations and model. Technical Report M74-244, The MITRE Corp., Bedford MA.
2. Broy, M., Dederich, F., Dendorfer, C., Fuchs, M., Gritzner, T., and Weber, R. (1992). The Design of Distributed Systems-An Introduction to FOCUS. Technical Report TUM-I9202, Technische Univerität München.
3. Broy, M. and Slotosch, O. (1999). Enriching the Software Development Process by Formal Methods. In Current Trends in Applied Formal Methods 1998, pages 44-61.
4. Burrows, M., Abadi, M., and Needham, R. (1989). A logic of authentication. Proceedings of the Royal Society of London A, 426:233-271.
5. CEPSCO (2000). Common electronic purse specifications: Business requirements. Version 7.0, available from http://www.cepsco.com.
6. Common Criteria (1999). Common criteria for information technology security evaluation version 2.1. Technical report, Communications Security Establishment (Canada), Service Central de la Sécurité des Systèmes d'Information (France), Bundesamt für Sicherheit in der Informationstech-nik (Germany), Netherlands National Communications Security Agency, Communications-Electronics Security Group (United Kingdom), National Institute of Standards and Technology (United States), National Security Agency (United States).
7. Eckert, C. (1998). Sichere, verteilte Systeme - Konzepte, Modelle und Systemar-chitekturen. professorial thesis, Technische Universität München.
8. Goguen, J. A. and Meseguer, J. (1998). Security Policy and Security Models. In Proceedings of 1982 IEEE Symposium on Security and Privacy.
9. Gollmann, D. (1996). What do We Mean by Entity Authentication? In Proceedings of 1996 IEEE Symposium on Security and Privacy.
10. Huber, F., Molterer, S., Rausch, A., Schätz, B., Sihling, M., and Slotosch, O. (1998a). Tool supported Specification and Simulation of Distributed Systems. In International Symposium on Software Engineering for Parallel and Distributed Systems, pages 155-164.
11. Huber, F., Molterer, S., Schätz, B., Slotosch, O., and Vilbig, A. (1998b). Traffic Lights-An AutoFocus Case Study. In 1998 International Conference on Application of Concurrency to System Design, pages 282-294. IEEE Computer Society.
12. ITSEC (1990). ITSEC. Information Technology Security Evaluation Criteria- Harmonised Criteria of France, Germany, the Netherlands, the United Kingdom. Version 1.
13. ITU (1996). ITU-TS Recommendation Z. 120: Message Sequence Chart (MSC). ITU-TS, Geneva.
14. Jones, M. P. (August 1993). An Introduction to Gofer.
15. Jürjens, J. (2001). Towards Development of Secure Systems using UML. In FASE'01: Fundamental Approaches to Software Engineering. to appear.
16. Lotz, V. (2000). Formally Defining Security Properties with Relations on Streams. In Schneider, S. and Ryan, P., editors, Electronic Notes in Theoretical Computer Science, volume 32. Elsevier Science Publishers.
17. Lowe, G. (1996). Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. In Margaria and Steffen, editors, TACAS, volume 1055 of lncs, pages 147-166. sv.
18. Paulson, L. C. (1998). The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1-2):85-128.
19. Philipps, J. and Slotosch, O. (1999). The Quest for Correct Systems: Model Checking of Diagramms and Datatypes. In Asia Pacific Software Engineering Conference 1999.
20. Slotosch, O. (1998). Quest: Overview over the Project. In Hutter, D., Stephan, W., Traverso, P., and Ullmann, M., editors, Applied Formal Methods-FM-Trends 98, pages 346-350. Springer LNCS 1641.
21. Thayer, F., Herzog, J. C., and Guttman, J. D. (1998). Strand Spaces: Why is a security protocol correct? In Proceedings of 1998 IEEE Symposium on Security and Privacy.
22. Thompson, S. (1999). Haskell: The Craft of Functional Programming. Addison-Wesley Longman.
23. Wimmel, G., Lötzbeyer, H., Pretschner, A., and Slotosch, O. (2000). Specification Based Test Sequence Generation with Propositional Logic. Journal on Software Testing Verification and Reliability, 10:229-248.
24. Wimmel, G. and Wisspeintner, A. (2000). The Needham-Schroeder Protocol- an AutoFocus Case Study. Internal report, Technische Universität München.