Compositional verification of application-level security properties

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7781 LNCS, Issue , 2013, Pages 75-90

  Gunawan, Linda Ariani ^a   Herrmann, Peter ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID APPLICATIONS; AUTOMATIC MODELING; COMPOSITIONAL VERIFICATION; FUNCTIONAL BEHAVIORS; MODEL-BASED ENGINEERING; REAL-LIFE APPLICATIONS; SECURITY PROPERTIES; SECURITY REQUIREMENTS;

ARTIFICIAL INTELLIGENCE; COMPUTER SCIENCE; COMPUTERS;

MODEL CHECKING;

EID: 84893126507     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-36563-8_6     Document Type: Conference Paper

References (32)

1. Iyer, R.K., Chen, S., Xu, J., Kalbarczyk, Z.: Security Vulnerabilities-from Data Analysis to Protection Mechanisms. In: Proceedings of the Ninth IEEE International Workshop on Object-Oriented Real-Time Dependable Systems, WORDS 2003, pp. 331-338 (2003)
2. Kraemer, F.A.: Engineering Reactive Systems: A Compositional and Model-Driven Method Based on Collaborative Building Blocks. PhD thesis, Norwegian University of Science and Technology (August 2008)
3. Kraemer, F.A., Slåtten, V., Herrmann, P.: Tool Support for the Rapid Composition, Analysis and Implementation of Reactive Services. Journal of Systems and Software 82(12), 2068-2080 (2009)
4. Gunawan, L.A., Herrmann, P., Kraemer, F.A.: Towards the Integration of Security Aspects into System Development Using Collaboration-Oriented Models. In: Ślezak, D., Kim, T.-H., Fang, W.-C., Arnett, K.P. (eds.) SecTech 2009. CCIS, vol. 58, pp. 72-85. Springer, Heidelberg (2009)
5. Kraemer, F.A., Herrmann, P.: Reactive Semantics for Distributed UML Activities. In: Hatcliff, J., Zucca, E. (eds.) FMOODS/FORTE 2010, Part II. LNCS, vol. 6117, pp. 17-31. Springer, Heidelberg (2010)
6. Gunawan, L.A., Kraemer, F.A., Herrmann, P.: A Tool-Supported Method for the Design and Implementation of Secure Distributed Applications. In: Erlingsson, Ú ., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 142-155. Springer, Heidelberg (2011)
7. McMillan, K.L.: Symbolic Model Checking: an Approach to the State Explosion Problem. PhD thesis, Carnegie Mellon University, Pittsburgh, PA, USA (1992)
8. Davis, A.M.: Software Requirements: Objects, Functions and States, 2nd edn. Prentice-Hall, Inc., Upper Saddle River (1993)
9. Slåtten, V., Kraemer, F.A., Herrmann, P.: Towards Automatic Generation of Formal Specifications to Validate and Verify Reliable Distributed Systems: A Method Exemplified by an Industrial Case Study. In: Proceedings of the 10th ACM International Conference on Generative Programming and Component Engineering, pp. 147-156. ACM, New York (2011)
10. Object Management Group: Unified Modeling Language: Superstructure, version 2.3 (May 2010) (formal/2010-05-05)
11. Kraemer, F.A., Herrmann, P.: Automated Encapsulation of UML Activities for Incremental Development and Verification. In: Schürr,A., Selic, B. (eds.)MODELS 2009. LNCS, vol. 5795, pp. 571-585. Springer, Heidelberg (2009)
12. Slåtten, V., Herrmann, P.: Contracts for Multi-instance UML Activities. In: Bruni, R., Dingel, J. (eds.) FMOODS/FORTE 2011. LNCS, vol. 6722, pp. 304-318. Springer, Heidelberg (2011)
13. Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley Professional (2002)
14. Yu, Y., Manolios, P., Lamport, L.: Model Checking TLA+ Specifications. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 54-66. Springer, Heidelberg (1999)
15. Herrmann, P., Krumm, H.: A Framework for Modeling Transfer Protocols. Computer Networks 34(2), 317-337 (2000)
16. Abadi, M., Lamport, L.: The Existence of Refinement Mappings. Theoretical Computer Science 82(2), 253-284 (1991)
17. Jürjens, J.: Secure System Development with UML. Springer (2005)
18. Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: From UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39-91 (2006)
19. Doan, T., Demurjian, S., Ting, T.C., Ketterl, A.: MAC and UML for Secure Software Design. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, pp. 75-85. ACM, New York (2004)
20. Georg, G., Ray, I., Anastasakis, K., Bordbar, B., Toahchoodee, M., Houmb, S.H.: An Aspect-Oriented Methodology for Designing Secure Applications. Information and Software Technology 51(5), 846-864 (2009); Special Issue: Model-Driven Development for Secure Information Systems
21. Mouheb, D., Talhi, C., Nouh, M., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML. In: Lee, R., Ormandjieva, O., Abran, A., Constantinides, C. (eds.) SERA 2010. SCI, vol. 296, pp. 197-213. Springer, Heidelberg (2010)
22. Jürjens, J., Houmb, S.H.: Dynamic Secure Aspect Modeling with UML: From Models to Code. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 142-155. Springer, Heidelberg (2005)
23. Jézéquel, J.M.: Model Driven Design and Aspect Weaving. Software and System Modeling 7(2), 209-218 (2008)
24. Lund, M.S., Solhaug, B., St?len, K.: Model-Driven Risk Analysis-The CORAS Approach. Springer (2011)
25. Moebius, N., Stenzel, K., Reif, W.: Formal Verification of Application-Specific Security Properties in a Model-Driven Approach. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 166-181. Springer, Heidelberg (2010)
26. Moebius, N., Stenzel, K., Borek, M., Reif, W.: Incremental Development of Large, Secure Smart Card Applications. In: Proceedings of the 1st Model-Driven Security Workshop, MDSec 2012 (to appear, 2012)
27. Yi, D., Wang, J., Tsai, J.J., Beznosov, K.: An Approach for Modeling and Analysis of Security System Architectures. IEEE Transactions on Knowledge and Data Engineering 15(5), 1099-1119 (2003)
28. Khan, K., Han, J., Zheng, Y.: A Framework for an Active Interface to Characterise Compositional Security Contracts of Software Components. In: Proceedings of the 2001 Australian Software Engineering Conference, pp. 117-126 (2001)
29. Herrmann, P.: Information Flow Analysis of Component-Structured Applications. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC), pp. 45-54. ACM SIGSAC, IEEE Computer Society Press, New Orleans (2001)
30. Mantel, H.: On the Composition of Secure Systems. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 88-101. IEEE Computer Society (May 2002)
31. Bartoletti, M., Degano, P., Ferrari, G.L.: Security Issues in Service Composition. In: Gorrieri, R., Wehrheim, H. (eds.) FMOODS 2006. LNCS, vol. 4037, pp. 1-16. Springer, Heidelberg (2006)
32. Vasilevskaya, M., Gunawan, L.A., Nadjm-Tehrani, S., Herrmann, P.: Security Asset Elicitation for Collaborative Models. In: Proceedings of the 1st Model-Driven Security Workshop, MDSec 2012 (to appear, 2012)