A symbiotic relationship between formal methods and security

Proceedings - Computer Security, Dependability, and Assurance: From Needs to Solutions, CSDA 1998

Volumn 1998-November, Issue , 1998, Pages 26-38

  Wing, J M ^a  

^a Carnegie Mellon University ^*  (United States)

Author keywords

[No Author keywords available]

Indexed keywords

MODEL CHECKING; SECURITY OF DATA; SECURITY SYSTEMS;

AUTHENTICATION PROTOCOLS; PROTOCOL LEVEL; SECURE SYSTEM; SYMBIOTIC RELATIONSHIP;

FORMAL METHODS;

EID: 85047929615     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSDA.1998.798355     Document Type: Conference Paper

References (39)

1. M. Abadi and M. Tuttle. A semantics for a logic of authentication. In Proceeding. of the 10th ACM Symposium on Principles of Distributed Computing pages 201-216, August 1991
2. E. Amoroso. Fundamentals of Computer Security Technology. AT&T Bel] Laboratories, 1994.
3. D. Bell and L. LaPadula-Secure computer svstems: Mathematical foundations. Technical Report ESD-TR-73-278, The MITRE Corporation, Bedford, MA, 1973.
4. W. R. Bevier, W. A. Hunt, Jr., J S. Moore, and W. D. Young. An approach to systems verification. Journal of Automated Reasoning, 5: 411-428, 1989. See also three other articles in the same issue by Young, Moore, and Hunt.
5. K. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, The MITRE Corporation, Bedford, MA, 1975.
6. D. Bolignano. An approach to the formal verification of cryptographic protocols. In Proceedings of the Third ACM Conference on Computer and Communications Securi/y, pages 106-118. ACM Press, 1996.
7. D. Bolignano. Towards the formal verification of electronic commerce protocols. In Proceedings of the Tenth IEEE Computer Security Foundations Workshop, June 1997.
8. K. Boyer and J. Moore. A Computational Logic. ACM monograph series. Academic Press, New York, 1979.
9. M. Burrows, M, Abadi, and R. Needham. A Logic of Authentication. ACM Transactions on Computer Systems, 8(1): 18-36, February 1990.
10. National Computer Security Center. Department of Defense Trusted Computer Security Evaluation Criteria. Technical Report DoD 5200, 28-STD, NCSC, 1985.
11. D. Clark and D. Wilson. A comparison of commercial and military computer security policies. In IEEE Symposium on Security and Privacy, L987.
12. Computer Emergency Response Team Coordination Center Staff. Security of the internet. In Encyclopedia of Telecommunications, 1997.
13. D. Craigen and K. Summerskill. Format Methods for Trustworthy Computer Systems (FM89). Springer-Verlag, 1990. Workshops in Computing Series.
14. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2): 198-208, March 1989.
15. B. Dutertre and S. Schneider. Using a PVS embedding of CSP to verify authentication protocols. In Theorem Proving in Higher Order Logics, pages 121-136, August 1997. LNCS 1275.
16. L. Gong, R. Needham, and R. Yahalom. Reasoning about belief in cryptographic protocols. In Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, pages 234-248, May 1990.
17. B. Guha and B. Mukherjee. Network security via reverse engineering of TCP code: Vulnerability analysis and proposed solutions. In Proc. IEEE Infocom'96, pages 603-610, San Francisco, CA, March 1996.
18. N, Heintze and J. Tygar, A model for secure protocols and their compositions. IEEE Transactions on Software Engineering, 22(l): 16-30, January 1996.
19. N. Heintze, J. Tygar, J. Wing, and H. Wong. Model checking electronic commerce protocols. In Proceedings of the Second USENIX Workshop in Electronic Commerce, pages 147-164, November 1996.
20. N. Heintze and J. M. Wing. Proceedings of the workshop on formal methods and security protocols, URL: http://cm. Vjen'iaV. s. com/cm/cs/who/och/fmsp/index. html1 June L998.
21. IBM. IBM Coprocessor First to Earn Highest Security Validation, http://www. ibm, com/security/cryptocards/html/pr -fips. html.
22. R. Kemmerer, C, Meadows, and J. Millen. Three systems for cryptographic protocol analysis. Journal of Cryptology, 7(2): 79-l3Q, 1994.
23. R. A. Kemmerer. Verification assessment study final report. Technical Report C3-CRG1-86, National Computer Security Center, Ft. George G. Meade, MD, March 1986. Five volumes.
24. V. Kessler and G. WedeL AUTLOG-an advanced Logic of authentication. In Proceedings of (he Computer Security Foundations Workshop VII, pages 90-99. IEEE Comput. Soc, June 1994.
25. D. Kindred and J. Wing. Fast, automatic checking of security protocols. In USENIX 2nd Workshop on Electronic Commerce, 1996.
26. B. Lampson. Protection. In Proceedings of the Fifth Princeton Symposium on Information Sciences and Systems, 1971. Reprinted in ACMU Operating Systems Revieus Vol. S, 1974.
27. G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR, In Tools and Algorithms for the Construction and Analysis of SystemSj volume 1055 of Lecture Notes in Computer Science, pages 147-166. Springer-Veriag 1996.
28. Will Marrero, Edmund Clarke, and Somesh Jha. A model checker for authentication protocols. In Proc. of the DIM ACS Workshop on Design and Formal Verification of Security Protocols. DlMACS Rutgers University, September 1997.
29. J. McLean. A Comment on the Basic Security Theorem of Bell and LaPadula. Information Processing Letters, 20, 1985
30. C. Meadows. Applying formal methods to the analysis of a key management protocol. Journal of Computer Security, 1: 5-53, 1992.
31. C-Meadows. Analysis of the Internet Key Exchange Protocol Using the NRL Protocol Analyzer, submitted to 1999 Security and Privacy, 1998.
32. J. K. Milieu, S. C. Clark, and S. B. Freedman. The Interrogator; Protocol Security Analysis. IEEE Trans, on Soft. Eng., 13(2), February 1987.
33. J. Mitchell, M, Mitchell, and U. Stern, Automated Analysis of Cryptographic Protocols Using Murphi. In Proceedings of the IEEE Conference on Sectiirty and Privacy, pages 141-151, 1997.
34. A. Myers. J Flow: Practical Static Information Flow Control. In Proceedings of the 26lh ACM Symposium on Principles of Programming Languages January 1999.
35. G. Kecula and P. Lee, Safe Kernel Extensions Without Run-Time Checking. In Pvoc. of Second Symp. on Operations Systems Design and Implementation, October 1996.
36. Lawrence C. Paulson, Proving properties of security protocols by induction. Technical report, University of Cambridge, December 1996.
37. A Rubin and P Honevman. Formal methods for the analysis of authentication protocols. Technical Report 93-97, C1TI, November 1993.
38. P. Syverson and P. van Oorschot. On unifying some cryptographic protocol logics. In Proceedings of the 1994 IEEE Computer Society Symposium on Research in Security and Privacy. IEEE Computer Society Press, May L994.
39. T. Woo and S. Lam. A semantic model for authentication protocols. In Proceedings of the IEEE Symposium on Research in Security and Privacy, 1993.