Integrated Specification and Verification of Security Protocols and Policies

Frau, Simone; Torabi-Dashti, Mohammad

doi:10.1109/csf.2011.9

Cited by 7 publications

(6 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Here, we extend our previous results [21] in two directions: (1) We have negative statements in guards, and we allow the policy statements to be retracted from the extensional policies of the processes. The negative guards and the retraction of policy statements enable us to naturally model non-monotonic behaviors, such as revocation of rights.…”

Section: Related Workmentioning

confidence: 77%

“…We discuss, within an example, how our decision algorithm can help policy writers to detect these situations; see § 2.3. (2) We give a decision algorithm for a rich set of policies, which strictly subsumes the type-1 policy theories of [21]. For instance, transitive policy rules (see § 2.1), which are not permitted in type-1 theories, can be analyzed using our decision algorithm.…”

Section: Related Workmentioning

confidence: 99%

“…We define a formal language for specifying communicating authorization policies, and give an algorithm for deciding reachability for a large class of such policies. This builds upon the previous work on analyzing securitysensitive distributed services [8,21], and the formalisms of [20,26].…”

Section: Introductionmentioning

confidence: 98%

See 2 more Smart Citations

Analysis of Communicating Authorization Policies

Frau

Dashti

2013

Security and Trust Management

Self Cite

View full text Add to dashboard Cite

Abstract. We present a formal language for specifying distributed authorization policies that communicate through insecure asynchronous media. The language allows us to write declarative authorization policies; the interface between policy decisions and communication events can be specified using guards and policy updates. The attacker, who controls the communication media, is modeled as a message deduction engine. We give trace semantics to communicating authorization policies, and formulate a generic reachability problem. We show that the reachability problem is decidable for a large class of practically-relevant policies specified in our formal language.

show abstract

Section: Related Workmentioning

confidence: 77%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of Communicating Authorization Policies

Frau

Dashti

2013

Security and Trust Management

Self Cite

View full text Add to dashboard Cite

show abstract

“…To our knowledge no work has previously considered the automatic orchestration of security services with policies altogether as ours. However there are some interesting related attempts to analyze security protocols and trust management [17,11]. In [17] the author uniformly models security protocols and access control based on trust management.…”

Section: Contextmentioning

confidence: 99%

“…We also consider an integrated framework for protocols and policies but in our case i) policies can be explicitly negative such as non-disclosure policies and separation-of-duty ii) we propose a decision procedure for the related trust negotiation problem iii) we do not consider indistinguishability properties. In [11] security protocols are combined with authorization logics that can be expressed with acyclic Horn clauses. The authors encode the derivation of authorization predicates (for a service) as subprotocols and can reuse in that way the constraint solving algorithm from [19] to obtain a decision procedure.…”

Section: Contextmentioning

confidence: 99%

Intruder deducibility constraints with negation. Decidability and application to secured service compositions

Avanesov

Chevalier

Rusinowitch

et al. 2017

Journal of Symbolic Computation

View full text Add to dashboard Cite

Abstract:The problem of finding a mediator to compose secured services has been reduced in our former work to the problem of solving deducibility constraints similar to those employed for cryptographic protocol analysis. We extend in this paper the mediator synthesis procedure by a construction for expressing that some data is not accessible to the mediator. Then we give a decision procedure for verifying that a mediator satisfying this non-disclosure policy can be effectively synthesized. This procedure has been implemented in CL-AtSe, our protocol analysis tool. The procedure extends constraint solving for cryptographic protocol analysis in a significative way as it is able to handle negative deducibility constraints without restriction. In particular it applies to all subterm convergent theories and therefore covers several interesting theories in formal security analysis including encryption, hashing, signature and pairing.

show abstract

A systematic literature review of the use of formal methods in medical software systems

Bonfanti

Gargantini

Mashkoor

2018

J Software Evolu Process

View full text Add to dashboard Cite

The use of formal methods is often recommended to guarantee the provision of necessary services and to assess the correctness of critical properties, such as functional safety, cybersecurity, and reliability, in medical and health care devices. In the past, several formal and rigorous methods have been proposed and consequently applied for trustworthy development of medical software and systems. In this paper, we perform a systematic literature review on the available state of the art in this domain. We collect the relevant literature on the use of formal methods for modeling, design, development, verification, and validation of software-intensive medical systems. We apply standard systematic literature review techniques and run several queries in well-known repositories to obtain information that can be useful for people who are either already working in this field or planning to start. Our study covers both quantitative and qualitative aspects of the subject. KEYWORDSformal methods, systematic literature review, medical device software INTRODUCTIONIn modern medical devices, human safety depends upon the correct operation of software controlling the device: Software malfunctioning can cause injuries to, or even the death of, patients. A crucial issue is how to guarantee that medical software has all the qualities (eg, safety, security, and dependability) expected for critical components. One way to improve and assess software quality, as suggested by literature, 1-3 is to use formal methods or in general rigorous methods for design, validation, and verification of medical software. Some processes for improvement of medical standards, based on formal approaches, have already been proposed, 4-6 although their adoption in industrial applications is rather limited.The overall aim of this paper is twofold: (1) to provide guidance to researchers starting to work on this topic and (2) to assess the state of the art that is more useful for researchers already working on this subject. We have applied a systematic literature review (SLR) process to the topic of rigorous methods for designing and validation of medical software and systems by following the guidelines presented in literature 7-9 with slight improvements such as a wider range of repositories is queried for information retrieval and the subject is covered from both quantitative and qualitative aspects. Through this analysis, we give an overview of the research literature about formal methods applications to model, to verify, and to validate medical systems. Moreover, we include processes and tools that translate models written using formal languages in machine code. We would like to underline that the SLR carried out in this work considers only formal methods applied to medical device/software. Other processes applied to medical device/software are outside of our goal (eg, code implementation, testing, 8 and hardware configuration).The goals of our SLR are (1) to gather a sufficient number of relevant articles, (2) to perform a series of analyses, and (3) to p...

show abstract

Integrated Specification and Verification of Security Protocols and Policies

Cited by 7 publications

References 18 publications

Analysis of Communicating Authorization Policies

Analysis of Communicating Authorization Policies

Intruder deducibility constraints with negation. Decidability and application to secured service compositions

A systematic literature review of the use of formal methods in medical software systems

Contact Info

Product

Resources

About