Integrating Formal Methods with Model-Driven Engineering

Gargantini, Angelo; Riccobene, Elvinia; Scandurra, Patrizia

doi:10.1109/icsea.2009.22

Cited by 3 publications

(1 citation statement)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although it is recognized that the security of cryptographic primitives is guaranteed by the use of state-of-the-art cryptographic algorithms (such as the Rivest-Shamir-Adleman (RSA) public key cryptosystem and Secure Hash Algorithm 2 (SHA-2), the security of the remaining aspects must be carefully analysed [13]. Thus, to develop highintegrity systems in which security attributes are important, the researcher needs to prove the defined secrecy features formally [14], [15]. Indeed, a formal method approach assists designers and users to analyse and verify the proposed system at any point in the system life cycle [16].…”

Section: Introductionmentioning

confidence: 99%

A Secure Protocol for Remote-Code Integrity Attestation of Embedded Systems: The CSP Approach

Al-Wosabi

Shukur

2019

IEEE Access

View full text Add to dashboard Cite

No doubt, a person of modern society relying on Embedded Systems (ESs) has increased rapidly and the era of digital machines is gaining popularity among users and also systems providers. At the same time, such instruments face substantial security challenges because they usually operate in a physically unprotected environment, and thus attract the attackers to gain unauthorized access for utilizing the system functions. Accordingly, system integrity is important and hence there is a need to propose a technique/tool to verify that the original/pure systems codes have been used in those devices. In this research, our main objective is to design a system architecture with a secure communication for code integrity attestation of an ES. Indeed, the study presents the proposed system architecture for ESs integrity attestation which includes two main phases: fetching an ES code at a server site and examining the ES at a remote site (using a designed user application). Essentially, the hash function (SHA-2) with a random key to calculate a unique digest value for a targeted system have been utilized. Also, the study used timestamps and nonce values, two secure keys, and public key algorithm to design a secure protocol in-order to prevent potential attacks during data and the associated values transfer between the server and the remote user application. As many researchers state that the formal methods are very precise and accurate for presenting system specifications; this study modeled and analyzed the proposed attestation protocol using the Communicating Sequential Processes (CSP) formal method approach. Besides, the Compiler for the Analysis of Security Protocols (Casper) has been used to translate the protocol description into the corresponding process algebra CSP model. Then, the researcher used the Failures Divergences Refinement (FDR) to evaluate the proposed protocol. Those formal method tools are considered as a reliable verification measurement in-order to figure-out potential flaws and correct them. Overall, the final output of checking all the defined secrecy and authentication assertions using FDR 4.2.0, and thus all the secrecy and authentication specifications defined in the developed Casper script are passed.INDEX TERMS Embedded systems, code integrity, code integrity attestation, software tampering, tampering detection, CSP formal method approach, FDR, Casper.

show abstract

Section: Introductionmentioning

confidence: 99%