A Z Based Approach to Verifying Security Protocols

Long, Benjamin W.; Fidge, Colin; Cerone, Antonio

doi:10.1007/978-3-540-39893-6_22

Cited by 5 publications

(6 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on the informal description of the protocol in Section 3 and our previous work on modelling protocols [15,16], we now specify this protocol in Object-Z.…”

Section: Specifying the Protocol In Object-zmentioning

confidence: 99%

See 1 more Smart Citation

Formally analysing a security protocol for replay attacks

Long

Fidge

2006

Australian Software Engineering Conference (ASWEC'06)

View full text Add to dashboard Cite

show abstract

“…Based on the informal description of the protocol in Section 3 and our previous work on modelling protocols [15,16], we now specify this protocol in Object-Z.…”

Section: Specifying the Protocol In Object-zmentioning

confidence: 99%

“…Previously, we demonstrated the value of using the Z and Object-Z formal specification languages for verifying attacks on security protocols due to the expressive nature of these notations [15,16]. More recently, Smith and Wildman [25] showed how Z specifications can be analysed using the SAL model checker.…”

Section: Introductionmentioning

confidence: 99%

Formally analysing a security protocol for replay attacks

Long

Fidge

2006

Australian Software Engineering Conference (ASWEC'06)

View full text Add to dashboard Cite

show abstract

“…The InTransit state schema holds the value of the message currently in transit. This is sufficient to model a single instance of a protocol consisting of sequential steps [16]. …”

Section: Knowledge and Statementioning

confidence: 99%

“…Therefore, it would be convenient to provide a verification process for security protocols where analyses are carried out with respect to certain implementation assumptions that can be enforced in the overall development process. Attempts to apply formal verification to security protocols using formal state-based development methods such as Z [6,16], B [9], VDM, and Ina Jo [15] are rare and have not analysed protocols with complex message formats susceptible to implementation-dependent attacks. We have already demonstrated the value of a Z based approach for formal verification of security protocols [16].…”

Section: Introductionmentioning

confidence: 99%

“…Attempts to apply formal verification to security protocols using formal state-based development methods such as Z [6,16], B [9], VDM, and Ina Jo [15] are rare and have not analysed protocols with complex message formats susceptible to implementation-dependent attacks. We have already demonstrated the value of a Z based approach for formal verification of security protocols [16]. However, our abstract model did not cater for verification of implementation-dependent attacks such as type flaw attacks, which require messages to be interpreted in more than one way.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Formal verification of type flaw attacks in security protocols

Long

Tenth Asia-Pacific Software Engineering Conference, 2003.

View full text Add to dashboard Cite

Security protocols are often modelled at a high level of abstraction, potentially overlooking implementationdependent vulnerabilities. Here we use the Z specification language's rich set of data structures to formally model potentially ambiguous messages that may be exploited in a 'type flaw' attack. We then show how to formally verify whether or not such an attack is actually possible in a particular protocol using Z's schema calculus.

show abstract

Access Control Framework for Secure Network Computing Environment

Singh

Patterh

2008

2008 32nd Annual IEEE International Computer Software and Applications Conference

View full text Add to dashboard Cite

This paper demonstrates the use of formal methods for to design a formal specification framework corresponding to the security model defined for network system and its operating environment. The formal specification language used for developing the framework is Z formal specification notation By using Z notation the level of complexity was controlled to provide a simplified exposition of integrated rules, without allowing the formal notation to add to the complexity.

show abstract

A Z Based Approach to Verifying Security Protocols

Cited by 5 publications

References 19 publications

Formally analysing a security protocol for replay attacks

Formally analysing a security protocol for replay attacks

Formal verification of type flaw attacks in security protocols

Access Control Framework for Secure Network Computing Environment

Contact Info

Product

Resources

About