Run-Time Security Traceability for Evolving Systems

Bauer, Andreas; Jürjens, Jan; Yu, Yijun

doi:10.1093/comjnl/bxq042

Cited by 10 publications

(2 citation statements)

References 65 publications

(91 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bauer et al [69] propose an approach for model-based security assurance that supports security verification at both levels: design and implementation. At the specification level, the design models are verified formally against high-level security requirements such as secrecy and authentication.…”

Section: Verification Of Security Requirementsmentioning

confidence: 99%

Specification, verification, and quantification of security in model-based systems

Ouchani

Debbabi

2015

Computing

View full text Add to dashboard Cite

Modern systems are more and more complex and security has become a key component in the success of software and systems development. The main challenge encountered in industry as well as in academia is to develop secure products, prove their security correctness, measure their resilience to attacks, and check if vulnerabilities exist. In this paper, we review the state-of-the-art related to security specification, verification, and quantification for software and systems that are modeled by using UML or SysML language. The reviewed work fall into the field of secure software and systems engineering that aims at fulfilling the security as an afterthought in the development of secure systems.

show abstract

Section: Verification Of Security Requirementsmentioning

confidence: 99%

Specification, verification, and quantification of security in model-based systems

Ouchani

Debbabi

2015

Computing

View full text Add to dashboard Cite

show abstract

“…Accordingly, this survey is oriented towards symbolic models, and just mentions the first attempts made in the direction of computational models [BCFZ08,BMU10,FKS11,KTG12]. There is still another approach that has been investigated by some researchers as a means for ensuring or verifying the correspondence between an abstract security protocol model and its implementation: runtime verification [Jür05,JYB08,PJ10,BJ10,BJY11]. According to this approach, the protocol model is formal and proved correct.…”

Section: Previewmentioning

confidence: 99%

Formal verification of security protocol implementations: a survey

2014

View full text Add to dashboard Cite

Automated formal verification of security protocols has been mostly focused on analyzing highlevel abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approach.

show abstract