Abstract
SERENITY S&D Classes as well as S&D Patterns specify the security properties they provide. In order for a system designer to select the correct class and pattern, the security property specification must be both unambiguous and intuitive. Furthermore, in case no class or pattern can be found that provides the exact property desired by the system designer, classes and patterns providing stronger properties will also serve his/her needs. Hence there is the necessity to be able to find and prove relations between properties. In this chapter we introduce the SERENITY approach for the specification of S&D properties that are both intuitively understandable and based on a formal semantics that allows to prove relations between properties. In fact, we use two different languages: the Operational S&D Properties Language, and the Formal S&D Properties Language.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barras B, Boutin S, Cornes C, Courant J, Filliatre J, Giménez E, Herbelin H, Huet G, noz CM, Murthy C, Parent C, Paulin C, Saïbi A, Werner B (1997) The Coq Proof Assistant Reference Manual – Version V6.1. Tech. Rep. 0203, INRIA
Bellare M, Canetti R, Krawczyk H (1998) A modular approach to the design and analysis of authentication and key exchange protocols. In: 30th Annual Symposium on the Theory of Computing, ACM
Bossi A, Focardi R, Piazza C, Rossi S (2004) Verifying Persistent Security Properties. Computer Languages, Systems and Structures 30:231–258
Boyd C (1993) Security Architectures Using Formal Methods. IEEE Journal on Selected Areas in Communication 11(5)
Burrows M, Abadi M, Needham R (1990) A Logic of Authentication. ACM Transactions on Computer Systems 8
Cohen M, Dam M (2005) Logical Omniscience in the Semantics of BAN Logics. In: Foundations of Computer Security FCS'05, pp 121–132
Cortier V, Rusinowitch M, Zalinescu E (2005) Relating two standard notions of secrecy. In: Computer Science Logic, Szeged (Hungary), pp 25–19
Dolinar K, Fuchs A, Gürgens S, Rudolph C (2008) SERENITY Project, A3 Deliverable – A3.D2.2 S&D requirements for networks and devices. EU IST IP 6th Framework Programme SERENITY 27587
Eilenberg S (1974) Automata, Languages and Machines. Academic Press, New York
Evans N (2001) A practical introduction to using CSP and PVS to prove authentication properties of security protocols. In: Proceedings of Verify 2001, Lecture Notes in Computer Science
Focardi R (1996) Comparing Two Information Flow Security Properties. In: Proceedings of the 9 Computer Security Foundations Workshop, IEEE Computer Society
Focardi R, Gorrieri R (2001) Classification of Security Properties. Part I: Information Flow. In Foundations of Security Analysis and Design (RFocardi, RGorrieri eds) LNCS 2171:331–396
Focardi R, Gorrieri R, Panini V (1995) The Security Checker: a Semantics-based Tool for the Verification of Security Properties. In: Ed LG (ed) Proceedings of Eighth IEEE Computer Security Foundations Workshop (CSFW'95), IEEE Press, Kenmare (Ireland), pp 60–69
Focardi R, Gorrieri R, Martinelli F (2003) A Comparison of Three Authentication Properties. Theoretical Computer Science 291(3):219–388
Focardi R, Gorrieri R, Martinelli F (2004) Classification of Security Properties (Part II: Network Security). Lecture notes in computer science
Gürgens S, Ochsenschläger P, Rudolph C (2005) On a formal framework for security properties. International Computer Standards & Interface Journal (CSI), Special issue on formal methods, techniques and tools for secure and reliable applications 27(5):457–466
Hoare C (1985) Communicating Sequential Process. London: Prentice-Hall International, UK, LTD.
ISO/IEC (1996) ISO/IEC 14977 Information technology – Syntactic metalanguage – Extended BNF
Jacob J (1988) Security Specifications. In: Proceedings of the 1988 IEEE Symposium on Research in Security arid Privacy, IEEE Press
Lowe G (1997) A hierarchy of authentication specifications. In: Proceedings of the 10th IEEE Computer Security Foundations Workshop (CSFW'97), IEEE Society Press, pp 31–43
Mantel H (2000) Possibilistic Definitions of Security – an Assembly Kit. In: Proceedings of the IEEE Computer Security Foundations Workshop, pp 185–199
McLean J (1994) A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions. In: Proceedings of the 1994 IEEE Symposium on Security and Privacy, IEEE Press
Menezes A, van Oorschot P, Vanstone S (1996) Handbook of Applied Cryptography. CRC Press
Pujol G, et al (2008) SERENITY Project, A5 Deliverable – A5.D3.2 Security Properties Specification Language (final version) and Property Reasoning Mechanisms. EU IST IP 6th Framework Programme SERENITY 27587
Schneider S (1996) Security properties and CSP. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Press
Zakinthinos A, Lee E (1997) A General Theory of Security Properties. In: Proceedings of the 18th IEEE Computer Society Symposium on Research in Security and Privacy
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag US
About this chapter
Cite this chapter
Gürgens, S., Pujol, G. (2009). Specification of Security and Dependability Properties. In: Kokolakis, S., Gómez, A., Spanoudakis, G. (eds) Security and Dependability for Ambient Intelligence. Advances in Information Security, vol 45. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88775-3_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-88775-3_4
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88774-6
Online ISBN: 978-0-387-88775-3
eBook Packages: Computer ScienceComputer Science (R0)