Generating formal specifications for security-critical applications - A model-driven approach

Author

Moebius, Nina ; Stenzel, Kurt ; Reif, Wolfgang

Author_Institution

Dept. of Software Eng. & Programming Languages, Univ. Augsburg, Augsburg

fYear

2009

fDate

19-19 May 2009

Firstpage

68

Lastpage

74

Abstract

The SecureMDD approach aims to generate both, a formal specification for verification and executable code, from UML diagrams. The UML models define the static as well as dynamic components of the system under development. This model-driven approach is focused on security-critical applications that are based on cryptographic protocols, especially Java Card applications. In this paper we describe the generation of the formal specification from the UML model which is then used as input for our interactive verification system KIV. The formal specification is based on abstract state machines and algebraic specifications. It allows to formulate and to prove application-specific security properties.

Keywords

Java; Unified Modeling Language; algebraic specification; cryptographic protocols; object-oriented programming; program compilers; program verification; Java Card application; KIV interactive verification system; SecureMDD approach; UML diagram; abstract state machine; algebraic specification; code verification; cryptographic protocol; formal specification; model-driven approach; security-critical application; unified modeling language; Application software; Computer languages; Computer science; Cryptographic protocols; Formal specifications; Java; Object oriented modeling; Security; Software engineering; Unified modeling language;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Engineering for Secure Systems, 2009. SESS '09. ICSE Workshop on

Conference_Location

Vancouver, BC

Print_ISBN

978-1-4244-3725-2

Type

conf

DOI

10.1109/IWSESS.2009.5068461

Filename

5068461