Formal development of secure email

Author

Dan Zhou ; Kuo, J.C. ; Older, S. ; Chin, S.K.

Author_Institution

Dept. of Electr. & Comput. Eng., Syracuse Univ., NY, USA

Volume

Track3

fYear

1999

fDate

5-8 Jan. 1999

Abstract

Developing systems that are assured to be secure requires precise and accurate descriptions of specifications, designs, implementations, and security properties. Formal specification and verification have long been recognized as giving the highest degree of assurance. In this paper, we describe a software development process that integrates formal verification and synthesis. We demonstrate this process by developing assured sender and receiver C++ code for a secure electronic mail system, Privacy Enhanced Mail. We use higher-order logic for system-requirements specification, design specifications and design verification. We use a combination of higher-order logic and category theory and tools supporting these formalism to refine specifications and synthesize code. Much of our work is applicable to other secure email protocols, as our development is parameter used, component-based, and reusable.

Keywords

electronic mail; formal specification; formal verification; security of data; Privacy Enhanced Mail; assured receiver; assured sender; category theory; formal development; formal specification; formal verification; higher-order logic; secure electronic mail system; secure email; security properties; software development process; specifications; system-requirements specification; Computer applications; Contracts; Data security; Identity-based encryption; Logic; Postal services; Privacy; Protocols; Software engineering; Software systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Systems Sciences, 1999. HICSS-32. Proceedings of the 32nd Annual Hawaii International Conference on

Conference_Location

Maui, HI, USA

Print_ISBN

0-7695-0001-3

Type

conf

DOI

10.1109/HICSS.1999.772903

Filename

772903