Title :
Formal development of secure email
Author :
Dan Zhou ; Kuo, J.C. ; Older, S. ; Chin, S.K.
Author_Institution :
Dept. of Electr. & Comput. Eng., Syracuse Univ., NY, USA
Abstract :
Developing systems that are assured to be secure requires precise and accurate descriptions of specifications, designs, implementations, and security properties. Formal specification and verification have long been recognized as giving the highest degree of assurance. In this paper, we describe a software development process that integrates formal verification and synthesis. We demonstrate this process by developing assured sender and receiver C++ code for a secure electronic mail system, Privacy Enhanced Mail. We use higher-order logic for system-requirements specification, design specifications and design verification. We use a combination of higher-order logic and category theory and tools supporting these formalism to refine specifications and synthesize code. Much of our work is applicable to other secure email protocols, as our development is parameter used, component-based, and reusable.
Keywords :
electronic mail; formal specification; formal verification; security of data; Privacy Enhanced Mail; assured receiver; assured sender; category theory; formal development; formal specification; formal verification; higher-order logic; secure electronic mail system; secure email; security properties; software development process; specifications; system-requirements specification; Computer applications; Contracts; Data security; Identity-based encryption; Logic; Postal services; Privacy; Protocols; Software engineering; Software systems;
Conference_Titel :
Systems Sciences, 1999. HICSS-32. Proceedings of the 32nd Annual Hawaii International Conference on
Conference_Location :
Maui, HI, USA
Print_ISBN :
0-7695-0001-3
DOI :
10.1109/HICSS.1999.772903
