Formalization of security properties using VDM-SL

Software security is a thought-provoking issue for open and distributed systems. Regardless of the importance of outer securities of software systems, internal security has substantial impact on the entire security of the software systems. In this paper, internal security problems of software systems are focused. Internal security of software is described in terms of some security properties: authentication, authorization, integrity, confidentiality, resource availability and non-repudiation. These properties are integrated among each other to form the total internal security of software systems. There is a need for the unambiguous and accurate representation of the said security properties for ensuring secure system. There are a lot of models for description security properties but they are based on informal and semi-formal approaches. Less attention is paid to model the security properties in formal methods. In this study, a formal description of security properties is developed in VDM because formal methods can specify the system and system properties completely, unambiguously and precisely. The analysis of resulting models is then done with VDM-SL toolbox. The specification is analyzed for syntax checking and type checking in VDM-SL toolbox.