Browse > Article

A Security Software Development Methodology Using Formal Verification Tools  

Jang, Seung-Ju (동의대학교 컴퓨터공학과)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.12, no.2, 2006 , pp. 141-148 More about this Journal
Abstract
This paper suggests method of safe security S/W by verifying and its result of formal verification tool. We will survey many formal verification tools and compare features of these tools. And we will suggest what tool is appropriate and methodogoly of developing safe security S/W. The Z/EVES is the most appropriate tool. This paper proposes formal verification of ACS by using RoZ tool which is formal verification tool to create UML model. The specification and verification are executed using Z/EVES tool. These procedures can find weak or wrong point of developed S/W.
Keywords
formal method; formal verification; RoZ; Z/EVES; verification of security S/W;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Meadows, 'The NRL Protocol Analyzer: An Overview,' Journal of Logic Programming 24(2), pp. 113 -131. 1996   DOI   ScienceOn
2 T. Ball and S. K. Rajamani, 'The SLAM Toolkit', proceeding of CAV 2001, 2000
3 C.Elks, 'Issue in Formal Methods for the Analysis and Description of Security of Protocols,' http://www.ee.virginia.deu/~rdw/EE68601/tps.psf
4 M. Saaltink 'The Z/EVES User's Guide,' TR-975493-06, ORA Canada, 1997
5 한국 소프트웨어 진흥원,'소프트웨어 모델링 및 분석기법',2003
6 Crow J, Owre S, Rushby J, Shankar N, Srivas M. A tutorial introduction to PVS. Workshop on Industrial-Strength Formal Specification Techniques (WIFT '95), 1995; 1-112
7 Owre S, Shankar N, Rushby J, Stringer-Calvert D. PVS System Guide Version 2.3. Computer Science Laboratory, SRI International, 1999; 1-88
8 David Harel and Amnon Naamad, 'The STATEMATE Semantics of Starecharts,' ACM Trans. Soft. Method, 1996   DOI
9 T. Ball and S. K. Rajamani, 'SLIC: A Specification Language for Interface Checking (of C),' MSR-TR-2001-2
10 J. Corbett, M. Dwyer, J. Hatcliff, C. Pasareanu, Robby, S. Laubach, H. Zheng, 'Bandera: Extracting Finite-state Models from Java Source Code,' Proceedings of the 22th ICSE, 2000   DOI
11 The HOL System Tutorial, version3. 'http://www.cl.cam.ac.uk/users/mn200/hol-tutorial/index.html'
12 A Quick Introductin to SPIN, 'http://netlib.belllabs.comlnetlib/spin/whatispin.html'
13 Simon Lukell, Chris Veldman, 'Automated Attack Analysis and Code Generation in a Unified, Multi-Dimensional Security Protocol Engineering Framework,' COMPUTER SCIENCE HONOURS, UNIVERSITY OF CAPE TOWN. CS02-15-00. OCTOBER 2002
14 Gerard J. Holzmann, 'The Model Checker Spin,' IEEE TRANSACTIONS ON SOFTWARE ENGINEERING. VOL 23. NO.5. MAY 1997   DOI   ScienceOn
15 K.L. McMillan, 'SMV system,' Last updated: November 6, 2000
16 M.Bishop, 'Computer Security,' Addison-Wesley, 2002
17 The VDM Tool Group, 'User Manual for the IFAD VDM-SL Toolbox,' IFAD, Odense, Danmark, 1999
18 G.J. Holzmann. The Spin Model Checker-Primer and Reference Manual. Addison-Wesley, http://www.spinroot.com/. 2003