• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.53-60
• /
• 2018

Cryptographic algorithms are being standardized globally, and the security of cryptographic algorithms has been well proven. However, there is a need for an improved verification method to verify that the existing verification method is correctly implemented according to the standard, because there is a weakness in implementation and it can cause serious damage. Therefore, in this paper, we selected ARIA and LEA to be verified among 128-bit or more block cipher modules performed by the National Intelligence Service, and propose a method to verify whether it is implemented correctly using Cryptol for high-assurance cryptographic module.

• Proceedings of the CALSEC Conference
• /
• 2004.02a
• /
• pp.318-326
• /
• 2004

The ebXML (Electronic Business using eXtensible Markup Language) Specification Schema is to provide nominal set of specification elements necessary to specify a collaboration between business partners based on XML. As a part of ebXML Specification Schema, BPSS (Business Process Specification Schema) has been provided to support the direct specification of the set of elements required to configure a runtime system in order to execute a set of ebXML business transactions. The BPSS is available in two stand-alone representations, a UML version and an XML version. Due to the limitations of UML notations and XML syntax, however, current ebXML BPSS specification is insufficient to specify formal semantic constraints of modeling elements completely. In this study, we propose a classification schema for the BPSS semantic constraints and describe how to represent those semantic constraints formally using OCL (Object Constraint Language). As a way to verify a Business Process Specification (BPS) with the formal semantic constraint modeling, we suggest a rule-based approach to represent the formal constraints and to use the rule-based constraints specification to verify BPSs in a CLIPS prototype implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.821-834
• /
• 2019

As cyber security threats increase, there is a growing demand for highly reliable systems. Common Criteria, an international standard for evaluating information security products, requires formal specification and verification of the system to ensure a high level of security, and more and more cases are being observed. In this paper, we propose highly reliable drone systems that ensure high level security level and trust. Based on the results, we use formal methods especially Z/EVES to improve the system model in terms of scheduling in the system kernel.

• The Journal of Korean Association of Computer Education
• /
• v.7 no.6
• /
• pp.129-139
• /
• 2004

In developing highly reliable systems such as C4I systems formal methods provide both developers and clients with assurance that they are in the right development processes. This paper investigates into techniques for formal specifications and tests for software components where rigorous verification is required. In particular, the paper suggests decomposition techniques for state-model based specifications using the weakest precondition, and suggests test methods for the specification by generating black box test-cases.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04a
• /
• pp.519-522
• /
• 2001

바람직한 비즈니스 룰의 기본은 어디에 어떠한 형태로 구현되더라도 유일하고, 일관적인 모델 이여야 한다는 것이다. 또한 비즈니스 룰 자체의 정립은 의사결정 시스템을 사용함으로써 경영 전략이 바뀌어도 시스템 담당자에게 의뢰할 필요 없이 기획자가 바로 코드 값만 변경시키면 기존의 시스템을 그대로 사용할 수 있을 정도의 유연성을 가지게 된 현실에 비추어 볼 때 매우 요원한 일이다. 즉, 비즈니스 룰은 DRM(Digital Rights Management) 시스템뿐만 아니라 e-CRM을 실현하는 모든 시스템에서 사용되며, 이 비즈니스 룰의 충돌로 인해서 시스템의 작동 여부가 결정될 수 있다. 룰 자체가 자연어로 기술되고 언젠가는 모순을 유발할 가능성이 높기 때문에 먼저 명확한 논리식으로 표현하고 LEGO라는 정형기법 도구를 통해 검증하도록 한다.

• Review of KIISC
• /
• v.12 no.2
• /
• pp.62-76
• /
• 2002

Incautiously designed and informally verified cryptographic protocols are error-prone and can allow an adversary to have the ideal starting point for various kinds of attacks. The flaws resulting from these protocols can be subtle and hard to find. Accordingly we need formal methods for systematic design and verification of cryptographic protocols. This paper surveys the state-of-the-art and proposes a practical developing method that will be implemented in the future study.

• Journal of KIISE:Computer Systems and Theory
• /
• v.27 no.3
• /
• pp.337-344
• /
• 2000

In this paper, we define a Process Algebra ACSMR(Algebra of Communicating Shared Multiple Resources) for system specification and verification using multiple resources. ACSMR extends a concept of multiple resources in ACSR that is a branch of formal methods based on process algebra. We'll show that two specification and verification examples. One is the specification of system behavior in multiprocessor using EDF(Earliest-Deadline-First) which is a scheduling algorithm of a real-time system. The other is the specification of describing timing analysis and resources restriction in a super scalar processor using multiple ports registers.

• Proceedings of the KIEE Conference
• /
• summer
• /
• pp.1358-1360
• /
• 2004

철도 신호제어장치들은 각자 고유의 기능을 수행하면서 각 장치간 통신링크를 통하여 하나의 신호제어시스템을 구성하고 있다. 특히 철도청에서 통합 CTC 시스템을 구축하면서 신호제어시스템 이외의 SCADA나 여객정보안내 시스템 등과도 인터페이스를 통해 기존의 열차제어 기능만을 수행하는 것에서 타 시스템과의 통신을 통한 종합적인 정보시스템으로 발전하고 있다. 이러한 CTC장치와 외부설비들간의 인터페이스는 철도정보시스템의 발달에 따라 매우 중요한 부분이 되고 있으며, 본 논문에서는 이중 SCADA 장치와의 인터페이스를 위한 프로토콜 구조를 연구하였다. 이에 따라 본 논문에서는 기존의 도시철도, 경부고속철도 등의 프로토콜의 분석을 바탕으로 철도청 통합 CTC와 SCADA 장치간 통신을 위해 설계한 프로토콜 구조를 제시하고, 또한 설계한 프로토콜에 대한 안전성과 필연성을 정형검증(Formal Verification) 결과를 설명한다.

• Journal of KIISE:Software and Applications
• /
• v.35 no.12
• /
• pp.731-740
• /
• 2008

A railway control system is one of the typical safety-critical systems. It is required to use formal methods for the requirements specification and verification in order to develop the global-standard railway control systems based on the computer systems. In this paper, we develop a guideline for requirements specification using formal methods, and present a case study of the development of a computer-based railway control system through the application of the proposed guideline. We use the Statechart and the Z method for the formal requirements specifications and verify the consistency and completeness of the formal specifications of the requirements.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.533-537
• /
• 2003

보안 시스템의 안전성을 분석하기 위해서는, 정형적 방법론을 사용하여 보안 시스템에 대한 이론적인 수학적 모델을 정형적으로 설계하고, 보안 속성을 정확히 기술해야만 한다. 본 논문에서는 보안 시스템의 안전성을 검증하기 위한 보안모델의 구성요소와 안전성 검증방법을 설명한다. 그리고 보안모델을 설계하고 안전성을 분석하기 위한 SEW(Safety Evaluation Workshop)의 전체 구조와 SPR(Safety Problem Resolver) 정형검증도구의 검증방법 및 기능에 대해 소개하고자 한다.