A security model for military message systems
ACM Transactions on Computer Systems (TOCS)
The existence of refinement mappings
Theoretical Computer Science
Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS
IEEE Transactions on Software Engineering
Using model checking to generate tests from requirements specifications
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
ACM Transactions on Information and System Security (TISSEC)
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Proving Invariants of I/O Automata with TAME
Automated Software Engineering
Computer
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
High Integrity Software: The SPARK Approach to Safety and Security
High Integrity Software: The SPARK Approach to Safety and Security
Generating optimized code from SCR specifications
Proceedings of the 2006 ACM SIGPLAN/SIGBED conference on Language, compilers, and tool support for embedded systems
Applying Formal Methods to a Certifiably Secure Software System
IEEE Transactions on Software Engineering
Combining static and dynamic reasoning for bug detection
TAP'07 Proceedings of the 1st international conference on Tests and proofs
Formal specifications on industrial-strength code—from myth to reality
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Trustable formal specification for software certification
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part II
Critical systems development methodology using formal techniques
Proceedings of the Third Symposium on Information and Communication Technology
| Hi-index | 0.00 |
This paper describes how formal methods were used to produce evidence in a certification, based on the Common Criteria, of a security-critical software system. The evidence included a top level specification (TLS) of the security-relevant software behavior, a formal statement of the required security properties, proofs that the specification satisfied the properties, and a demonstration that the source code, which had been annotated with preconditions and postconditions, was a refinement of the TLS. The paper also describes those aspects of our approach which were most effective and research that could significantly increase the effectiveness of formal methods in software certification.