Evolving algebras 1993: Lipari guide
Specification and validation methods
The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
Strand spaces: proving security protocols correct
Journal of Computer Security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Dynamic Logic
A Method for Secure Smartcard Applications
AMAST '02 Proceedings of the 9th International Conference on Algebraic Methodology and Software Technology
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Mechanising a Protocol for Smart Cards
E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Hoare Logics for Recursive Procedures and Unbounded Nondeterminism
CSL '02 Proceedings of the 16th International Workshop and 11th Annual Conference of the EACSL on Computer Science Logic
Abstract State Machines: A Method for High-Level System Design and Analysis
Abstract State Machines: A Method for High-Level System Design and Analysis
ASM Refinement and generalizations of forward simulation in data refinement: a comparison
Theoretical Computer Science - Abstract state machines and high-level system design and analysis
On the security of public key protocols
SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Using coupled simulations in non-atomic refinement
ZB'03 Proceedings of the 3rd international conference on Formal specification and development in Z and B
Secure Systems Development with UML
Secure Systems Development with UML
Developing provable secure m-commerce applications
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
The mondex challenge: machine checked proofs for an electronic purse
FM'06 Proceedings of the 14th international conference on Formal Methods
Verification of Mondex Electronic Purses with KIV: From a Security Protocol to Verified Code
FM '08 Proceedings of the 15th international symposium on Formal Methods
Generating formal specifications for security-critical applications - A model-driven approach
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
A systematic verification approach for mondex electronic purses using ASMs
Rigorous Methods for Software Construction and Analysis
Formal verification of application-specific security properties in a model-driven approach
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
| Hi-index | 0.00 |
Abstract. We present PROSECCO1, a formal model for security protocols of smart card applications, based on Abstract State Machines (ASM) [BS03],[Gur95], and a suitable method for verifying security properties of such protocols. The main part of this article describes the structure of the protocol ASM and all its relevant parts. Our modeling technique enables an attacker model exactly tailored to the application, instead of only an attacker similar to the Dolev-Yao model. We also introduce a proof technique for security properties of the protocols. Properties are proved in the KIV system using symbolic execution and invariants. Furthermore we describe a graphical notation based on UML diagrams that allows to specify the important parts of the application in a simple way. Our formal approach is exemplified with a small e-commerce application. We use an electronic wallet to demonstrate the ASM-based protocol model and we also show what the proof obligations of some of the security properties look like.