The way of Z: practical programming with formal methods
The way of Z: practical programming with formal methods
CSP-OZ: a combination of object-Z and CSP
FMOODS '97 Proceedings of the IFIP TC6 WG6.1 international workshop on Formal methods for open object-based distributed systems
Systems and software verification: model-checking techniques and tools
Systems and software verification: model-checking techniques and tools
ZUM '97 Proceedings of the 10th International Conference of Z Users on The Z Formal Specification Notation
Formal verification of security specifications with common criteria
Proceedings of the 2007 ACM symposium on Applied computing
Hi-index | 0.00 |
This paper proposes a new hybrid method to formally verify whether the security specification of a target information system satisfies security functional requirements defined in ISO/IEC 15408 evaluation criteria for security. We classify at first the security functional requirements of ISO/IEC 15408 into two classes: static requirements concerning static properties and dynamic requirements concerning dynamic behavior of target systems, and then formalize the static requirements with Z notation and the dynamic requirements with temporal logic. Thus, we can verify static properties using theorem-proving and dynamic behavior using model-checking. As a result, developers can easily use the method to verify whether the security specification of a target information system satisfies both static and dynamic security functional requirements defined in ISO/IEC 15408. The new method is an evolution and improvement of our early verification method where only Z notation was adapted and to verify dynamic behavior of target systems is difficult.