ACM Transactions on Computer Systems (TOCS)
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Formal System Development with KIV
FASE '00 Proceedings of the Third Internationsl Conference on Fundamental Approaches to Software Engineering: Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS 2000
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Mechanising a Protocol for Smart Cards
E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
Abstract State Machines: A Method for High-Level System Design and Analysis
Abstract State Machines: A Method for High-Level System Design and Analysis
Verifying the SET Purchase Protocols
Journal of Automated Reasoning
On the security of public key protocols
SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
Automatic verification of correspondences for security protocols
Journal of Computer Security
Generating formal specifications for security-critical applications - A model-driven approach
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Verifying smart card applications: an ASM approach
IFM'07 Proceedings of the 6th international conference on Integrated formal methods
Secure Systems Development with UML
Secure Systems Development with UML
Developing high-assurance secure systems with UML: a smartcard-based purchase protocol
HASE'04 Proceedings of the Eighth IEEE international conference on High assurance systems engineering
Formal verification of QVT transformations for code generation
Proceedings of the 14th international conference on Model driven engineering languages and systems
Incremental development of large, secure smart card applications
Proceedings of the Workshop on Model-Driven Security
Compositional verification of application-level security properties
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Modeling test cases for security protocols with SecureMDD
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
We present a verification method that allows to prove security for security-critical systems based on cryptographic protocols. Designing cryptographic protocols is very difficult and error-prone and most tool-based verification approaches only consider standard security properties such as secrecy or authenticity. In our opinion, application-specific security properties give better guarantees. In this paper we illustrate how to verify properties that are relevant for e-commerce applications, e.g. 'The provider of a copying service does not lose money'. This yields a more complex security property that is proven using interactive verification. The verification of this kind of application-specific property is part of the SecureMDD approach which provides a method to model a security-critical application with UML and automatically generates executable code as well as a formal specification for interactive verification from the UML models.