ACM Transactions on Information and System Security (TISSEC)
How Did Software Get So Reliable Without Proof?
FME '96 Proceedings of the Third International Symposium of Formal Methods Europe on Industrial Benefit and Advances in Formal Methods
A Survey of Software Refactoring
IEEE Transactions on Software Engineering
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
SCS '04 Proceedings of the 9th Australian workshop on Safety critical systems and software - Volume 47
Code security analysis with assertions
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
A framework for concrete reputation-systems with applications to history-based access control
Proceedings of the 12th ACM conference on Computer and communications security
Verified Interoperable Implementations of Security Protocols
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Model-Based Security Engineering of Distributed Information Systems Using UMLsec
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Tools for model-based security engineering: models vs. code
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
The certification of the Mondex electronic purse to ITSEC Level E6
Formal Aspects of Computing
Model-based security analysis for mobile communications
Proceedings of the 30th international conference on Software engineering
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Secure Systems Development with UML
Secure Systems Development with UML
Cryptographic protocol analysis on real c code
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
| Hi-index | 0.00 |
Dependable systems evolution has been identified by the UK Computing Research Committee (UKCRC) as one of the current grand challenges for computer science. We present work towards addressing this challenge which focusses on one facet of dependability, namely data security: We give an overview on an approach for modelbased security verification which provides a traceability link to the implementation. The approach uses a design model in the UML security extension UMLsec which can be formally verified against high-level security requirements such as secrecy and authenticity. An implementation of the specification can then be verified against the model by making use of run-time verification through the traceability link. The approach supports software evolution in so far as the traceability mapping is updated when refactoring operations are regressively performed using our tool-supported refactoring technique. The proposed method has been applied to an implementation of the Internet security protocol SSL.