Incremental development of large, secure smart card applications

Authors:
Nina Moebius;Kurt Stenzel;Marian Borek;Wolfgang Reif
Affiliations:
University of Augsburg, Augsburg, Germany;University of Augsburg, Augsburg, Germany;University of Augsburg, Augsburg, Germany;University of Augsburg, Augsburg, Germany
Venue:
Proceedings of the Workshop on Model-Driven Security
Year:
2012

Citing 12
Cited 1

The inductive approach to verifying cryptographic protocols

Journal of Computer Security
Using encryption for authentication in large networks of computers

Communications of the ACM
Dynamic Logic

Dynamic Logic
Formal System Development with KIV

FASE '00 Proceedings of the Third Internationsl Conference on Fundamental Approaches to Software Engineering: Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS 2000
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Abstract State Machines: A Method for High-Level System Design and Analysis

Abstract State Machines: A Method for High-Level System Design and Analysis
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
The Security Development Lifecycle

The Security Development Lifecycle
On the security of public key protocols

SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
Chip and PIN is Broken

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Formal verification of QVT transformations for code generation

Proceedings of the 14th international conference on Model driven engineering languages and systems
Formal verification of application-specific security properties in a model-driven approach

ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems

Compositional verification of application-level security properties

ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

SecureMDD is a model-driven approach to develop security-critical applications. The focus lies on the development of smart card and service applications. Those are inherently security-critical and are based on cryptographic protocols. These protocols are difficult to design and error-prone. To guarantee the security of an application, formal verification is an inherent part of our software engineering approach. In this paper we illustrate that the SecureMDD approach is applicable for the development of large and complex applications as well. To handle the size and complexity, an incremental development method is suggested. This is illustrated with the German electronic health card application as case study.