A paradigmatic analysis of conventional approaches for developing and managing secure IS
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Formal Analysis of a Secure Communication Channel: Secure Core-Email Protocol
FM '99 Proceedings of the Wold Congress on Formal Methods in the Development of Computing Systems-Volume I - Volume I
Securing the drop-box architecture for assisted living
Proceedings of the fourth ACM workshop on Formal methods in security
| Hi-index | 0.00 |
Developing systems that are assured to be secure requires precise and accurate descriptions of specifications, designs, implementations, and security properties. Formal specification and verification have long been recognized as giving the highest degree of assurance. In this paper, we describe a software development process that integrates formal verification and synthesis. We demonstrate this process by developing assured sender and receiver C++ code for a secure electronic mail system, Privacy Enhanced Mail. We use higher-order logic for system-requirements specification, design specifications and design verification. We use a combination of higher-order logic and category theory and tools supporting these formalisms to refine specifications and synthesize code. Much of our work is applicable to other secure email protocols, as our development is parameterized, component-based, and reusable.