Communicating sequential processes
Communicating sequential processes
Inductive analysis of the Internet protocol TLS
ACM Transactions on Information and System Security (TISSEC)
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Using encryption for authentication in large networks of computers
Communications of the ACM
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Kerberos Version 4: Inductive Analysis of the Secrecy Goals
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Robustness Principles for Public Key Protocols
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Proceedings of the Thirteenth International Florida Artificial Intelligence Research Society Conference
Protocol Engineering Applied to Formal Analysis of Security Systems
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
DEXA '02 Proceedings of the 13th International Workshop on Database and Expert Systems Applications
Verifying authentication protocols with CSP
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Prudent Engineering Practice for Cryptographic Protocols
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
With the grown of internet and distributed applications, security requirements are going inherent to the software development process. Each time one communicates with some other one there are relevant security risk that must be taken in account. This is what is happening in the new soft-ware applications using client/server architecture. We propose including security requirements at the top level of development process, together with functional requirements because they are much related. With this information we are able to extract all communication protocols that are involved in our application and their associated security goals. This is the input to a verification phase in which we look for security flaws. The last step, and the more useful (and the not yet finished) is to use this information to modify our initial specification at the top level of the development process