Formal verification of security specifications with common criteria

Authors:
Shoichi Morimoto;Shinjiro Shigematsu;Yuichi Goto;Jingde Cheng
Affiliations:
School of Industrial Technoloy, Higashi-oi, Shinagawa-ku, Tokyo, Japan;Saitama University, Sakura-ku, Saitama, Japan;Saitama University, Sakura-ku, Saitama, Japan;Saitama University, Sakura-ku, Saitama, Japan
Venue:
Proceedings of the 2007 ACM symposium on Applied computing
Year:
2007

Citing 6
Cited 5

An Introduction to Formal Specification and Z

An Introduction to Formal Specification and Z
High-Integrity System Specification and Design

High-Integrity System Specification and Design
Interactive Theorem Proving and Program Development

Interactive Theorem Proving and Program Development
Patterning Protection Profiles by UML for Security Specifications

CIMCA '05 Proceedings of the International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce Vol-2 (CIMCA-IAWTIC'06) - Volume 02
A web user interface of the security requirement management database based on ISO/IEC 15408

ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part IV
A security requirement management database based on ISO/IEC 15408

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III

A Security Specification Library with a Schemaless Database

ICCS '07 Proceedings of the 7th international conference on Computational Science, Part III: ICCS 2007
Classification, formalization and verification of security functional requirements

SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
Idea: simulation based security requirement verification for transaction level models

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Validation of security-design models using Z

ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Automatized high-level evaluation of security properties for RTL hardware designs

Proceedings of the Workshop on Embedded Systems Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a formalization and verification technique for security specifications, based on common criteria. Generally, it is difficult to define reliable security properties that should be applied to validate an information system. Therefore, we have applied security functional requirements that are defined in the ISO/IEC 15408 common criteria to the formal verification of security specifications. We formalized the security criteria of ISO/IEC 15408 and developed a process, using Z notation, for verifying security specifications. We also demonstrate some examples of the verification instances using the theorem prover Z/EVES. In the verification process, one can verify strictly whether specifications satisfy the security criteria defined in ISO/IEC 15408.