SOFTWARE SYSTEM RELIABILITY AND SECURITY



Similar documents
ASPECTS OF NETWORK AND INFORMATION SECURITY

Chap. 1: Introduction

Automated Firewall Analytics

Cryptography and Network Security

Reactive Synthesis - Hands-on Exercise

Information Security at ETH Zurich Institute of Information Security at ETH Zurich Zurich Information Security and Privacy Center

Introduction to Formal Methods. Các Phương Pháp Hình Thức Cho Phát Triển Phần Mềm

Computer Science Information Sheet for entry in What is Computer Science?

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

New York State Electronic Signatures and Records Act

A Methodology for Capturing Software Systems Security Requirements

Cryptography and Network Security Chapter 1

Cloud Computing Security Considerations

A Framework for the Semantics of Behavioral Contracts

RESTRICTED. Professional Accreditation Handbook For Computer Science Programmes

Trust areas: a security paradigm for the Future Internet

Practical Overview on responsibilities of Data Protection Officers. Security measures

Office of Inspector General

Adversary Modelling 1

Lecture Notes in Computer Science 5161

Enterprise K12 Network Security Policy

Specification and Analysis of Contracts Lecture 1 Introduction

Cloud security architecture

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

IM-93-1 ADP System Security Requirements and Review Process - Federal Guidelines

Brainloop Cloud Security

INFORMATION TECHNOLOGY SECURITY STANDARDS

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

ETSI TS V2.1.1 ( ) Technical Specification

User Authentication Guidance for IT Systems

ITL BULLETIN FOR AUGUST 2012

(e) Upon our request, you agree to sign a non-electronic version of this TOS.

MEng, BSc Applied Computer Science

CS 203 / NetSys 240. Network Security

Secure cloud access system using JAR ABSTRACT:

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

REGULATIONS FOR THE DEGREE OF MASTER OF SCIENCE IN COMPUTER SCIENCE (MSc[CompSc])

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

REGULATIONS FOR THE DEGREE OF MASTER OF SCIENCE IN COMPUTER SCIENCE (MSc[CompSc])

Technical Proposition. Security

Introduction to Security

Verifying Semantic of System Composition for an Aspect-Oriented Approach

TELECOMMUNICATION NETWORKS

jeti: A Tool for Remote Tool Integration

Electronic and Digital Signatures

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java

CTR System Report FISMA

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Release: 1. ICTNWK607 Design and implement wireless network security

IN FLIGHT SECURITY INCIDENT MANAGEMENT

Information System Security

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

SECURITY INFRASTRUCTURE Standards and implementation practices for protecting the privacy and security of shared genomic and clinical data

Chapter 1: Introduction

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

ETSI TS V1.1.1 ( ) Technical Specification

Electronic Signature Recordkeeping Guidelines

Java and the Java Virtual Machine

Eastern Washington University Department of Computer Science. Questionnaire for Prospective Masters in Computer Science Students

FACT SHEET: Ransomware and HIPAA

Software Verification: Infinite-State Model Checking and Static Program

Preface Introduction

Unified Static and Runtime Verification of Object-Oriented Software

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO TABLE OF CONTENTS

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

Start building a trusted environment now... (before it s too late) IT Decision Makers

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

E-Payment gateways. Opportunities & Threats. Saleem Zoughbi

NIST Special Publication (SP) , Revision 2, Security Considerations in the System Development Life Cycle

NIST Special Publication Version 2.0 Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories

Secure Semantic Web Service Using SAML

What is an SSL Certificate?

ISO COMPLIANCE WITH OBSERVEIT

MEng, BSc Computer Science with Artificial Intelligence

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Office 365 Data Processing Agreement with Model Clauses

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Protected Cash Withdrawal in Atm Using Mobile Phone

Exam 1 - CSIS 3755 Information Assurance

Updating the International Standard Classification of Occupations (ISCO) Draft ISCO-08 Group Definitions: Occupations in ICT

MANDATORY PROVIDENT FUND SCHEMES AUTHORITY. Guidelines on Index-Tracking Collective Investment Schemes

Transcription:

SOFTWARE SYSTEM RELIABILITY AND SECURITY

NATO Security through Science Series This Series presents the results of scientific meetings supported under the NATO Programme for Security through Science (STS). Meetings supported by the NATO STS Programme are in security-related priority areas of Defence Against Terrorism or Countering Other Threats to Security. The types of meeting supported are generally Advanced Study Institutes and Advanced Research Workshops. The NATO STS Series collects together the results of these meetings. The meetings are co-organized by scientists from NATO countries and scientists from NATO s Partner or Mediterranean Dialogue countries. The observations and recommendations made at the meetings, as well as the contents of the volumes in the Series, reflect those of participants and contributors only; they should not necessarily be regarded as reflecting NATO views or policy. Advanced Study Institutes (ASI) are high-level tutorial courses to convey the latest developments in a subject to an advanced-level audience. Advanced Research Workshops (ARW) are expert meetings where an intense but informal exchange of views at the frontiers of a subject aims at identifying directions for future action. Following a transformation of the programme in 2004 the Series has been re-named and reorganised. Recent volumes on topics not related to security, which result from meetings supported under the programme earlier, may be found in the NATO Science Series. The Series is published by IOS Press, Amsterdam, and Springer Science and Business Media, Dordrecht, in conjunction with the NATO Public Diplomacy Division. Sub-Series A. Chemistry and Biology Springer Science and Business Media B. Physics and Biophysics Springer Science and Business Media C. Environmental Security Springer Science and Business Media D. Information and Communication Security IOS Press E. Human and Societal Dynamics IOS Press http://www.nato.int/science http://www.springer.com http://www.iospress.nl Sub-Series D: Information and Communication Security Vol. 9 ISSN: 1574-5589

Software System Reliability and Security Edited by Manfred Broy Technische Universität München, Germany Johannes Grünbauer Technische Universität München, Germany and Tony Hoare Microsoft Research, UK Amsterdam Berlin Oxford Tokyo Washington, DC Published in cooperation with NATO Public Diplomacy Division

Proceedings of the NATO Advanced Research Institute on Software System Reliability and Security Marktoberdorf, Germany 1 13 August 2006 2007 IOS Press. All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without prior written permission from the publisher. ISBN 978-1-58603-731-4 Library of Congress Control Number: 2007922976 Publisher IOS Press Nieuwe Hemweg 6B 1013 BG Amsterdam Netherlands fax: +31 20 687 0019 e-mail: order@iospress.nl Distributor in the UK and Ireland Distributor in the USA and Canada Gazelle Books Services Ltd. IOS Press, Inc. White Cross Mills 4502 Rachael Manor Drive Hightown Fairfax, VA 22032 Lancaster LA1 4XS USA United Kingdom fax: +1 703 323 3668 fax: +44 1524 63232 e-mail: iosbooks@iospress.com e-mail: sales@gazellebooks.co.uk LEGAL NOTICE The publisher is not responsible for the use which might be made of the following information. PRINTED IN THE NETHERLANDS

Software System Reliability and Security M. Broy et al. (Eds.) IOS Press, 2007 2007 IOS Press. All rights reserved. v Preface Today almost every complex technical system used in industry, science, commerce and communication is more or less interfaced with software and software systems. This dictates that most information exchange is closely related to software and computer systems. The consequence of this wide distribution of software is a high dependency on its functioning and quality. Because of this dependency and distribution, making information systems safe, reliable, as well as secure and protecting information against all kinds of attack is an essential research topic, particularly in computer science. Scientific foundations have been developed for programming and building computer systems. These foundations cover a broad spectrum of issues and work with formal models and description techniques in order to support a deep and precise understanding and managing of a system s properties and interplay. In addition, software engineering has many additional applications, ranging from telecommunications to embedded systems. For example software engineering has now become essential in automotive and aircraft industry, and has been intergral in furthering computer networks distributed over widearea networks. A vast proportion of information exchange is influenced by computer systems and information security is important for reliable and secure software and computer systems. Information security covers the protection of information against unauthorized disclosure, transfer, modification, and destruction, whether accidentally or intentionally. Attacks against computer systems can cause considerable economic and physical damage. Quality of life in general and of individual citizens, and the effectiveness of the economy critically depends on our ability to build software in a transparent and efficient way. Furthermore, we must be able to enhance the software development process systematically in order to ensure safety, security and reliability. This, in turn, requires very high software reliability, i. e., an extremely high confidence in the ability of the software to perform flawlessly. The foundations of software technology provide models that enable us to capture application domains and their requirements, but also to understand the structure and working of software systems, software architectures and programs. New developments must pay due diligence to the importance of security-related aspects, and align current methods and techniques to information security, integrity, and system reliability. However, based on the specific needs in applications of software technology, models and formal methods must serve the needs and the quality of advanced software engineering methods, especially taking into account security aspects in Information Technology. As a consequence of the wide distribution of software and software infrastructure, information security depends on the quality and excellent understanding of its functioning. Only when this functionality is guaranteed as safe, customers, and information are protected against adversarial attacks. Thus, to make communication and computation secure against catastrophic failure and malicious interference, it is essential to build secure software systems and methods for their development. Such development is difficult, mainly because of the conflict between development costs and verifiable correctness.

vi In the summer of 2006, a group of internationally renowned researchers in computer science met and lectured on the topics described above. The articles in this book describe the state-of-the-art ideas on how to meet these challenges in software engineering. Rajeev Alur describes the foundations of model checking of programs with finite data and stack-based control flow. Manfred Broy introduces an abstract theory for systems, components, composition, architectures, interfaces, and compatibility. In his article he applies this theory to object orientation and elaborates on the application of that theory covering notions for a formal model of objects, classes, components, and architectures as well as those of interfaces of classes and components and their specification. Ernie Cohen explains how to use ordinary program invariants to prove properties of cryptographic protocols. Networked computer systems face a range of threats from hostile parties on the network leading to violations of design goals such as confidentiality, privacy, authentication, access control, and availability. The purpose of Andrew Gordon s article is to introduce an approach to this problem based on process calculi. Transactions are the essential components of electronic business systems, and their safety and security are of increasing concern. Tony Hoare presents a theoretical model of compensable transactions, showing how long running transactions may be correctly composed out of shorter ones. Orna Kupferman presents on Applications of Automata-Theory in Formal Verification. In this automata-theoretic approach to verification, she reduces questions about programs and their specifications to questions about automata. In a distributed system with no central management such as the Internet, security requires a knowledge about who can be trusted for each step in establishing it, and why. Butler W. Lampson explains the speaks for relation between principals describing how authority is delegated. Axel van Lamsweerde contributes model-based requirements engineering. Models for agents, operations, obstacles to goals, and security threats are introduced and a model building with the KAOS method is presented. Wolfgang Paul outlines a correctness proof for a distributed real time system for the first time in a single place from the gate level to the computational model of a CASE tool. Amir Pnueli describes an approach for the synthesis of (hardware and software) designs from LTL specifications. This approach is based on modelling the synthesis problem which is similar to the problem of finding a winning strategy in a two-person game. K. Venkatesh Prasad introduces the notion of a mobile networked embedded system, in which a mobile entity is composed of internally and externally networked software components. He discusses the challenges related to designing a mobile networked embedded system with regards to security, privacy, usability, and reliability. Finally, Wolfram Schulte explains the Spec# Approach, which provides method contracts in the form of pre- and post-conditions as well as object invariants. He describes the design of Spec# s state-of-the-art program verifier for object-oriented programs. The contributions in this volume have emerged from lectures of the 27th International Summer School on Software System Reliability and Security, held at Marktoberdorf from August 1 to August 13, 2006. More than 100 participants from 28 countries attended, including students, lecturers and staff. The Summer School provided two weeks of learning, discussion and development of new ideas, and was a fruitful event, at both the professional and social level.

We would like to thank all lecturers, staff, and hosts in Marktoberdorf. In particular special thanks goes to our secretaries Dr. Katharina Spies, Silke Müller, and Sonja Werner for their great and gentle support. The Marktoberdorf Summer School was arranged as an Advanced Study Institute of the NATO Security Through Science Programme with support from the town and county of Marktoberdorf and the Deutscher Akademischer Austausch Dienst (DAAD). We thank all authorities involved. THE EDITORS vii

viii

ix Contents Preface v Logics and Automata for Software Model-Checking 1 Rajeev Alur and Swarat Chaudhuri Specifying, Relating and Composing Object Oriented Interfaces, Components and Architectures 22 Manfred Broy Using Invariants to Reason About Cryptographic Protocols 73 Ernie Cohen Verified Interoperable Implementations of Security Protocols 87 Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon and Stephen Tse Compensable Transactions 116 Tony Hoare Automata on Infinite Words and Their Applications in Formal Verification 135 Orna Kupferman Practical Principles for Computer Security 151 Butler Lampson Engineering Requirements for System Reliability and Security 196 Axel van Lamsweerde Pervasive Verification of Distributed Real-Time Systems 239 Steffen Knapp and Wolfgang Paul Verification and Synthesis of Reactive Programs 298 Amir Pnueli Security, Privacy, Usability and Reliability (SPUR) in Mobile Networked Embedded Systems: The Case of Modern Automobiles 341 K. Venkatesh Prasad and T.J. Giuli A Verifying Compiler for a Multi-Threaded Object-Oriented Language 351 K. Rustan, M. Leino and Wolfram Schulte Author Index 417

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information