A formal methodology for integral security design and verification of network protocols

We propose a methodology for verifying security properties of network protocols at design level. It can be separated in two main parts: context and requirements analysis and informal verification; and formal representation and procedural verification. It is an iterative process where the early steps are simpler than the last ones. Therefore, the effort required for detecting flaws is proportional to the complexity of the associated attack. Thus, we avoid wasting valuable resources for simple flaws that can be detected early in the verification process. In order to illustrate the advantages provided by our methodology, we also analyze three real protocols

A System for Deduction-based Formal Verification of Workflow-oriented Software Models

The work concerns formal verification of workflow-oriented software models using deductive approach. The formal correctness of a model's behaviour is considered. Manually building logical specifications, which are considered as a set of temporal logic formulas, seems to be the significant obstacle for an inexperienced user when applying the deductive approach. A system, and its architecture, for the deduction-based verification of workflow-oriented models is proposed. The process of inference is based on the semantic tableaux method which has some advantages when compared to traditional deduction strategies. The algorithm for an automatic generation of logical specifications is proposed. The generation procedure is based on the predefined workflow patterns for BPMN, which is a standard and dominant notation for the modeling of business processes. The main idea for the approach is to consider patterns, defined in terms of temporal logic,as a kind of (logical) primitives which enable the transformation of models to temporal logic formulas constituting a logical specification. Automation of the generation process is crucial for bridging the gap between intuitiveness of the deductive reasoning and the difficulty of its practical application in the case when logical specifications are built manually. This approach has gone some way towards supporting, hopefully enhancing our understanding of, the deduction-based formal verification of workflow-oriented models.Comment: International Journal of Applied Mathematics and Computer Scienc

Incompleteness of relational simulations in the blocking paradigm

Refinement is the notion of development between formal specifications For specifications given in a relational formalism downward and upward simulations are the standard method to verify that a refinement holds their usefulness based upon their soundness and joint completeness This is known to be true for total relational specifications and has been claimed to hold for partial relational specifications in both the non-blocking and blocking interpretations In this paper we show that downward and upward simulations in the blocking interpretation where domains are guards are not Jointly complete This contradicts earlier claims in the literature We illustrate this with an example (based on one recently constructed by Reeves and Streader) and then construct a proof to show why Joint completeness fails in general (C) 2010 Elsevier B V All rights reserve

Carnap: an Open Framework for Formal Reasoning in the Browser

This paper presents an overview of Carnap, a free and open framework for the development of formal reasoning applications. Carnap’s design emphasizes flexibility, extensibility, and rapid prototyping. Carnap-based applications are written in Haskell, but can be compiled to JavaScript to run in standard web browsers. This combination of features makes Carnap ideally suited for educational applications, where ease-of-use is crucial for students and adaptability to different teaching strategies and classroom needs is crucial for instructors. The paper describes Carnap’s implementation, along with its current and projected pedagogical applications

Report on the Implementation of Work Package 4 “Selection and Testing New ICT Tools” in the Framework of the IRNet Project

This article, prepared by an international team of authors – researchers from different scientific areas, connected with ICT, e-learning, pedagogy, and other related disciplines – focuses on the objectives and some results of the IRNet international project. In particular, this article describes the research tools, methods, and some procedures of the Work Package 4 (WP4) “Selection and Testing New ICT tools”: Objectives, Tasks, Deliverables, and implementation of research trips. Researchers from partner universities have analysed the results of WP4 in the context of the next stages and Work Packages of the IRNet project – International Research Network

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac