Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Mathematical Methods, Models, and Architectures for Network Security

MMM-ACNS 2001: Information Assurance in Computer Networks pp 84–89Cite as

Applying Practical Formal Methods to the Specification and Analysis of Security Properties

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2052))

Abstract

The SCR (Software Cost Reduction) toolset contains tools for specifying, debugging, and verifying system and software requirements. The utility of the SCR tools in detecting specification errors, many involving safety properties, has been demonstrated recently in projects involving practical systems, such as the International Space Station, a flight guidance system, and a U.S. weapons system. This paper briefly describes our experience in applying the tools in the development of two secure systems: a communications device and a biometrics standard for user authentication.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   64.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Archer, M., Heitmeyer, C., and Riccobene, E.: Using TAME to prove invariants of automata models: Case studies. In Proc. 2000 ACM SIGSOFT Workshop on Formal Methods in Software Practice (FMSP’00) (August 2000)

    Google Scholar 

  2. Bharadwaj, R. and Sims, S.: Salsa: Combining constraint solvers with BDDs for automatic invariant checking. In Proc. Tools and Algorithms for the Construction and Analysis of Systems (TACAS’ 2000), Berlin (March 2000)

    Google Scholar 

  3. BioAPI Consortium. The BioAPI Specification. Version 1.00 (March 30, 2000)

    Google Scholar 

  4. Steve Easterbrook and John Callahan. Formal methods for verification and validation of partial specifications: A case study. Journal of Systems and Software (1997)

    Google Scholar 

  5. Faulk, S.R., Finneran, L., Kirby,Jr., Shah, S., and Sutton, J.: Experience applying the CoRE method to the Lockheed C-130J. In: Proc. 9th Annual Conf. on Computer Assurance (COMPASS’ 94). Gaithersburg, MD (June 1994)

    Google Scholar 

  6. Gargantini, A. and Heitmeyer, C.: Automatic generation of tests from requirements specifications. In: Proc. ACM 7th Eur. Software Eng. Conf. and 7th ACM SIGSOFT Symp. on the Foundations of Software Eng. (ESEC/FSE99), Toulouse, FR (September 1999)

    Google Scholar 

  7. Heitmeyer, C.L. and McLean J.: Abstract requirements specifications: A new approach and its application. IEEE Trans. Softw. Eng., SE-9(5) (September 1983) 580–589

    Google Scholar 

  8. Heitmeyer, C., Kirby,Jr. J., Labaw, B., and Bharadwaj, R.: SCR: A toolset for specifying and analyzing software requirements. In Proc. Computer-Aided Verification, 10th Annual Conf. (CAV’98), Vancouver, Canada (1998)

    Google Scholar 

  9. C. Heitmeyer, A. Bull, C. Gasarch, and B. Labaw. SCR: A toolset for specifying and analyzing requirements. In Proc. 10th Annual Conf. on Computer Assurance (COMPASS’ 95), Gaithersburg, MD (June 1995) 109–122

    Google Scholar 

  10. Constance Heitmeyer, James Kirby,Jr., and Bruce Labaw. Tools for formal specification, verification, and validation of requirements. In: Proc. 12th Annual Conf. on Computer Assurance (COMPASS’ 97). Gaithersburg, MD (June 1997)

    Google Scholar 

  11. C. L. Heitmeyer, R. D. Jeffords, and B. G. Labaw. Automated consistency checking of requirements specifications. ACM Transactions on Software Engineering and Methodology, 5(3) (April—June 1996) 231–261

    Article  Google Scholar 

  12. Heitmeyer, C., Kirby, J., Labaw, B., Archer, M., and Bharadwaj, R.: Using abstraction and model checking to detect safety violations in requirements specifications. IEEE Trans. on Softw. Eng., 24(11) (November 1998)

    Google Scholar 

  13. Heninger, K., Parnas, D.L., Shore, J.E., and Kallander, J.W.: Software requirements for the A-7E aircraft. Technical Report 3876, Naval Research Lab., Wash., DC (1978)

    Google Scholar 

  14. Heninger, K.L.: Specifying software requirements for complex systems: New techniques and their application. IEEE Trans. Softw. Eng., SE-6(1) (January 1980) 2–13

    Article  Google Scholar 

  15. Hester, S.D., Parnas, D.L., and Utter, D.F.: Using documentation as a software design medium. Bell System Tech. J., 60(8) (October 1981) 1941–1977

    Google Scholar 

  16. Holzmann, G.J.: The model checker SPIN. IEEE Transactions on Software Engineering, 23(5) (May 1997) 279–295

    Article  MathSciNet  Google Scholar 

  17. Ralph Jeffords and Constance Heitmeyer. Automatic generation of state invariants from requirements specifications. In: Proc. Sixth ACM SIGSOFT Symp. on Foundations of Software Engineering. (November 1998)

    Google Scholar 

  18. Kirby,Jr. J., Archer, M., and Heitmeyer, C.: SCR: A practical approach to building a high assurance COMSEC system. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC’ 99). IEEE Computer Society Press (December 1999)

    Google Scholar 

  19. Meyers, S. and White, S.: Software requirements methodology and tool study for A6-E technology transfer. Technical report, Grumman Aerospace Corp., Bethpage, NY (July 1983)

    Google Scholar 

  20. Miller, S.: Specifying the mode logic of a flight guidance system in CoRE and SCR. In: Proc. 2nd ACM Workshop on Formal Methods in Software Practice (FMSP’98) (1998)

    Google Scholar 

  21. Parnas, D.L., Asmis, G.J.K., and Madey, J.: Assessment of safety-critical software in nuclear power plants. Nuclear Safety, 32(2) (April—June 1991)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Naval Research Laboratory (Code 5546), Washington, DC 20375, USA

    Constance Heitmeyer

Authors
  1. Constance Heitmeyer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), SPIIRAS, 39, 14th Liniya, St. Petersburg, Russia, 199178

    Vladimir I. Gorodetski

  2. Watson Schoolof Engineering, Binghamton University, Binghamton, NY, 13902, USA

    Victor A. Skormin

  3. Air Force Research Laboratory, Defensive Information Warfare Branch, 525 Brooks Road, Rome, NY, 13441-4505, Italy

    Leonard J. Popyack

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Heitmeyer, C. (2001). Applying Practical Formal Methods to the Specification and Analysis of Security Properties. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds) Information Assurance in Computer Networks. MMM-ACNS 2001. Lecture Notes in Computer Science, vol 2052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45116-1_11

Download citation

  • DOI: https://doi.org/10.1007/3-540-45116-1_11

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42103-0

  • Online ISBN: 978-3-540-45116-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation