Abstract
Many security scenarios involve both network and cryptographic protocols and the interactions of different human participants in a real-world environment. Modelling these scenarios is complex, in part due to the imprecision and under-specification of the tasks and properties involved. We present work-in-progress on a domain-specific modelling approach for such scenarios; the approach is intended to support coarse-grained state exploration, and incorporates a classification of elements complementary to computer protocols, such as the creation, personalisation, modification and transport of identity tokens. We propose the construction of a domain-specific language for capturing these elements, which will in turn support domain-specific analyses related to the reliability and modifiability of said scenarios.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
PRISM: PRogramming in Statistical Modeling (February 2012), http://sato-www.cs.titech.ac.jp/prism/
Abrial, J.-R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press (2010)
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley (2008)
Bravenboer, M., Visser, E.: Concrete syntax for objects: Domain-specific language embedding and assimilation without restrictions. In: Proc. 19th Annual ACM SIGPLAN Conf. on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2004), pp. 365–383. ACM Press (2004)
Brooke, P.J., Paige, R.F.: Lazy exploration and checking of CSP models with CSPsim. In: McEwan, A.A., Ifill, W., Welch, P.H. (eds.) Communicating Process Architectures 2007, pp. 33–50 (February 2007)
Carlos, M.C., Martina, J.E., Price, G., Custódio, R.F.: A proposed framework for analysing security ceremonies. In: Proc. SECRYPT (2012)
Easterbrook, S.M., Chechik, M.: A framework for multi-valued reasoning over inconsistent viewpoints. In: ICSE, pp. 411–420 (2001)
FDR2 model checker, http://www.fsel.com/software.html . (last visited January 12, 2012)
Fowler, M.: Domain-Specific Languages. Addison-Wesley (2010)
Hemel, Z., Kats, L.C.L., Visser, E.: Code Generation by Model Transformation: A Case Study in Transformation Modularity. In: Vallecillo, A., Gray, J., Pierantonio, A. (eds.) ICMT 2008. LNCS, vol. 5063, pp. 183–198. Springer, Heidelberg (2008)
Hudak, P.: Modular domain specific languages and tools. In: Proc. 5th Int’l Conf. on Software Reuse, pp. 134–142. IEEE Computer Society Press (1998)
Jackson, D.: Software Abstractions. MIT Press (2008)
Kwiatkowska, M., Norman, G., Parker, D.: PRISM: Probabilistic Symbolic Model Checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002)
Lanotte, R., Maggiolo-Schettini, A., Troina, A.: Parametric probabilistic transition systems for system design and analysis. Formal Aspects of Computing 19, 93–109 (2006)
Lowe, G., Roscoe, B.: Using CSP to detect errors in the TMN protocol. IEEE Transactions on Software Engineering 23(10), 659–669 (1997)
Martina, J.E., Carlos, M.C.: Why should we analyse security ceremonies. In: Proc. CryptoForma Workshop (May 2010)
Monahan, B.: DXM — Demo2k eXperiments Manager. Technical Report HPL-2008-173, HP Laboratories (2008)
Moreno-Velo, F.J., Baturone, I., Sánchez-Solano, S., Barros, A.B.: Xfuzzy 3.0: a development environment for fuzzy systems. In: EUSFLAT Conf., pp. 93–96 (2001)
Morgan, C., Hoang, T.S., Abrial, J.-R.: The Challenge of Probabilistic Event B —Extended Abstract—. In: Treharne, H., King, S., C. Henson, M., Schneider, S. (eds.) ZB 2005. LNCS, vol. 3455, pp. 162–171. Springer, Heidelberg (2005)
Morgan, C., McIver, A., Seidel, K.: Probabilistic predicate transformers. ACM Trans. Program. Lang. Syst. 18(3), 325–353 (1996)
ProBE — CSP animator, http://www.fsel.com/software.html (last visited February 2, 2011)
Rizzoli, A.E.: A collection of modelling and simulation resources on the internet, http://www.idsia.ch/~andrea/sim/simtools.html (last accessed January 6, 2012)
Roberts, M.J.: TADS 3 downloads, http://www.tads.org/tads3.htm (last visited January 4, 2012)
Rosson, M.B., Carroll, J.: Scenario-based design. In: The Human-Computer Interaction Handbook, ch. 53, pp. 1032–1050. Lawrence Earlbaum Associates (2002)
SPIN — model checker, http://spinroot.com/spin/whatispin.html (last visited January 4, 2012)
van Deursen, A., Klint, P., Visser, J.: Domain-specific languages: an annotated bibliography. SIGPLAN Not. 35(6), 26–36 (2000)
Van Wyk, E., de Moor, O., Backhouse, K., Kwiatkowski, P.: Forwarding in Attribute Grammars for Modular Language Design. In: Nigel Horspool, R. (ed.) CC 2002. LNCS, vol. 2304, pp. 128–142. Springer, Heidelberg (2002)
XJ Technologies. Anylogic, http://www.xjtek.com/anylogic/why_anylogic/ (last accessed January 6, 2012)
Zadeh, L.: Fuzzy sets. Information and Control 8(3) (1965)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brooke, P.J., Paige, R.F., Power, C. (2012). Approaches to Modelling Security Scenarios with Domain-Specific Languages. In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J. (eds) Security Protocols XX. Security Protocols 2012. Lecture Notes in Computer Science, vol 7622. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35694-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-35694-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35693-3
Online ISBN: 978-3-642-35694-0
eBook Packages: Computer ScienceComputer Science (R0)