Formal Aspects of Computing

, Volume 19, Issue 1, pp 63–91 | Cite as

Verifying a signature architecture: a comparative case study

  • David Basin
  • Hironobu Kuruma
  • Kunihiko Miyazaki
  • Kazuo Takaragi
  • Burkhart Wolff
Original Article


We report on a case study in applying different formal methods to model and verify an architecture for administrating digital signatures. The architecture comprises several concurrently executing systems that authenticate users and generate and store digital signatures by passing security relevant data through a tightly controlled interface. The architecture is interesting from a formal-methods perspective as it involves complex operations on data as well as process coordination and hence is a candidate for both data-oriented and process-oriented formal methods.

We have built and verified two models of the signature architecture using two representative formal methods. In the first, we specify a data model of the architecture in Z that we extend to a trace model and interactively verify by theorem proving. In the second, we model the architecture as a system of communicating processes that we verify by finite-state model checking. We provide a detailed comparison of these two different approaches to formalization (infinite state with rich data types versus finite state) and verification (theorem proving versus model checking). Contrary to common belief, our case study suggests that Z is well suited for temporal reasoning about process models with complex operations on data. Moreover, our comparison highlights the advantages of proving theorems about such models and provides evidence that, in the hands of an experienced user, theorem proving may be neither substantially more time-consuming nor more complex than model checking.


Formal methods Comparison Theorem proving Model checking Security Case study 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. AAG95.
    Abowd GD, Allen R, Garlan D (1995) Formalizing style to understand descriptions of software architecture. ACM Trans Softw Eng Methodol (TOSEM) 4(4):319–364CrossRefGoogle Scholar
  2. ABL86.
    Abrial J-R, Börger E, Langmaack H (1986) Formal methods for industrial applications: Specifying and programming the steam boiler control, volume 1165 of Lecture Notes in Computer Science. Springer, Berlin Heidelberg New YorkGoogle Scholar
  3. Abr96.
    Abrial J-R (1996) The B-book: assigning programs to meanings. Cambridge University Press, CambridgezbMATHGoogle Scholar
  4. ACD+99.
    Avrunin GS, Corbett JC, Dwyer MB, Pasareanu CS, Siegel SF (1999) Comparing finite-state verification techniques for concurrent software. Technical report, Amherst, MA, USAGoogle Scholar
  5. AH94.
    Alur R, Henzinger TA (1994) A really temporal logic. J ACM 41(1):181–203zbMATHCrossRefMathSciNetGoogle Scholar
  6. ASS+99.
    Arai T, Sekiguchi T, Satoh M, Inoue T, Nakamura T, Iwao H (1999) DARMA: Using different OSs concurrently based on nano-kernel technology. In: Proceedings of 59th-Annual Convention of information processing society of Japan, vol 1, pages 139–140. Information Processing Society of Japan, 1999 (in Japanese)Google Scholar
  7. BDG+04.
    Brat G, Drusinsky D, Giannakopoulou D, Goldberg A, Havelund K, Lowry M, Pasareanu C, Venet A, Visser W, Washington R (2004) Experimental evaluation of verification and validation tools on martian rover software. Formal Methods Syst Des 25(2–3):167–198zbMATHCrossRefGoogle Scholar
  8. BF00.
    Basin D, Friedrich S (2000) Combining WS1S and HOL. In Gabbay DM de Rijke M (eds) Frontiers of Combining Systems 2, vol 7 of Studies in Logic and Computation. Res Stud Press/Wiley, Baldock, Herts, UK, 39–56Google Scholar
  9. BH95.
    Bowen JP, Hinchey MG, (1995) Seven more myths of formal methods. IEEE Softw 12(3):34–41CrossRefGoogle Scholar
  10. BK91.
    Basin D, Kaufmann M, (1990) The Boyer-Moore Prover and Nuprl: an experimental comparison. In: Huet G, Plotkin G, (eds) Logical Frameworks. Cambridge University Press, Cambridge, pp. 90–119Google Scholar
  11. BKTW04.
    Basin D, Kuruma H, Takaragi K, Wolff B (2004) Specifying and verifying hysteresis signature system with HOL-Z. Technical Report 471, ETH Zürich. Available at the URL Scholar
  12. BM88.
    Boyer RS, Moore JS (1988) Integrating decision procedures into heuristic theorem provers: a case study with linear arithmetic. Mach Intell (11):83–124MathSciNetGoogle Scholar
  13. BMV05.
    Basin D, Mödersheim S, Viganò L (2005) OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3):181–208 (Published online December 2004)CrossRefGoogle Scholar
  14. BPW03.
    Backes M, Pfitzmann B, Waidner M (2003) A composable cryptographic library with nested operations. In CCS ’03: Proceedings of the 10th ACM conference on computer and communications security ACM Press, New York 220–230Google Scholar
  15. BRW03.
    Brucker AD, Rittinger F, Wolff B (2003) HOL-Z 2.0: A proof environment for Z-specifications. J Univ Comput Sci 9(2):152–172Google Scholar
  16. BW03.
    Brucker AD, Wolff B (2003) A case study of a formalized security architecture. In: Electronic Notes in Theoretical Computer Science, vol 80. Elsevier, AmsterdamGoogle Scholar
  17. CAB+98.
    Chan W, Anderson RJ, Beame P, Burns S, Modugno F, Notkin D, Reese JD (1998) Model checking large software specifications. IEEE Trans Softw Eng 24(7):498–520CrossRefGoogle Scholar
  18. Can01.
    Canetti R (2001) Universally composable security: a new paradigm for cryptographic protocols. In: FOCS ’01: proceedings of the 42nd IEEE symposium on foundations of computer science. IEEE Computer Society p. 136Google Scholar
  19. Cor96.
    Corbett JC (1996) Evaluating deadlock detection methods for concurrent software. IEEE Trans Softw Eng 22(3):161–180CrossRefGoogle Scholar
  20. CS05.
    Castellini C, Smaill A (2005) Proof planning for first-order temporal logic. In: Conference on automated deduction, vol 3632 of Lecture Notes in Computer Science, Springer, Berlin Heidelberg New York 235–249Google Scholar
  21. DAC99.
    Dwyer MB, Avrunin GS, Corbett JC (1999) Patterns in property specifications for finite-state verification. In: ICSE ’99: Proceedings of the 21st international conference on software engineering. IEEE Computer Society Press, pp. 411–420Google Scholar
  22. Fis97.
    Fischer C (1997) CSP-OZ: A combination of Object-Z and CSP. In Proceedings of FMOODS’97: formal methods for open object-based distributed systems, vol 2, pages 423–438. Chapman & HallGoogle Scholar
  23. FORS.
    Fillitre J-C, Owre S,Rue H, Shankar N (2001) Ics: Integrated canonizer and solver. CAV 2001, number 2102 in Lecture Notes in Computer Science Google Scholar
  24. GO01.
    Gastin P, Oddoux D (2001) Fast LTL to Büchi automata translation. In: Berry G, Comon H, Finkel A (eds) Proceedings of the 13th conference on computer aided verification (CAV’01), number 2102 in Lecture Notes in Computer Science. Springer, Berlin Heidelberg New York pp. 53–65.Google Scholar
  25. Gup92.
    Gupta A (1992) Formal hardware verification methods: A survey. J Formal Methods Syst Des 1:151–238CrossRefGoogle Scholar
  26. Hal90.
    Hall A (1990) Seven myths of formal methods. IEEE Softw 7(5):11–19CrossRefGoogle Scholar
  27. Hol04.
    Holzmann GJ (2004) The SPIN model checker: primer and reference manual. Addison-Wesley, BostonGoogle Scholar
  28. Int.
    International Standard ISO/IEC 13568:2002. Information technology—Z formal specification notation—syntax, type system and semantics.Google Scholar
  29. JS00.
    Jackson D, Sullivan K (2000) COM revisited: tool-assisted modelling of an architectural framework. In: ACM SIGSOFT Symposium on foundations of software engineering ACM Press, New York 149–158Google Scholar
  30. Low98.
    Lowe G (1998) Towards a completeness result for model checking of security protocols. In: PCSFW: Proceedings of the 11th computer security foundations workshop, IEEE Computer Society Press pp. 96–105Google Scholar
  31. MN95.
    Müller O, Nipkow T (1995) Combining model checking and deduction for I/O-automata. In Brinksma et al Ed (eds) Tools and algorithms for the construction and analysis of systems, 1st international workshop, TACAS’95, vol 1019 of Lecture Notes in Computer Science, Springer, Berlin Heidelberg New York, pp 1–16Google Scholar
  32. MP91.
    Manna Z, Pnueli A (1991) Completing the temporal picture. Theore Comput Sci J 83(1):97—130zbMATHCrossRefGoogle Scholar
  33. MP92.
    Manna Z Pnueli A (1992) The temporal logic of reactive and concurrent systems:specification. Springer, Berlin Heidelberg New YorkGoogle Scholar
  34. Nor.
    Norrish M (2003) Complete integer decision procedures as derived rules in HOL. In: Proceedings of TPHOLs’03, number 2758 in Lecture Notes in Computer Science, 71–86.Google Scholar
  35. NPW02.
    Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL—A proof assistant for higher-order logic, vol 2283 of Lecture Notes in Computer Science. Springer, Berlin Heidelberg New YorkGoogle Scholar
  36. ORR+96.
    Owre S, Rajan S, Rushby JM, Shankar N, Srivas MK (1996) PVS: Combining specification, proof checking, and model checking. In: Alur R, Henzinger TA (eds) Computer-aided verification, CAV ’96, number 1102 in Lecture Notes in Computer Science, Berlin Heidelberg New York, pp 411–414Google Scholar
  37. Pau98.
    Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Sec 6:85–128Google Scholar
  38. Pel96.
    Peled D (1996) Combining partial order reductions with on-the-fly model checking. Formal Methods Sys Des 8:39–64CrossRefGoogle Scholar
  39. Pro05.
    Promela proofs scripts for signature system case study. URL, 2005.Google Scholar
  40. RB99.
    Roscoe AW, Broadfoot PJ (1999) Proving security protocols with model checkers by data independence techniques. J Comput Sec 7(1):147–190Google Scholar
  41. RSG+00.
    Ryan PYA, Schneider S, Goldsmith M, Lowe G, Roscoe AW (2000) The modelling and analysis of security protocols: the CSP approach. Addison-Wesley ReadingGoogle Scholar
  42. RSS95.
    Rajan S, Shankar N, Srivas MK (1995) An integration of model-checking with automated proof checking. In: Wolper (ed), Computer-aided verification, CAV ’95, vol 939 of Lecture Notes in Computer Science, Springer, Berlin Heidelberg New York, pp 84–97Google Scholar
  43. SBB+06.
    Sprenger C, Backes M, Basin D, Pfitzmann B, Waidner M (2006) Cryptographically sound theorem proving. In: 19th IEEE computer security foundations workshop, Venice, Italy IEEE Computer Society pp 153–166Google Scholar
  44. SD97.
    Smith G (1997) Derrick J (1997) Refinement and verification of concurrent systems specified in Object-Z and CSP. In: Proceedings of the international conference of formal engineering methods, IEEE Computer Society PressGoogle Scholar
  45. SG96.
    Shaw M, Garlan D (1996) Software architecture: perspectives on an emerging discipline. Prentice Hall, Englewood CliffszbMATHGoogle Scholar
  46. SJO+05.
    Seger C-JH, Jones RB, O’Leary JW, Melham T, Aagaard MD, Barrett C, Syme D (2005) An industrially effective environment for formal hardware verification. IEEE Trans Comput Aided Des Integrated Circuits Syst 24(9):1381–1405CrossRefGoogle Scholar
  47. SM02.
    Susaki S, Matsumoto T (2002) Alibi establishment for electronic signatures. Inf Process Soc Jpn 43(8):2381–2393Google Scholar
  48. Spi92.
    Spivey JM (1992) The Z Notation: a reference manual 2nd edn. Prentice-Hall International, New JerseyGoogle Scholar
  49. VW86.
    Vardi MY Wolper P (1986) Automata-theoretic techniques for modal logics of programs. J Comput Syst Sci 32:183–221CrossRefGoogle Scholar
  50. WD96.
    Woodcock J, Davies J (1996) Using Z. Prentice-Hall International, New JerseyzbMATHGoogle Scholar
  51. WVF97.
    Wing J, Vaziri-Farahani M (1997) A case study in model checking software systems. Sci Comput Program 28:273–299CrossRefGoogle Scholar

Copyright information

© British Computer Society 2007

Authors and Affiliations

  • David Basin
    • 1
  • Hironobu Kuruma
    • 2
  • Kunihiko Miyazaki
    • 2
  • Kazuo Takaragi
    • 2
  • Burkhart Wolff
    • 3
  1. 1.ETH ZürichZürichSwitzerland
  2. 2.Hitachi, Ltd., Systems Development LaboratoryKawasakiJapan
  3. 3.ETH ZürichZürichSwitzerland

Personalised recommendations