A verification approach to applied system security

  • Achim D. BruckerEmail author
  • Burkhart Wolff
Special section on formal methods for industrial critical systems


We present a method for the security analysis of realistic models over off-the-shelf systems and their configuration by formal, machine-checked proofs. The presentation follows a large case study based on a formal security analysis of a CVS-Server architecture.

The analysis is based on an abstract architecture (enforcing a role-based access control), which is refined to an implementation architecture (based on the usual discretionary access control provided by the POSIX environment). Both architectures serve as a skeleton to formulate access control and confidentiality properties.

Both the abstract and the implementation architecture are specified in the language Z. Based on a logical embedding of Z into Isabelle/HOL, we provide formal, machine-checked proofs for consistency properties of the specification, for the correctness of the refinement, and for security properties.


Verification Security Refinement  POSIX  


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brucker AD, Rittinger F, Wolff B (2002) A CVS-Server security architecture – concepts and formal analysis. Technical Report 182, Albert-Ludwigs-Universität, Freiburg, GermanyGoogle Scholar
  2. 2.
    Brucker AD, Rittinger F, Wolff, B (2003) HOL-Z 2.0: A proof environment for Z-specifications. J Univers Comput Sci 9(2):152–172Google Scholar
  3. 3.
    Cederqvist P et al (2000) Version management with CVS. Scholar
  4. 4.
    Fogel K, Bar M (2003) Open source development with CVS. Paraglyph Press, Phoenix, AZGoogle Scholar
  5. 5.
    Frisch AE (1995) Essential System Administration. O’Reilly, Sebastopol, CAGoogle Scholar
  6. 6.
    Garlan D, Shaw M (1993) An introduction to software architecture. In: Advances in software engineering and knowledge engineering, World Scientific, Singapore, pp 1–39Google Scholar
  7. 7.
    Gordon MJC, Melham TF (1993) Introduction to HOL. Cambridge University PressGoogle Scholar
  8. 8.
    Jürjens J (2001) Secrecy-preserving refinement. In: Formal Methods Europe (FME). Lecture notes in computer science, vol 2021. Springer, Berlin Heidelberg New YorkGoogle Scholar
  9. 9.
    Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL – A proof assistant for higher-order logic. Lecture notes in computer science, vol 2283. Springer, Berlin Heidelberg New YorkGoogle Scholar
  10. 10.
    Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Secur 6:85–128CrossRefGoogle Scholar
  11. 11.
    Roscoe A (1998) Theory and practice of concurrency. Prentice Hall, Upper Saddle River, NJGoogle Scholar
  12. 12.
    Sandhu R, Ahn G-J (1998) Decentralized group hierarchies in UNIX: an experiment and lessons learned. In: Conference on national information systems security, pp 486–502Google Scholar
  13. 13.
    Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. IEEE Comput 29(2):38–47CrossRefGoogle Scholar
  14. 14.
    Santen T, Heisel M, Pfitzmann A (2002) Confidentiality-preserving refinement is compositional – sometimes. In: ESORICS. Lecture notes in computer science, vol 2502. Springer, Berlin Heidelberg New York, pp 194–211Google Scholar
  15. 15.
    Shaw M, Garlan D (1996) Software architecture: perspectives on an emerging discipline. Prentice Hall, Upper Saddle River, NJGoogle Scholar
  16. 16.
    Spivey JM (1992) The Z notation: a reference manual. Prentice Hall, Upper Saddle River, NJ. mike/zrm/Google Scholar
  17. 17.
    The Open Group, IEEE (2002) The Single UNIX Specification Version 3. [Supersedes “Single UNIX Specification Version 2” (Unix 98) and “IEEE Standard 1003.1-2001” (POSIX.1)]Google Scholar
  18. 18.
    Woodcock J, Davies J (1996) Using Z: specification, refinement, and proof. Prentice Hall, Upper Saddle River, NJ. Scholar

Copyright information

© Springer-Verlag 2005

Authors and Affiliations

  1. 1.Information SecurityETH ZürichZürichSwitzerland
  2. 2.Universität FreiburgFreiburgGermany

Personalised recommendations