Analysing Security Protocols Using Refinement in iUML-B

  • Colin Snook
  • Thai Son Hoang
  • Michael Butler
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10227)


We propose a general approach based on abstraction and refinement for constructing and analysing security protocols using formal specification and verification. We use class diagrams to specify conceptual system entities and their relationships. We use state-machines to model the protocol execution involving the entities’ interactions. Features of our approach include specifying security principles as invariants of some abstract model of the overall system. The specification is then refined to introduce implementable mechanisms for the protocol. A gluing invariant specifies why the protocol achieves the security principle. Security breaches arise as violations of the gluing invariant. We make use of both theorem proving and model checking techniques to analyse our formal model, in particular, to explore the source and consequence of the security attack. To demonstrate the use of our approach we explore the mechanism of a security attack in a network protocol.


Virtual LAN Security Event-B iUML-B 



This work is funded by the Enable-S3 Project,


  1. 1.
    Abrial, J.-R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press, Cambridge (2010)CrossRefzbMATHGoogle Scholar
  2. 2.
    Abrial, J.-R., Butler, M., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. Softw. Tools Technol. Transf. 12(6), 447–466 (2010)CrossRefGoogle Scholar
  3. 3.
    Butler, M.: On the use of data refinement in the development of secure communications systems. Form. Asp. Comput. 14(1), 2–34 (2002)CrossRefzbMATHGoogle Scholar
  4. 4.
    Enable-S3 consortium. Enable-S3 project website. Accessed 04 Dec 2016
  5. 5.
    Hoang, T.S.: An introduction to the Event-B modelling method. In: Romanovsky, A., Thomas, M. (eds.) Industrial Deployment of System Engineering Methods, pp. 211–236. Springer, Heidelberg (2013)Google Scholar
  6. 6.
    IEEE. 802.1Q-2014 - Bridges and Bridged Networks. Accessed 02 Dec 2016
  7. 7.
    Leuschel, M., Butler, M.: ProB: an automated analysis toolset for the B method. Softw. Tools Technol. Transf. (STTT) 10(2), 185–203 (2008)CrossRefGoogle Scholar
  8. 8.
    Said, M.Y., Butler, M., Snook, C.: A method of refinement in UML-B. Softw. Syst. Model. 14(4), 1557–1580 (2015)CrossRefGoogle Scholar
  9. 9.
    Colin, S.: iUML-B statemachines. In: Proceedings of the Rodin Workshop 2014, pp. 29–30, Toulouse, France (2014).
  10. 10.
    Snook, C., Butler, M.: UML-B: Formal modeling and design aided by UML. ACM Trans. Softw. Eng. Methodol. 15(1), 92–122 (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.ECS, University of SouthamptonSouthamptonU.K.

Personalised recommendations