A Construction Kit for Modeling the Security of M-commerce Applications
In this article we present a method to avoid security problems in modern m-commerce applications. The security problems that we are addressing are breaches of security due to erroneous cryptographic protocols. We describe a specification technique that gives way to a formal, and thereby rigorous, treatment of the security protocols used in such applications. Security of communication is important in modern m-commerce applications. As parts of the specification of the security protocols, we describe how to specify the behavior of the agents, how to specify the attacker and how further aspects of the application reflect in the formal specification. The problem is that such formal specifications are difficult to get right, so we propose a construction kit for their development.
KeywordsSmart Card Class Diagram Security Protocol Security Property Activity Diagram
Unable to display preview. Download preview PDF.
- 2.Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems 8(1) (February 1990)Google Scholar
- 4.Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proc. 22th IEEE Symposium on Foundations of Computer Science, pp. 350–357. IEEE, Los Alamitos (1981)Google Scholar
- 5.EMVCo, L. E.: 4.0 Specifications Book 1 – Application independent ICC to Terminal Interface requirements (December 2000), http://www.emvco.com/documents/specification/view/book1.pdf
- 6.Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol Version 3.0. Netscape Communications (November 1996), http://wp.netscape.com/eng/ssl3/
- 10.The Object Management Group (OMG). OMG Unified Modeling Language Specification Version 1.5 (2003), http://www.omg.org/technology/documents/formal/uml.htm