Modelling Audit Security for Smart-Card Payment Schemes with UML-Sec

  • Jan Jürjens
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 65)


To overcome the difficulties of correct secure systems design, we propose formal modelling using the object-oriented modelling language UML. Specifically, we consider the problem of accountability through auditing.

We explain our method at the example of a part of the Common Electronic Purse Specifications (CEPS), a candidate for an international electronic purse standard, indicate possible vulnerabilities and present concrete security advice on that system.


Unify Modeling Language Smart Card Class Diagram Security Protocol Correct Amount 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [ABKL93]
    M. Abadi, M. Burrows, C. Kaufman, and B. Lampson. Authentication and delegation with smart-cards. Science of Computer Programming, 21(2):93–113, 1993.CrossRefGoogle Scholar
  2. [AJ01]
    M. Abadi and Jan Jürjens. Formal eavesdropping and its computational interpretation, 2001. Submitted.Google Scholar
  3. [AJSW00]
    N. Asokan, P. Janson, M. Steiner, and M. Waidner. The state of the art in electronic payment systems. Advances in Computers, 53, 2000.Google Scholar
  4. [And94]
    R. Anderson. Why cryptosystems fail. Communications of the ACM, 37(11):32–40, November 1994.Google Scholar
  5. [And99]
    R. Anderson. The formal verification of a payment system. In Mike Hinchey and Jonathan Bowen, editors, Industrial-Strength Formal Methods in Practice, pages 43–52. Springer, 1999.Google Scholar
  6. [BAN89]
    M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Proc. Royal Society of London A, 426:233–271, 1989.CrossRefGoogle Scholar
  7. [BCG + 00]
    P. Bieber, J. Cazin, P. Girard, J.-L. Lanet, V Wiels, and G. Zanon. Checking secure interactions of smart card applets. In ESORICS, 2000.Google Scholar
  8. [BdVFS98]
    E. Bertino, S. De Capitani di Vimercati, E. Ferrari, and P. Samarati. Exception-based information flow control in object-oriented systems. ACM Transactions on Information and System Security, 1(1): 26–65, 1998.CrossRefGoogle Scholar
  9. [CEP00]
    CEPSCO. Common Electronic Purse Specifications, 2000. Business Requirements vers. 7.0, Functional Requirements vers. 6.3, Technical Specification vers. 2.2, available from
  10. [CFMS94]
    S. Castano, M. Fugini, G. Martella, and P. Samarati. Database Security. Addison Wesley, 1994.Google Scholar
  11. [Eck95]
    C. Eckert. Matching security policies to application needs. In J. H.P. Eloff and S.H. von Solms, editors, IFIP TC11 11th International Conference on Information Security, pages 237–254. Chapman & Hall, 1995.Google Scholar
  12. [GHdJF96]
    H. Glaser, P. Hartel, and E. de Jong Frz. Structuring and visualising an IC-card security standard. In in [HPQ96], pages 89–110, 1996.Google Scholar
  13. [GSG99]
    Stefanos Gritzalis, Diomidis Spinellis, and Panagiotis Georgiadis. Security protocols over open networks and distributed systems: Formal methods for their analysis, design, and verification, Computer Communications Journal, 22(8):695–707, 1999.CrossRefGoogle Scholar
  14. [HPQ96]
    P. H. Hartel, P. Paradinas, and J.-J. Quisquater, editors. 2nd Smart card research and advanced application conference (CARDIS). Stichting Mathematisch Centrum, Amsterdam, 1996.Google Scholar
  15. [Jür00]
    Jan Jürjens. Secure information flow for concurrent processes. In CONCUR 2000 (11th International Conference on Concurrency Theory), volume 1847 of LNCS, pages 395–409, Pennsylvania, 2000. Springer.Google Scholar
  16. [Jür01a]
    Jan Jürjens. Composability of secrecy. In International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS 2001), LNCS, St. Petersburg, 21–23 May 2001. Springer.CrossRefGoogle Scholar
  17. [Jür01b]
    Jan Jürjens. Secrecy-preserving refinement. In Formal Methods Europe (International Symposium), LNCS. Springer, 2001.Google Scholar
  18. [Jür01c]
    Jan Jürjens. Towards development of Secure systems using UMLsec. In Fundamental Approaches to Software Engineering (FASE/ETAPS, International Conference), LNCS. Springer, 2001.Google Scholar
  19. [Jür01d]
    Jan Jürjens. Transformations for introducing patterns-a secure systems case study. In WTUML: Workshop on Transformations in UML (ETAPS 2001 Satellite Event), Genova, 7 April 2001.Google Scholar
  20. [JW01]
    Jan Jürjens and Guido Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. Submitted, 2001.Google Scholar
  21. [Low96]
    G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. Software Concepts and Tools, 17:93–102, 1996.Google Scholar
  22. [OvS94]
    M. Olivier and S. von Solms. A taxonomy for secure object-oriented databases. ACM Transactions on Database Systems, 19(1):3–46, 1994.CrossRefGoogle Scholar
  23. [Pau98]
    Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1–2):85–128, 1998.CrossRefGoogle Scholar
  24. [RJB99]
    J. Rumbaugh, I. Jacobson, and G. Booch. The Unified Modeling Language Reference Manual. Addison-Wesley, 1999.Google Scholar
  25. [RSG+01]
    P. Ryan, S. Schneider, M. Goldsmith, G. Lowe, and B. Roscoe. Modelling and Analysis of Security Protocols. Addison Wesley, 2001. (to be published).Google Scholar
  26. [Sam00]
    P. Samarati. Access control: Policies, models, architectures, and mechanisms. Lecture Notes, 2000.Google Scholar
  27. [SCW00]
    S. Stepney, D. Cooper, and J. Woodcock. An Electronic Purse: Specification, Refinement, and Proof. Oxford University Computing Laboratory, 2000. Technical Monograph PRG-126.Google Scholar
  28. [WW01]
    G. Wimmel and A. Wißpeitner. Extended description techniques for security engineering. In IFIP SEC, 2001.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2001

Authors and Affiliations

  • Jan Jürjens
    • 1
  1. 1.Computing LaboratoryUniversity of Oxford, GBUK

Personalised recommendations