Formal Methods for Security: Lightweight Plug-In or New Engineering Discipline

  • Werner Stephan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4085)


This contribution discusses two main lines of developments concerning the use of formal methods in security engineering. Fully automated and highly specialized methods that hide most of the formal theory from its users are compared to formal security models centered around explicit formal system models. It is argued that only the latter offer the perspective to comprehensively control the development process with its various security aspects and phases. In putting more emphasis on the combination of theories, fragmentation could be overcome by an integration of the specialized methods that are presently still applied in isolation.


Smart Card Cryptographic Protocol Covert Channel Security Engineering Interactive Proof 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sabelfeld, A., Sands, D.: A Per Model of Secure Information Flow in Sequential Programs. In: European Symposium on Programming, pp. 40–58 (1999)Google Scholar
  2. 2.
    AbsInt: Advanced Compiler Technology for Embedded Systems,
  3. 3.
    The AVISPA project,
  4. 4.
    Hutter, D., Langenstein, B., Sengler, C., Siekmann, J.H., Stephan, W., Wolpers, A.: Verification support environment (vse). High Integrity Systems 1(6), 523–530 (1996)Google Scholar
  5. 5.
    Mantel, H.: Information Flow Control and Applications – Bridging a Gap. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Leino, K.R.M., Müller, P.: Modular verification of static class invariants. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 26–42. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6, 85–128 (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Werner Stephan
    • 1
  1. 1.German Research Center for Artificial Intelligence (DFKI GmbH)SaarbrückenGermany

Personalised recommendations