Formal and informal specifications of a secure system component: first results in a comparative study

  • J. S. Fitzgerald
  • T. M. Brookes
  • M. A. Green
  • P. G. Larsen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 873)


This paper presents initial results in a comparative study of formal and conventional techniques in the design of a secure system component: a trusted gateway.

The operation of a trusted gateway is briefly introduced. The industrial context of its development is described, as is the form of the experiment. So far, part-formal and conventional design specifications have been produced for the trusted gateway from a common informal requirements document. As part of this process, queries have been raised against the informal requirements. These have been carefully logged, and form the subject of a preliminary analysis presented here. These first results suggest that the use of a formal specification language (in this case VDM-SL) leads to an an increased number of queries, and a bias in the specifier's concerns towards data rather than design issues.


Security Policy Design Team Formal Design Test Plan Design Review 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BFL+94]
    J. C. Bicarregui, J. S. Fitzgerald, P. A. Lindsay, R. Moore, and B. Ritchie. Proof in VDM: A Practitioner's Guide. FACIT. Springer-Verlag, 1994. ISBN 3-540-19813-X.Google Scholar
  2. [BGFL94]
    T. M. Brookes, M. A. Green, J. S.Fitzgerald, and P. G.Larsen. A Comparison of the Conventional and Formal Design of a Secure System Component. FACS Europe, March 1994.Google Scholar
  3. [Bos93]
    T. Boswell. Specification and Validation of a Security Policy Model. In J. C. P. Woodcock and P. G. Larsen, editors, FME'93: Industrial-Strength Formal Methods, volume 670 of Lecture Notes in Computer Science. Springer-Verlag, 1993.Google Scholar
  4. [ISO93]
    ISO Document Number ISO/IEC JTC1/SC22/WG19/N-20 Information Technology Programming Languages — VDM-SL First Committee Draft Standard CD 13817-1, November 1993.Google Scholar
  5. [LL91]
    P. G. Larsen and P. B. Lassen. An Executable Subset of Meta-IV with Loose Specification. In VDM '91 — Formal Software Development Methods. Springer-Verlag, October 1991.Google Scholar
  6. [SEC91]
    Office for Official Publications of the European Community. Information Technology Security Evaluation Criteria, June 1991.Google Scholar
  7. [WM85]
    P.T. Ward and S.J. Mellor. Structured Development for Real Time Systems, volume 1,2,3. Yourdon Press, Prentice-Hall, Englewood Cliffs, NJ, 1985.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • J. S. Fitzgerald
    • 1
  • T. M. Brookes
    • 2
  • M. A. Green
    • 2
  • P. G. Larsen
    • 3
  1. 1.Centre for Software ReliabilityUniversity of Newcastle upon TyneUK
  2. 2.British Aerospace (Systems and Equipment) PLCPlymouthUK
  3. 3.IFAD (The Institute of Applied Computer Science)OdenseDenmark

Personalised recommendations