Specification and analysis of a security management system

  • Omar Cherkaoui
  • Nathalie Rico
  • Alan Bernardi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 873)


This paper presents the specification and the analysis of a security management system called SM and the modeling methodology used to obtain this specification. This security management system centrally manages and administers security for systems such as network elements (NE) (for example, telecommunication switches and data transport equipment), operating support systems (OSS), and other types of computerized systems. This paper also describes the objectives and the functions of the SM system, which include access control management, security standard management, and auditing. It then focuses on one of the critical components of the system, the download/upload controller. A specification of this component is presented using Milner's Calculus of Communicating Systems (CCS). This formal specification is then analyzed through simulation, process equivalence, and model-checking.


Security management Formal methods Process algebra CCS Synthesis Verification Modal logic Model-checking 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BEA 93]
    Bean, A., Wood, D. and Fairclough, W., “Specifying Goal-Oriented Network Management Systems”, IEEE Communication Magazine, May 1993.Google Scholar
  2. [BOL 88]
    Bolognesi, T. and Brinksma, H., “Introduction to the ISO specification language LOTOS”, Computer Networks and ISDN Systems, vol. 14, no.1, 1988, pp. 25–29.Google Scholar
  3. [CEC 91]
    Commission of the European Communities, “Information Technology Security Evaluation Criteria (ITSEC), Office for Official Publications of the European Communities, 1991.Google Scholar
  4. [CHE 93a]
    Cherkaoui, O., Rico, N. and Obaid, A., “Specification and Analysis of Two Call Processing Systems using CCS”, Technical Report, University du Québec à Montréal, Juin 1993.Google Scholar
  5. [CHE 93b]
    Cherkaoui, O. and Rico, N., “Specification and Analysis of SONET Automatic Prrotection Switching”, Technical Report, Université du Québec à Montréal, Juin 1993.Google Scholar
  6. [CLE 88]
    Cleaveland, R., Parrow, J. and Steffen, B., “The Concurrency Workbench: A semantics-based verification tool for finite-state systems”, Proceedings of Workshop on Automated VerificationGoogle Scholar
  7. [CLE 89]
    Cleaveland, R., “Tableau-based Model Checking in the Propositional Mu-Calculus”, University of Sussex Technical Report 2/89, March 1989.Google Scholar
  8. [DOD 85]
    Department of Defence, “Trusted Computer Security Evaluation Criteria”, DOD 5200.28-STD, Dec. 1985.Google Scholar
  9. [EME 89]
    Emerson, E., Srinivasan, J., “Branching time temporal logic”, in Springer Verlag LNCS 354, 1989.Google Scholar
  10. [EST 87]
    ESTELLE: A formal description technique based on extended finite state machine, 1987.Google Scholar
  11. [KOZ 83]
    Kozen, D., “Results on the Propositional μ-calculus”, Theoretical Computer, 27, pp. 333–354, 1983.Google Scholar
  12. [MIL 80]
    Milner, R., “A Calculus of Communicating Systems”, LNCS 92, Springer Verlag, 1980, 171p.Google Scholar
  13. [MUR 88]
    Murata, T. and Zhang, D., “A Predicate-Transition Net Model for Parallel Interpretation of Logic Programs”, IEEE Trans, on Software Engineering, vol. 14, no.4, April 1988.Google Scholar
  14. [HOA 85]
    Hoare, C.A.R, “Communicating Sequential Processes”, Prentice Hall, New York, 1985.Google Scholar
  15. [LOT 88]
    LOTOS: A formal description technique based on the temporal ordering of observational behavior, ISO DP 8807 (1988).Google Scholar
  16. [MAN 92]
    Manna, Z. and Pnueli, A., “The temporal logic of reactive and concurrent systems specification”, Springer Verlag, N.-Y., 1992.Google Scholar
  17. [PAR 87]
    Parrow, J., “Submodule construction as Equation Solving in CCS”, In Proceedings of the foundation of Software Technology and Theoretical Computer Science, LNCS 287, pp. 103–123, 1987.Google Scholar
  18. [SHI 89]
    Shields, M.W., “Implicit System Specification and the Interface Equation”, The Computer Journal, vol.32, no.5, 1989.Google Scholar
  19. [STA 90]
    Stallings, W., “A Network Security Primer”, Computerworld, vol. XXIV, no.5, January 1990.Google Scholar
  20. [STI 91]
    Stirling, C. and Walker, D., “Local model-checking in the modal μ-calculus”, Theorical Computer Science, 89,pp. 161–177, 1991.Google Scholar
  21. [WAL 89]
    Walker D.J., “Analysis of Mutual Exclusion algorithms using CCS”, University of Edimburgh, Technical Report ECS-LFCS-88-45, 1988,.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Omar Cherkaoui
    • 1
  • Nathalie Rico
    • 1
  • Alan Bernardi
    • 1
  1. 1.Departement de mathématiques et d'informatiqueUniversité du Quebec à MontréalMontréalCanada

Personalised recommendations