Advertisement

Approaches to Modelling Security Scenarios with Domain-Specific Languages

  • Phillip J. Brooke
  • Richard F. Paige
  • Christopher Power
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7622)

Abstract

Many security scenarios involve both network and cryptographic protocols and the interactions of different human participants in a real-world environment. Modelling these scenarios is complex, in part due to the imprecision and under-specification of the tasks and properties involved. We present work-in-progress on a domain-specific modelling approach for such scenarios; the approach is intended to support coarse-grained state exploration, and incorporates a classification of elements complementary to computer protocols, such as the creation, personalisation, modification and transport of identity tokens. We propose the construction of a domain-specific language for capturing these elements, which will in turn support domain-specific analyses related to the reliability and modifiability of said scenarios.

Keywords

Model Check Security Protocol Cryptographic Protocol Symbolic Model Checker Attribute Grammar 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    PRISM: PRogramming in Statistical Modeling (February 2012), http://sato-www.cs.titech.ac.jp/prism/
  2. 2.
    Abrial, J.-R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press (2010)Google Scholar
  3. 3.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley (2008)Google Scholar
  4. 4.
    Bravenboer, M., Visser, E.: Concrete syntax for objects: Domain-specific language embedding and assimilation without restrictions. In: Proc. 19th Annual ACM SIGPLAN Conf. on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2004), pp. 365–383. ACM Press (2004)Google Scholar
  5. 5.
    Brooke, P.J., Paige, R.F.: Lazy exploration and checking of CSP models with CSPsim. In: McEwan, A.A., Ifill, W., Welch, P.H. (eds.) Communicating Process Architectures 2007, pp. 33–50 (February 2007)Google Scholar
  6. 6.
    Carlos, M.C., Martina, J.E., Price, G., Custódio, R.F.: A proposed framework for analysing security ceremonies. In: Proc. SECRYPT (2012)Google Scholar
  7. 7.
    Easterbrook, S.M., Chechik, M.: A framework for multi-valued reasoning over inconsistent viewpoints. In: ICSE, pp. 411–420 (2001)Google Scholar
  8. 8.
    FDR2 model checker, http://www.fsel.com/software.html. (last visited January 12, 2012)
  9. 9.
    Fowler, M.: Domain-Specific Languages. Addison-Wesley (2010)Google Scholar
  10. 10.
    Hemel, Z., Kats, L.C.L., Visser, E.: Code Generation by Model Transformation: A Case Study in Transformation Modularity. In: Vallecillo, A., Gray, J., Pierantonio, A. (eds.) ICMT 2008. LNCS, vol. 5063, pp. 183–198. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Hudak, P.: Modular domain specific languages and tools. In: Proc. 5th Int’l Conf. on Software Reuse, pp. 134–142. IEEE Computer Society Press (1998)Google Scholar
  12. 12.
    Jackson, D.: Software Abstractions. MIT Press (2008)Google Scholar
  13. 13.
    Kwiatkowska, M., Norman, G., Parker, D.: PRISM: Probabilistic Symbolic Model Checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002)Google Scholar
  14. 14.
    Lanotte, R., Maggiolo-Schettini, A., Troina, A.: Parametric probabilistic transition systems for system design and analysis. Formal Aspects of Computing 19, 93–109 (2006)CrossRefGoogle Scholar
  15. 15.
    Lowe, G., Roscoe, B.: Using CSP to detect errors in the TMN protocol. IEEE Transactions on Software Engineering 23(10), 659–669 (1997)CrossRefGoogle Scholar
  16. 16.
    Martina, J.E., Carlos, M.C.: Why should we analyse security ceremonies. In: Proc. CryptoForma Workshop (May 2010)Google Scholar
  17. 17.
    Monahan, B.: DXM — Demo2k eXperiments Manager. Technical Report HPL-2008-173, HP Laboratories (2008)Google Scholar
  18. 18.
    Moreno-Velo, F.J., Baturone, I., Sánchez-Solano, S., Barros, A.B.: Xfuzzy 3.0: a development environment for fuzzy systems. In: EUSFLAT Conf., pp. 93–96 (2001)Google Scholar
  19. 19.
    Morgan, C., Hoang, T.S., Abrial, J.-R.: The Challenge of Probabilistic Event B —Extended Abstract—. In: Treharne, H., King, S., C. Henson, M., Schneider, S. (eds.) ZB 2005. LNCS, vol. 3455, pp. 162–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Morgan, C., McIver, A., Seidel, K.: Probabilistic predicate transformers. ACM Trans. Program. Lang. Syst. 18(3), 325–353 (1996)CrossRefGoogle Scholar
  21. 21.
    ProBE — CSP animator, http://www.fsel.com/software.html (last visited February 2, 2011)
  22. 22.
    Rizzoli, A.E.: A collection of modelling and simulation resources on the internet, http://www.idsia.ch/~andrea/sim/simtools.html (last accessed January 6, 2012)
  23. 23.
    Roberts, M.J.: TADS 3 downloads, http://www.tads.org/tads3.htm (last visited January 4, 2012)
  24. 24.
    Rosson, M.B., Carroll, J.: Scenario-based design. In: The Human-Computer Interaction Handbook, ch. 53, pp. 1032–1050. Lawrence Earlbaum Associates (2002)Google Scholar
  25. 25.
    SPIN — model checker, http://spinroot.com/spin/whatispin.html (last visited January 4, 2012)
  26. 26.
    van Deursen, A., Klint, P., Visser, J.: Domain-specific languages: an annotated bibliography. SIGPLAN Not. 35(6), 26–36 (2000)CrossRefGoogle Scholar
  27. 27.
    Van Wyk, E., de Moor, O., Backhouse, K., Kwiatkowski, P.: Forwarding in Attribute Grammars for Modular Language Design. In: Nigel Horspool, R. (ed.) CC 2002. LNCS, vol. 2304, pp. 128–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  28. 28.
    XJ Technologies. Anylogic, http://www.xjtek.com/anylogic/why_anylogic/ (last accessed January 6, 2012)
  29. 29.
    Zadeh, L.: Fuzzy sets. Information and Control 8(3) (1965)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Phillip J. Brooke
    • 1
  • Richard F. Paige
    • 2
  • Christopher Power
    • 2
  1. 1.School of ComputingTeesside UniversityMiddlesbroughUK
  2. 2.Department of Computer ScienceUniversity of YorkYorkUK

Personalised recommendations