Abstract
Many security scenarios involve both network and cryptographic protocols and the interactions of different human participants in a real-world environment. Modelling these scenarios is complex, in part due to the imprecision and under-specification of the tasks and properties involved. We present work-in-progress on a domain-specific modelling approach for such scenarios; the approach is intended to support coarse-grained state exploration, and incorporates a classification of elements complementary to computer protocols, such as the creation, personalisation, modification and transport of identity tokens. We propose the construction of a domain-specific language for capturing these elements, which will in turn support domain-specific analyses related to the reliability and modifiability of said scenarios.
Keywords
- Model Check
- Security Protocol
- Cryptographic Protocol
- Symbolic Model Checker
- Attribute Grammar
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, access via your institution.
Buying options
Preview
Unable to display preview. Download preview PDF.
References
PRISM: PRogramming in Statistical Modeling (February 2012), http://sato-www.cs.titech.ac.jp/prism/
Abrial, J.-R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press (2010)
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley (2008)
Bravenboer, M., Visser, E.: Concrete syntax for objects: Domain-specific language embedding and assimilation without restrictions. In: Proc. 19th Annual ACM SIGPLAN Conf. on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2004), pp. 365–383. ACM Press (2004)
Brooke, P.J., Paige, R.F.: Lazy exploration and checking of CSP models with CSPsim. In: McEwan, A.A., Ifill, W., Welch, P.H. (eds.) Communicating Process Architectures 2007, pp. 33–50 (February 2007)
Carlos, M.C., Martina, J.E., Price, G., Custódio, R.F.: A proposed framework for analysing security ceremonies. In: Proc. SECRYPT (2012)
Easterbrook, S.M., Chechik, M.: A framework for multi-valued reasoning over inconsistent viewpoints. In: ICSE, pp. 411–420 (2001)
FDR2 model checker, http://www.fsel.com/software.html . (last visited January 12, 2012)
Fowler, M.: Domain-Specific Languages. Addison-Wesley (2010)
Hemel, Z., Kats, L.C.L., Visser, E.: Code Generation by Model Transformation: A Case Study in Transformation Modularity. In: Vallecillo, A., Gray, J., Pierantonio, A. (eds.) ICMT 2008. LNCS, vol. 5063, pp. 183–198. Springer, Heidelberg (2008)
Hudak, P.: Modular domain specific languages and tools. In: Proc. 5th Int’l Conf. on Software Reuse, pp. 134–142. IEEE Computer Society Press (1998)
Jackson, D.: Software Abstractions. MIT Press (2008)
Kwiatkowska, M., Norman, G., Parker, D.: PRISM: Probabilistic Symbolic Model Checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002)
Lanotte, R., Maggiolo-Schettini, A., Troina, A.: Parametric probabilistic transition systems for system design and analysis. Formal Aspects of Computing 19, 93–109 (2006)
Lowe, G., Roscoe, B.: Using CSP to detect errors in the TMN protocol. IEEE Transactions on Software Engineering 23(10), 659–669 (1997)
Martina, J.E., Carlos, M.C.: Why should we analyse security ceremonies. In: Proc. CryptoForma Workshop (May 2010)
Monahan, B.: DXM — Demo2k eXperiments Manager. Technical Report HPL-2008-173, HP Laboratories (2008)
Moreno-Velo, F.J., Baturone, I., Sánchez-Solano, S., Barros, A.B.: Xfuzzy 3.0: a development environment for fuzzy systems. In: EUSFLAT Conf., pp. 93–96 (2001)
Morgan, C., Hoang, T.S., Abrial, J.-R.: The Challenge of Probabilistic Event B —Extended Abstract—. In: Treharne, H., King, S., C. Henson, M., Schneider, S. (eds.) ZB 2005. LNCS, vol. 3455, pp. 162–171. Springer, Heidelberg (2005)
Morgan, C., McIver, A., Seidel, K.: Probabilistic predicate transformers. ACM Trans. Program. Lang. Syst. 18(3), 325–353 (1996)
ProBE — CSP animator, http://www.fsel.com/software.html (last visited February 2, 2011)
Rizzoli, A.E.: A collection of modelling and simulation resources on the internet, http://www.idsia.ch/~andrea/sim/simtools.html (last accessed January 6, 2012)
Roberts, M.J.: TADS 3 downloads, http://www.tads.org/tads3.htm (last visited January 4, 2012)
Rosson, M.B., Carroll, J.: Scenario-based design. In: The Human-Computer Interaction Handbook, ch. 53, pp. 1032–1050. Lawrence Earlbaum Associates (2002)
SPIN — model checker, http://spinroot.com/spin/whatispin.html (last visited January 4, 2012)
van Deursen, A., Klint, P., Visser, J.: Domain-specific languages: an annotated bibliography. SIGPLAN Not. 35(6), 26–36 (2000)
Van Wyk, E., de Moor, O., Backhouse, K., Kwiatkowski, P.: Forwarding in Attribute Grammars for Modular Language Design. In: Nigel Horspool, R. (ed.) CC 2002. LNCS, vol. 2304, pp. 128–142. Springer, Heidelberg (2002)
XJ Technologies. Anylogic, http://www.xjtek.com/anylogic/why_anylogic/ (last accessed January 6, 2012)
Zadeh, L.: Fuzzy sets. Information and Control 8(3) (1965)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brooke, P.J., Paige, R.F., Power, C. (2012). Approaches to Modelling Security Scenarios with Domain-Specific Languages. In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J. (eds) Security Protocols XX. Security Protocols 2012. Lecture Notes in Computer Science, vol 7622. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35694-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-35694-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35693-3
Online ISBN: 978-3-642-35694-0
eBook Packages: Computer ScienceComputer Science (R0)