Abstract
The DEGAS project aims at enriching standard UML-centred development environments in such a way that the developers of global applications can exploit automated formal analyses with minimal overhead. In this paper, we present For-LySa, an instantiation of the DEGAS approach for authentication analysis, which exploits an existing analysis tool developed for the process calculus LySa. We discuss what information is needed for the analysis, and how to build the UML model of an authentication protocol in such a way that the needed information can be extracted from the model. We then present our prototype implementation and report on some promising results of its use.
This work is partially funded by the Information Society Technologies programme of the European Commission, Future and Emerging Technologies, under the IST-2001-32072 project DEGAS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Java edition of the Pepa workbench. Website hosted by School of Informatics, University of Edinburgh (May 2004), http://homepages.inf.ed.ac.uk/s9905941/jPEPA/
LySa – a process calculus. Website hosted by Informatics and Mathematical Modelling, Technical University of Denmark (May 2004), http://www.imm.dtu.dk/cs_LySa
Armando, A., Basin, D., Bouallagui, M., Chevalier, Y., Compagna, L., Mödersheim, S., Rusinowitch, M., Turuani, M., Viganò, L., Vigneron, L.: The AVISS security protocol analysis tool. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 349–353. Springer, Heidelberg (2002)
Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Riis Nielson, H.: Automatic validation of protocol narration. In: Proceedings of the 16th Computer Security Foundations Workshop (CSFW 2003), pp. 126–140. IEEE Computer Society Press, Los Alamitos (2003)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACMTransactions on Computer Systems, 18–36 (1990)
Denker, G., Millen, J., Rueß, H.: The CAPSL integrated protocol environment. Technical Report SRI-CLS-2000-02, SRI International (2000)
Durante, A., Focardi, R., Gorrieri, R.: A compiler for analyzing cryptographic protocols using noninterference. ACM Transactions on Software Engineering and Methodology 9(4), 488–528 (2000)
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (to appear, 2004)
Jürjens, J., Kuhn, T.A.: Automated theorem proving for cryptograpich protocols with automatic attack generation. Personal Communication (2004)
Lowe, G.: Casper: A compiler for the analysis of security protocols. Journal of Computer Security 6(1), 53–84 (1998)
Milner, R., Parrow, J., Walker, D.: A calculus of Mobile processes (I and II). Information and Computation 100(1), 1–77 (1992)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Buchholtz, M., Montangero, C., Perrone, L., Semprini, S. (2005). For-LySa: UML for Authentication Analysis. In: Priami, C., Quaglia, P. (eds) Global Computing. GC 2004. Lecture Notes in Computer Science, vol 3267. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31794-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-31794-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24101-0
Online ISBN: 978-3-540-31794-4
eBook Packages: Computer ScienceComputer Science (R0)