论文信息 - Formal Methods for Security: Lightweight Plug-In or New Engineering Discipline

Formal Methods for Security: Lightweight Plug-In or New Engineering Discipline

This contribution discusses two main lines of developments concerning the use of formal methods in security engineering. Fully automated and highly specialized methods that hide most of the formal theory from its users are compared to formal security models centered around explicit formal system models. It is argued that only the latter offer the perspective to comprehensively control the development process with its various security aspects and phases. In putting more emphasis on the combination of theories, fragmentation could be overcome by an integration of the specialized methods that are presently still applied in isolation.

Werner Stephan

[1] David Sands,et al. A Per Model of Secure Information Flow in Sequential Programs , 1999, ESOP.

[2] Lawrence C. Paulson,et al. The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[3] Jörg H. Siekmann,et al. Deduction in the Verification Support Environment (VSE) , 1996, FME.

[4] K. Rustan M. Leino,et al. Modular Verification of Static Class Invariants , 2005, FM.

[5] Heiko Mantel,et al. Information Flow Control and Applications - Bridging a Gap , 2001, FME.