Towards Formal Specification of Abstract Security Properties

Formal methods, especially in the field of model checking, have been used traditionally to analyse security solutions in order to determine whether they fulfil certain properties. Practical results have proven the suitability and advantages of the use of formal approaches for this purpose. However, in these works the definition of the different security properties shows two main problems: (i) properties are frequently assumed to have a universal definition; and (ii) the definition of security properties is strongly dependent on the underlying verification model. In this paper we introduce a different approach to the formal specification of security properties. We argue that security properties should be defined in formal, intuitive and abstract terms, and that reasoning mechanisms must exist for these specifications in order to relate different properties. Our goal is to reason about properties in order to guarantee interoperability of these properties and consequently of the solutions complying with them.

[1]  Mads Dam,et al.  A Complete Axiomatization of Knowledge and Cryptography , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[2]  Riccardo Focardi,et al.  Verifying persistent security properties , 2004, Comput. Lang. Syst. Struct..

[3]  Michaël Rusinowitch,et al.  Relating two standard notions of secrecy , 2006, Log. Methods Comput. Sci..

[4]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[6]  E. Stewart Lee,et al.  A general theory of security properties , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[7]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[8]  Mads Dam,et al.  Logical Omniscience in the Semantics of BAN Logic , 2003 .

[9]  C. A. R. Hoare,et al.  Communicating Sequential Processes (Reprint) , 1983, Commun. ACM.

[10]  Jeremy L. Jacob,et al.  Security specifications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[11]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[12]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[13]  Roberto Gorrieri,et al.  A comparison of three authentication properties , 2003, Theor. Comput. Sci..

[14]  Carsten Rudolph,et al.  On a formal framework for security properties , 2005, Comput. Stand. Interfaces.