A Modeling Framework for the Development of Provably Secure E-Commerce Applications

Developing security-critical applications is very difficult and the past has shown that many applications turned out to be erroneous after years of usage. For this reason it is desirable to have a sound methodology for developing security-critical e-commerce applications. We present an approach to model these applications with the Unified Modeling Language (UML) [1] extended by a UML profile to tailor our models to security applications. Our intent is to (semi-) automatically generate a formal specification suitable for verification as well as an implementation from the model. Therefore we offer a development method seamlessly integrating semi-formal and formal methods as well as the implementation. This is a significant advantage compared to other approaches not dealing with all aspects from abstract models down to code. Based on this approach we can prove security properties on the abstract protocol level as well as the correctness of the protocol implementation in Java with respect to the formal model using the refinement approach. In this paper we concentrate on the modeling with UML and some details regarding the transformation of this model into the formal specification. We illustrate our approach on an electronic payment system called Mondex [10]. Mondex has become famous for being the target of the first ITSEC evaluation of the highest level E6 which requires formal specification and verification.

[1]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[2]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[3]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[4]  Kurt Stenzel Verification of Java card programs , 2005 .

[5]  Kurt Stenzel,et al.  A Refinement Method for Java Programs , 2007, FMOODS.

[6]  Wolfgang Reif,et al.  A Systematic Verification Approach for Mondex Electronic Purses Using ASMs , 2009, Rigorous Methods for Software Construction and Analysis.

[7]  Jim Woodcock,et al.  An Electronic Purse: Specification, Refinement and Proof , 2000 .

[8]  Bernhard Schätz,et al.  Tool Supported Specification and Simulation of Distributed Systems , 1998, PDSE.

[9]  Elvinia Riccobene,et al.  A framework to simulate UML models: moving from a semi-formal to a formal environment , 2004, SAC '04.

[10]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[11]  Wolfgang Reif,et al.  Verification of Mondex electronic purses with KIV: from transactions to a security protocol , 2007, Formal Aspects of Computing.

[12]  Wolfgang Reif,et al.  The Mondex Challenge: Machine Checked Proofs for an Electronic Purse , 2006, FM.

[13]  Kurt Stenzel A Formally Verified Calculus for Full Java Card , 2004, AMAST.

[14]  Kurt Stenzel,et al.  Formal System Development with KIV , 2000, FASE.

[15]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[16]  Jim Woodcock,et al.  First Steps in the Verified Software Grand Challenge , 2006, Computer.

[17]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.

[18]  Craig Larman,et al.  Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development (3rd Edition) , 1997 .