An Extended UML Method for the Verification of Security Protocols

This paper presents a formal modeling method of security protocols based on the extended UML framework. In order to simplify the process and reduce the difficulty of security protocol modelling, extending mechanisms for the class diagram and sequence diagram of UML are presented, which provide an engineering specification for the security protocol formalizing. Therefore, for verifying the confidentiality and correspondence of security protocols by Prover if, a transformation from extended UML model to Prover if Spi calculus model is realized with matching rules and knowledge reasoning, and then the verifying results are analyzed through a regular expression. Finally, the handshake, NS public key and buyer-seller watermarking protocols are verified, the attack traces of unsatisfied security properties are exported, that show the validity and applicability of the approach provided by this paper.

[1]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[2]  Li Dan QVT Based Model Transformation from Sequence Diagram to CSP , 2010, 2010 15th IEEE International Conference on Engineering of Complex Computer Systems.

[3]  Gabriel Pedroza,et al.  AVATAR: A SysML Environment for the Formal Verification of Safety and Security Properties , 2011, 2011 11th Annual International Conference on New Technologies of Distributed Systems.

[4]  Sherif Hazem Nour El-Din,et al.  An Effective and Secure Buyer-Seller Watermarking Protocol , 2007 .

[5]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[6]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[7]  Lukasz Cyra,et al.  An integrated framework for security protocol analysis , 2008, ASIACCS '08.

[8]  Zongyuan Yang,et al.  UCVSC: A Formal Approach to UML Class Diagram Online Verification Based on Situation Calculus , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[9]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[10]  Kurt Stenzel,et al.  SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications , 2009, 2009 International Conference on Availability, Reliability and Security.

[11]  Hartmut König,et al.  Designing and Verifying Communication Protocols Using Model Driven Architecture and Spin Model Checker , 2008, 2008 International Conference on Computer Science and Software Engineering.

[12]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[13]  Ji Wang,et al.  Improvements towards formalizing UML state diagrams in CSP , 2005, 12th Asia-Pacific Software Engineering Conference (APSEC'05).

[14]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[15]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[16]  Wang Yi,et al.  Tools for Real-Time UML: Formal Verification and Code Synthesis , 2001 .