SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications

In this paper we introduce our model-driven software engineering method, called SecureMDD, which facilitates the development of security-critical applications that are based on cryptographic protocols. The approach seamlessly integrates the generation of code and formal methods. Starting with a platform-independent UML model of a system under development, we generate executable Java (Card) code as well as a formal model from the UML model. Subsequent to this, the formal model is used to verify the security of the modeled system. Our goal is to prove that the generated code is correct w.r.t. the generated formal model in terms of formal refinement. The approach is tailored to the domain of security-critical systems, e.g. smart card applications.

[1]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[2]  Peter Y. A. Ryan,et al.  The modelling and analysis of security protocols: the csp approach , 2000 .

[3]  Bashar Nuseibeh,et al.  Model-Based Security Engineering of Distributed Information Systems Using UMLsec , 2007, 29th International Conference on Software Engineering (ICSE'07).

[4]  Nora Koch,et al.  MDD4SOA: Model-Driven Service Orchestration , 2008, 2008 12th International IEEE Enterprise Distributed Object Computing Conference.

[5]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.

[6]  Kurt Stenzel,et al.  Developing Provable Secure M-Commerce Applications , 2006, ETRICS.

[7]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[8]  Kurt Stenzel,et al.  ASN1-light: A Verified Message Encoding for Security Protocols , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).

[9]  Jan Jürjens,et al.  Sound development of secure service-based systems , 2004, ICSOC '04.

[10]  Rik Eshuis,et al.  Symbolic model checking of UML activity diagrams , 2006, TSEM.

[11]  Markus Bischof,et al.  Verification of Mondex Electronic Purses with KIV: From a Security Protocol to Verified Code , 2008, FM.

[12]  Jim Woodcock,et al.  First Steps in the Verified Software Grand Challenge , 2006, Computer.

[13]  Martin Gogolla,et al.  Modeling and validating Mondex scenarios described in UML and OCL with USE , 2007, Formal Aspects of Computing.

[14]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[15]  Wolfgang Reif,et al.  A Systematic Verification Approach for Mondex Electronic Purses Using ASMs , 2009, Rigorous Methods for Software Construction and Analysis.

[16]  Achim D. Brucker,et al.  A model transformation semantics and analysis methodology for SecureUML , 2006, MoDELS'06.

[17]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[18]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[19]  Wolfgang Reif,et al.  Verification of Mondex electronic purses with KIV: from transactions to a security protocol , 2007, Formal Aspects of Computing.

[20]  Jan Jürjens,et al.  Security Analysis of Crypto-based Java Programs using Automated Theorem Provers , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[21]  C. A. R. Hoare,et al.  Provably Correct Systems , 1994, FTRTFT.

[22]  Wolfgang Reif,et al.  A Modeling Framework for the Development of Provably Secure E-Commerce Applications , 2007, International Conference on Software Engineering Advances (ICSEA 2007).

[23]  Kurt Stenzel,et al.  A Refinement Method for Java Programs , 2007, FMOODS.

[24]  Manfred Broy,et al.  AutoFocus– Ein Werkzeugprototyp zur Entwicklung eingebetteter Systeme , 1999, Informatik Forschung und Entwicklung.

[25]  Kurt Stenzel,et al.  KIV 3.0 for Provably Correct Systems , 1998, FM-Trends.