Integrating Formal Analysis and Design to Preserve Security Properties

The use of formal methods has long been advocated in the development of secure systems. Yet, methods for deriving design from requirements that guarantee retention of the intended security properties remain largely unrealized on a repeatable and consistent basis. We present the FADES (Formal Analysis and Design approach for Engineering Security) that integrates KAOS (Knowledge Acquisition in autOmated Specifications) with the B specification language to derive security design specifications and further implementation from security requirements. We demonstrate the capability of the approach to handle changes to security requirements by introducing corrective changes to the security requirements of a case study, the spy network system. The objective is to bridge the gap between formal requirements and design for security requirements. Our initial results show promise with FADES in preserving security properties and detecting security vulnerabilities early during requirements. Encouraged by these, we are more quantitatively assessing the FADES capabilities.

[1]  Kaisa Sere,et al.  Program Development by Refinement: Case Studies Using The B Method , 1998 .

[2]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[3]  John Wilander,et al.  Security Requirements---A Field Study of Current Practice , 2005 .

[4]  M. Eltoweissy,et al.  Goal-Oriented, B-Based Formal Derivation of Security Design Specifications from Security Requirements , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[5]  Jonathan P. Bowen,et al.  Seven deadly sins (Formal methods) , 1995 .

[6]  Kaisa Sere,et al.  Program Development by Refinement , 1999, Formal Approaches to Computing and Information Technology FACIT.

[7]  Giuseppe Visaggio,et al.  A software model for impact analysis: a validation experiment , 1999, Sixth Working Conference on Reverse Engineering (Cat. No.PR00303).

[8]  Mohamed Eltoweissy,et al.  Goal-Oriented, B-Based Formal Derivation of Security Design Specifications from Security Requirements , 2008, ARES.

[9]  Jim Woodcock,et al.  An Electronic Purse: Specification, Refinement and Proof , 2000 .

[10]  Fabio Massacci,et al.  Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation , 2005, Comput. Stand. Interfaces.

[11]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[12]  Meir M. Lehman,et al.  On understanding laws, evolution, and conservation in the large-program life cycle , 1984, J. Syst. Softw..

[13]  Dominique Cansell,et al.  Foundations of the B Method , 2003, Comput. Artif. Intell..

[14]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.