The SecureMDD approach aims to generate both, a formal specification for verification and executable code, from UML diagrams. The UML models define the static as well as dynamic components of the system under developm...
详细信息
ISBN:
(纸本)9781424437252
The SecureMDD approach aims to generate both, a formal specification for verification and executable code, from UML diagrams. The UML models define the static as well as dynamic components of the system under development. This model-driven approach is focused on security-critical applications that are based on cryptographic protocols, especially Java Card applications. In this paper we describe the generation of the formal specification from the UML model which is then used as input for our interactive verification system KIV. The formal specification is based on abstract state machines and algebraic specifications. It allows to formulate and to prove application-specific security properties.
In safety critical applications, the growing complexity and risk associated with embedded software intensive systems demands for reliable safety assessments. Additionally, in many application areas standards and norms...
In safety critical applications, the growing complexity and risk associated with embedded software intensive systems demands for reliable safety assessments. Additionally, in many application areas standards and norms require the usage of model based techniques to guarantee the quality of safety critical systems. Model based safety analysis is a formally grounded approach to compute reliable safety properties from system models. In this context the term safety covers functional correctness, failure tolerance, safety optimisation as well as balancing antagonistic safety concerns. The analysis has both qualitative and quantitative aspects. Systems under consideration are discrete reactive systems. An extension also applies to self-organising systems. The talk presents the approach as well as some interesting applications. Wolfgang Reif is a full professor of Computer Science at the University of Augsburg, Germany. He is Dean of the Faculty of Applied Computer Science, Director of the Institute for software & Systems engineering, and Director of the elite graduate program softwareengineering wihtin the Bavarian Elite Network (joint program with TU Muenchen and LMU Muenchen).
Developing security-critical applications is very difficult and the past has shown that many applications turned out to be erroneous after years of usage. For this reason it is desirable to have a sound methodology fo...
详细信息
Developing security-critical applications is very difficult and the past has shown that many applications turned out to be erroneous after years of usage. For this reason it is desirable to have a sound methodology fo...
详细信息
Developing security-critical applications is very difficult and the past has shown that many applications turned out to be erroneous after years of usage. For this reason it is desirable to have a sound methodology for developing security-critical e-commerce applications. We present an approach to model these applications with the Unified Modeling Language (UML) [1] extended by a UML profile to tailor our models to security applications. Our intent is to (semi-) automatically generate a formal specification suitable for verification as well as an implementation from the model. Therefore we offer a development method seamlessly integrating semi-formal and formal methods as well as the implementation. This is a significant advantage compared to other approaches not dealing with all aspects from abstract models down to code. Based on this approach we can prove security properties on the abstract protocol level as well as the correctness of the protocol implementation in Java with respect to the formal model using the refinement approach. In this paper we concentrate on the modeling with UML and some details regarding the transformation of this model into the formal specification. We illustrate our approach on an electronic payment system called Mondex [10]. Mondex has become famous for being the target of the first ITSEC evaluation of the highest level E6 which requires formal specification and verification.
This paper describes a modularized AI system being built to help improve electromagnetic compatibility (EMC) among shipboard topside equipment and their associated systems. CLEER is intended to act as an easy to use i...
详细信息
This paper describes a modularized AI system being built to help improve electromagnetic compatibility (EMC) among shipboard topside equipment and their associated systems. CLEER is intended to act as an easy to use integrator of existing expert knowledge and pre-existing data bases and large scale analytical models. Due to these interfaces; to the need for portability of the software; and to artificial intelligence related design requirements (such as the need for spatial reasoning, expert data base management, model base management, track-based reasoning, and analogical (similar ship) reasoning) it was realized that traditional expert system shells would be inappropriate, although relatively off-the-shelf AI technology could be incorporated. In the same vein, the rapid prototyping approach to expert system design and knowledge engineering was not pursued in favor of a rigorous systems engineering methodology. The critical design decisions affecting CLEER's development are summarized in this paper along with lessons learned to date all in terms of “how,” “why,” and “when” specific features are being developed.
暂无评论