Skip to main content
SpringerLink
Log in
Book cover

International Conference on Current Trends in Theory and Practice of Computer Science

SOFSEM 2008: SOFSEM 2008: Theory and Practice of Computer Science pp 622–633Cite as

Classification, Formalization and Verification of Security Functional Requirements

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4910))

Abstract

This paper proposes a new hybrid method to formally verify whether the security specification of a target information system satisfies security functional requirements defined in ISO/IEC 15408 evaluation criteria for security. We classify at first the security functional requirements of ISO/IEC 15408 into two classes: static requirements concerning static properties and dynamic requirements concerning dynamic behavior of target systems, and then formalize the static requirements with Z notation and the dynamic requirements with temporal logic. Thus, we can verify static properties using theorem-proving and dynamic behavior using model-checking. As a result, developers can easily use the method to verify whether the security specification of a target information system satisfies both static and dynamic security functional requirements defined in ISO/IEC 15408. The new method is an evolution and improvement of our early verification method where only Z notation was adapted and to verify dynamic behavior of target systems is difficult.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Advanced Information Systems Engineering Laboratory, Saitama University: Formal Descriptions of ISO/IEC 15408 Part 2, http://www.aise.ics.saitama-u.ac.jp/

  2. Berard, B., Bidoit, M., Finkel, A., Laroussinie, F., Petit, A., Petrucci, L., Schnoebelen, P.: Systems and Software Verification –Model-Checking Techniques and Tools. Springer, Heidelberg (1999)

    Google Scholar 

  3. Cimatti, A., Clarke, E., Giunchiglia, F., Roveri, M.: NuSMV: a New Symbolic Model Verifier. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 495–499. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  4. Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)

    Google Scholar 

  5. Common Criteria Project: Evaluated Product Files, http://www.commoncriteriaportal.org/public/files/epfiles/

  6. Dupuy, S., Ledru, Y., Chabre-Peccoud, M.: An Overview of RoZ: A Tool for Integrating UML and Z Specifications. In: Wangler, B., Bergman, L.D. (eds.) CAiSE 2000. LNCS, vol. 1789, pp. 417–430. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  7. Fischer, C.: CSP-OZ: a Combination of Object-Z and CSP. In: Proceedings of the 2nd IFIP Workshop on Formal Methods for Open Object-Based Distributed Systems, pp. 423–438. Chapman & Hall, Australia (1997)

    Google Scholar 

  8. ISO/IEC 15408 Standard: Information Technology - Security Techniques - Evaluation Criteria for IT Security (1999)

    Google Scholar 

  9. Jacky, J.: The Way of Z: Practical Programming with Formal Methods. Cambridge University Press, Cambridge (1997)

    Google Scholar 

  10. Latella, D., Majzik, I., Massink, M.: Automatic Verification of a Behavioural Subset of UML Statechart Diagrams using the SPIN Model Checker. Formal Aspects of Computing 11(6), 637–664 (1999)

    Article  MATH  Google Scholar 

  11. Morimoto, S., Shigematsu, S., Goto, Y., Cheng, J.: Formal Verification of Security Specifications with Common Criteria. In: Proceedings of the 22nd Annual ACM Symposium on Applied Computing, pp. 1506–1512. ACM Press, New York (2007)

    Google Scholar 

  12. Saaltink, M.: The Z/EVES System. In: Till, D., Bowen, J.P., Hinchey, M.G. (eds.) ZUM 1997. LNCS, vol. 1212, pp. 72–85. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  13. Schäfer, T., Knapp, A., Merz, S.: Model Checking UML State Machines and Collaborations. Electronic Notes in Theoretical Computer Science 55(3), 357–369 (2001)

    Article  Google Scholar 

  14. YAHODA: Verification Tools Database, http://anna.fi.muni.cz/yahoda/

Download references

Author information

Authors and Affiliations

  1. School of Industrial Technology, Advanced Institute of Industrial Technology, 1-10-40, Higashi-oi, Shinagawa-ku, Tokyo, 140-0011, Japan

    Shoichi Morimoto

  2. Department of Information and Computer Sciences, Saitama University, Saitama, 338-8570, Japan

    Shinjiro Shigematsu, Yuichi Goto & Jingde Cheng

Authors
  1. Shoichi Morimoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shinjiro Shigematsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuichi Goto
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jingde Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Viliam Geffert Juhani Karhumäki Alberto Bertoni Bart Preneel Pavol Návrat Mária Bieliková

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Morimoto, S., Shigematsu, S., Goto, Y., Cheng, J. (2008). Classification, Formalization and Verification of Security Functional Requirements. In: Geffert, V., Karhumäki, J., Bertoni, A., Preneel, B., Návrat, P., Bieliková, M. (eds) SOFSEM 2008: Theory and Practice of Computer Science. SOFSEM 2008. Lecture Notes in Computer Science, vol 4910. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77566-9_54

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77566-9_54

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77565-2

  • Online ISBN: 978-3-540-77566-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation