轻量级形式化方法在软件安全中的应用

14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05) Pub Date : 2005-06-13 DOI:10.1109/WETICE.2005.19

D. Gilliam, J. Powell, M. Bishop

{"title":"轻量级形式化方法在软件安全中的应用","authors":"D. Gilliam, J. Powell, M. Bishop","doi":"10.1109/WETICE.2005.19","DOIUrl":null,"url":null,"abstract":"Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which specifies security properties in a library that can be re-used by 2 instruments and their methodologies developed for the National Aeronautics and Space Administration (NASA) at the Jet Propulsion Laboratory (JPL) are described herein The flexible modeling framework (FMF) is a model based verification instrument that uses Promela and the SPIN model checker. The property based tester (PET) uses TASPEC and a test execution monitor (TEM). They are used to reduce vulnerabilities and unwanted exposures in software during the development and maintenance life cycles. These instruments are currently being piloted with a COTS server-agent application.","PeriodicalId":128074,"journal":{"name":"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"Application of lightweight formal methods to software security\",\"authors\":\"D. Gilliam, J. Powell, M. Bishop\",\"doi\":\"10.1109/WETICE.2005.19\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which specifies security properties in a library that can be re-used by 2 instruments and their methodologies developed for the National Aeronautics and Space Administration (NASA) at the Jet Propulsion Laboratory (JPL) are described herein The flexible modeling framework (FMF) is a model based verification instrument that uses Promela and the SPIN model checker. The property based tester (PET) uses TASPEC and a test execution monitor (TEM). They are used to reduce vulnerabilities and unwanted exposures in software during the development and maintenance life cycles. These instruments are currently being piloted with a COTS server-agent application.\",\"PeriodicalId\":128074,\"journal\":{\"name\":\"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WETICE.2005.19\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2005.19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

摘要

安全性的正式规范和验证已被证明是一项具有挑战性的任务。没有一种方法被证明是可行的。相反，结合几种正式技术的集成方法可以增加对软件安全属性验证的信心。本文描述了这样一种方法，该方法指定了库中的安全属性，该库可被2种仪器及其为美国国家航空航天局(NASA)在喷气推进实验室(JPL)开发的方法重用。灵活建模框架(FMF)是一种基于模型的验证仪器，使用Promela和SPIN模型检查器。基于属性的测试人员(PET)使用TASPEC和测试执行监视器(TEM)。它们用于减少软件在开发和维护生命周期中的漏洞和不必要的暴露。这些仪器目前正在使用COTS服务器代理应用程序进行试验。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Application of lightweight formal methods to software security

Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which specifies security properties in a library that can be re-used by 2 instruments and their methodologies developed for the National Aeronautics and Space Administration (NASA) at the Jet Propulsion Laboratory (JPL) are described herein The flexible modeling framework (FMF) is a model based verification instrument that uses Promela and the SPIN model checker. The property based tester (PET) uses TASPEC and a test execution monitor (TEM). They are used to reduce vulnerabilities and unwanted exposures in software during the development and maintenance life cycles. These instruments are currently being piloted with a COTS server-agent application.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05)

自引率

0.00%

发文量