通过在面向对象编程环境中混合程序、规范和证明来开发安全系统:FoCaLiZe环境中的一个案例研究

Proceedings of the 7th Workshop on Programming Languages and Analysis for Security Pub Date : 2012-06-15 DOI:10.1145/2336717.2336726

Damien Doligez, M. Jaume, R. Rioboo

{"title":"通过在面向对象编程环境中混合程序、规范和证明来开发安全系统:FoCaLiZe环境中的一个案例研究","authors":"Damien Doligez, M. Jaume, R. Rioboo","doi":"10.1145/2336717.2336726","DOIUrl":null,"url":null,"abstract":"FoCaLiZe is an object-oriented programming environment that combines specifications, programs and proofs in the same language. This paper describes how its features can be used to formally express specifications and to develop by stepwise refinement the design and implementation of secured systems, while proving that the implementation meets its specification or design requirements. We thus obtain a modular implementation of a generic framework for the definition of security policies together with certified enforcement mechanism for these policies.","PeriodicalId":149360,"journal":{"name":"Proceedings of the 7th Workshop on Programming Languages and Analysis for Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Development of secured systems by mixing programs, specifications and proofs in an object-oriented programming environment: a case study within the FoCaLiZe environment\",\"authors\":\"Damien Doligez, M. Jaume, R. Rioboo\",\"doi\":\"10.1145/2336717.2336726\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"FoCaLiZe is an object-oriented programming environment that combines specifications, programs and proofs in the same language. This paper describes how its features can be used to formally express specifications and to develop by stepwise refinement the design and implementation of secured systems, while proving that the implementation meets its specification or design requirements. We thus obtain a modular implementation of a generic framework for the definition of security policies together with certified enforcement mechanism for these policies.\",\"PeriodicalId\":149360,\"journal\":{\"name\":\"Proceedings of the 7th Workshop on Programming Languages and Analysis for Security\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 7th Workshop on Programming Languages and Analysis for Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2336717.2336726\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 7th Workshop on Programming Languages and Analysis for Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2336717.2336726","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

FoCaLiZe是一个面向对象的编程环境，它将同一种语言中的规范、程序和证明结合在一起。本文描述了如何使用它的特性来正式表达规范，并通过逐步改进安全系统的设计和实现来开发，同时证明实现符合其规范或设计要求。因此，我们获得了用于安全策略定义的通用框架的模块化实现，以及这些策略的认证实施机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Development of secured systems by mixing programs, specifications and proofs in an object-oriented programming environment: a case study within the FoCaLiZe environment

FoCaLiZe is an object-oriented programming environment that combines specifications, programs and proofs in the same language. This paper describes how its features can be used to formally express specifications and to develop by stepwise refinement the design and implementation of secured systems, while proving that the implementation meets its specification or design requirements. We thus obtain a modular implementation of a generic framework for the definition of security policies together with certified enforcement mechanism for these policies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 7th Workshop on Programming Languages and Analysis for Security

自引率

0.00%

发文量