ADDRESSING SECURITY REQUIREMENTS THROUGH MULTI-FORMALISM MODELLING AND MODEL TRANSFORMATION

Miriam Zia, Ernesto Posse, Hans Vangheluwe

2007

Abstract

Model-based approaches are increasingly used in all stages of complex systems design. In this paper, we use multi-formalism modelling and model transformation to address security requirements. Our methodology supports the verification of security properties using the model checker FDR2 on CSP (Communicating Sequential Processes) models. This low-level constraint checking is performed through model refinements, from a behavioural description of a system in the Statecharts formalism. The contribution of this paper lies in the combination of various formalisms and transformations between them. In particular, mapping Statecharts onto CSP models allows for combination of the deterministic system model with non-deterministic models of a system’s environment (including, for example, possible user attacks). The combination of system and environment models is used for model checking. To bridge the gap between these Statechart and CSP models, we introduce kiltera, an intermediate language that defines the system in terms of interacting processes. kiltera allows for simulation, real-time execution, as well as translation into CSP models. An e-Health application is used to demonstrate our approach.

References

  1. Bengtsson, J., Larsen, K. G., Larsson, F., Pettersson, P., and Yi, W. (1995). UPPAAL - a Tool Suite for Automatic Verification of Real-Time Systems. In Proc. of Workshop on Verification and Control of Hybrid Systems III, number 1066 in LNCS, pages 232-243. Springer.
  2. de Lara, J. and Vangheluwe, H. (2002). AToM3: A tool for multi-formalism and meta-modelling. In FASE 7802: Proceedings of the 5th International Conference on Fundamental Approaches to Software Engineering, pages 174 - 188. Springer.
  3. Muller, P.-A., Fleurey, F., and Jézéquel, J.-M. (2005). Weaving Executability into Object-Oriented MetaLanguages. In Briand, L. and Williams, C., editors, MODELS'05, pages 264-278. Springer-verlag.
  4. Mustafiz, S., Sun, X., Kienzle, J., and Vangheluwe, H. (2006). Model-Driven Assessment of Use Cases for Dependable Systems. In MoDELS'06, pages 558- 573.
  5. Naessens, V. (2006). A Methodology for Anonymity Control in Electronic Services using Credentials. PhD thesis, K.U.Leuven.
  6. Posse, E. and Vangheluwe, H. (2007). kiltera: a simulation language for timed, dynamic-structure systems. In Proceedings of the 40th Annual Simulation Symposium. SpringSim'07, pages 293 - 300.
  7. Reed, G. M. and Roscoe, A. W. (1986). A Timed Model for Communicating Sequential Processes. In Kott, L., editor, ICALP, volume 226 of Lecture Notes in Computer Science, pages 314-323. Springer.
  8. Roscoe, A. W. and Wu, Z. (2006). Verifying Statemate Statecharts Using CSP and FDR. In Liu, Z. and He, J., editors, ICFEM, volume 4260 of LNCS, pages 324-341. Springer.
  9. Rumbaugh, J., Jacobson, I., and Booch, G., editors (1999). The Unified Modeling Language reference manual. Addison-Wesley Longman Ltd., Essex, UK.
  10. Sheyner, O., Haines, J., Jha, S., Lippmann, R., and Wing, J. M. (2002). Automated Generation and Analysis of Attack Graphs. In SP 7802: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA. IEEE Computer Society.
  11. Sun, X. (2007). A Model-Driven Approach to ScenarioBased Requirements Engineering. Master's thesis, McGill University.
  12. Whittle, J. and Jayaraman, P. K. (2006). Generating Hierarchical State Machines from Use Case Charts. Proceedings of the 14th IEEE International Requirements Engineering Conference (RE'06), 0:16-25.
  13. Whittle, J. and Schumann, J. (2000). Generating statechart designs from scenarios. In ICSE, pages 314-323.
  14. Yeung, W. L., Leung, K. R. P. H., Wang, J., and Dong, W. (2005). Improvements Towards Formalizing UML State Diagrams in CSP. In APSEC, pages 176-184. IEEE Computer Society.
Download


Paper Citation


in Harvard Style

Zia M., Posse E. and Vangheluwe H. (2007). ADDRESSING SECURITY REQUIREMENTS THROUGH MULTI-FORMALISM MODELLING AND MODEL TRANSFORMATION . In Proceedings of the Second International Conference on Software and Data Technologies - Volume 2: ICSOFT, ISBN 978-989-8111-06-7, pages 129-137. DOI: 10.5220/0001347201290137


in Bibtex Style

@conference{icsoft07,
author={Miriam Zia and Ernesto Posse and Hans Vangheluwe},
title={ADDRESSING SECURITY REQUIREMENTS THROUGH MULTI-FORMALISM MODELLING AND MODEL TRANSFORMATION},
booktitle={Proceedings of the Second International Conference on Software and Data Technologies - Volume 2: ICSOFT,},
year={2007},
pages={129-137},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001347201290137},
isbn={978-989-8111-06-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Software and Data Technologies - Volume 2: ICSOFT,
TI - ADDRESSING SECURITY REQUIREMENTS THROUGH MULTI-FORMALISM MODELLING AND MODEL TRANSFORMATION
SN - 978-989-8111-06-7
AU - Zia M.
AU - Posse E.
AU - Vangheluwe H.
PY - 2007
SP - 129
EP - 137
DO - 10.5220/0001347201290137