Abstract
CVS is a widely known version management system, which can be used for the distributed development of software as well as its distribution from a central database.In this paper, we provide an outline of a formal security analysis of a CVS-Server architecture performed in [1]. The analysis is based on an abstract architecture (enforcing a role-based access control on the repository), which is refined to an implementation architecture (based on the usual discretionary access control provided by the POSIX environment). Both architectures serve as framework to formulate access control and confidentiality properties.Both the abstract as well as the concrete architecture are specified in the language Z. Based on a logical embedding of Z into Isabelle/HOL, we provide formal, machine checked proofs for consistency properties of the specification, for the correctness of the refinement, and for some security properties.Thus, we present a case study for the security analysis of realistic models over an off-the-shelf system by formal machine-checked proofs.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
