Abstract
The use of formal methods has long been advocated in the development of secure systems. Yet, methods for deriving design from requirements that guarantee retention of the intended security properties remain largely unrealized on a repeatable and consistent basis. We present the FADES (Formal Analysis and Design approach for Engineering Security) that integrates KAOS (Knowledge Acquisition in autOmated Specifications) with the B specification language to derive security design specifications and further implementation from security requirements. We demonstrate the capability of the approach to handle changes to security requirements by introducing corrective changes to the security requirements of a case study, the spy network system. The objective is to bridge the gap between formal requirements and design for security requirements. Our initial results show promise with FADES in preserving security properties and detecting security vulnerabilities early during requirements. Encouraged by these, we are more quantitatively assessing the FADES capabilities.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
