Abstract

Implementation of security protocol in software plays an important role to protect the whole system from vulnerabilities. In order to protect the system from new threats, software needs to adapt to new security requirements thus security upgrades and patches are implemented to the software. Previous works only focus on logical correctness of the security protocol but we focus on the successful implementation of security protocol in a program. A program evolves as programmers apply security patches to its source code. Hence, the process of verifying important security protocol implementation is difficult. In this paper, we propose model-driven security verification throughout software evolution. It consists of two major methods: 1) reverse engineering method to translate a program into Petri net model; 2) model-driven verification method to confirm that the security protocol implementation is valid. Concretely, for a program X that implements a security protocol specification A, does its derivation Y also implement A? The answer is yes if Y inherits the behaviour of X. We apply behavioural inheritance analysis to verify security protocol implementation. We also illustrate the methods with an example in software evolution.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.