Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Verification Techniques

  • Chapter
Cryptographic Security Architecture

  • 279 Accesses

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

eBook
USD 15.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

4.6 References

  1. “No Silver Bullet: Essence and Accidents of Software Engineering”, Frederick Brooks Jr., IEEE Computer, Vol.20,No.4 (April 1987), p.10.

    MathSciNet  Google Scholar 

  2. “Striving for Correctness”, Marshall Abrams and Marvin Zelkowitz, Computers and Security, Vol.14,No.8 (1995), p.719.

    Article  Google Scholar 

  3. “Does OO Sync with How We Think?”, Les Hatton, IEEE Software, Vol.15,No.3 (May/June 1998), p.46.

    Article  Google Scholar 

  4. “Software Engineering: A Practitioners Approach (3rd ed)”, Roger Pressman, McGraw-Hill International Edition, 1992.

    Google Scholar 

  5. “A Specifier’s Introduction to Formal Methods”, Jeannette Wing, IEEE Computer, Vol.23,No.9 (September 1990), p.8.

    Google Scholar 

  6. “Strategies for Incorporating Formal Specifications in Software Development”, Martin Fraser, Kuldeep Kumar, and Vijay Vaishnavi, Communications of the ACM, Vol.37,No.10 (October 1994), p.74.

    Article  Google Scholar 

  7. “Formal Methods and Models”, James Willams and Marshall Abrams, “Information Security: An Integrated Collection of Essays”, IEEE Computer Society Press, 1995, p.170.

    Google Scholar 

  8. “A Technique for Software Module Specification with Examples”, David Parnas, Communications of the ACM, Vol.15,No.5 (May 1972), p.330.

    Article  Google Scholar 

  9. “Implications of a Virtual Memory Mechanism for Implementing Protection in a Family of Operating Systems”, William Price, PhD thesis, Carnegie-Mellon University, June 1973.

    Google Scholar 

  10. “An Experiment with Affirm and HDM”, Jonathan Millen and David Drake, The Journal of Systems and Software, Vol.2,No.2 (June 1981), p.159.

    Article  Google Scholar 

  11. “Applying Formal Methods to an Information Security Device: An Experience Report”, James Kirby Jr., Myla Archer, and Constance Heitmeyer, Proceedings of the 4 th International Symposium on High Assurance Systems Engineering (HASE’99), IEEE Computer Society Press, November 1999, p.81.

    Google Scholar 

  12. “Building a Secure Computer System”, Morrie Gasser, Van Nostrand Reinhold, 1988.

    Google Scholar 

  13. “Validating Requirements for Fault Tolerant Systems using Model Checking”, Francis Schneider, Steve Easterbrook, John Callahan, and Gerard Holzman, Proceedings of the 3 rd International Conference on Requirements Engineering, IEEE Computer Society Press, April 1998, p.4.

    Google Scholar 

  14. “Report on the Formal Specification and Partial Verification of the VIPER Microprocessor”, Bishop Brock and Warren Hunt Jr., Proceedings of the 6 th Annual Conference on Computer Assurance (COMPASS’91), IEEE Computer Society Press, 1991, p.91.

    Google Scholar 

  15. “User Threatens Court Action over MoD Chip”, Simon Hill, Computer Weekly, 5 July 1990, p.3.

    Google Scholar 

  16. “MoD in Row with Firm over Chip Development”, The Independent, 28 May 1991.

    Google Scholar 

  17. “Formal Methods of Program Verification and Specification”, H. Berg, W. Boebert, W. Franta, and T. Moher, Prentice-Hall Inc, 1982.

    Google Scholar 

  18. “A Description of a Formal Verification and Validation (FVV) Process”, Bill Smith, Cynthia Reese, Kenneth Lindsay, and Brian Crane, Proceedings of the 1988 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, August 1988, p.401.

    Google Scholar 

  19. “An InaJo Proof Manager for the Formal Development Method”, Daniel Barry, ACM SIGSOFT Software Engineering Notes, Vol.10,No.4 (August 1985), p.19.

    Article  Google Scholar 

  20. “Proposed Technical Evaluation Criteria for Trusted Computer Systems”, Grace Nibaldi, MITRE Technical Report M79-225, The MITRE Corporation, 25 October 1979.

    Google Scholar 

  21. “Locking Computers Securely”, O.Sami Saydari, Joseph Beckman, and Jeffrey Leaman, Proceedings of the 10 th National Computer Security Conference, September 1987, p.129.

    Google Scholar 

  22. “Program Verification”, Robert Boyer and J.Strother Moore, Journal of Automated Reasoning, Vol.1,No.1 (1985), p.17.

    MathSciNet  Google Scholar 

  23. “Mathematics, Technology, and Trust: Formal Verification, Computer Security, and the US Military”, Donald MacKenzie and Garrel Pottinger, IEEE Annals of the History of Computing, Vol.19,No.3 (July–September 1997), p.41.

    Article  Google Scholar 

  24. “Do You Trust Your Compiler”, James Boyle, R.Daniel Resler, Victor Winter, IEEE Computer, Vol.32,No.5 (May 1999), p.65.

    Google Scholar 

  25. “Integrating Formal Methods into the Development Process”, Richard Kemmerer, IEEE Software, Vol.7,No.5 (September 1990), p.37.

    Article  Google Scholar 

  26. “Towards a verified MiniSML/SECD system”, Todd Simpson, Graham Birtwhistle, and Brian Graham, Software Engineering Journal, Vol.8,No.3 (May 1993), p.137.

    Article  Google Scholar 

  27. “Formal Verification of Transformations for Peephole Optimisation”, A. Dold, F. von Henke, H. Pfeifer, and H. Rueß, Proceedings of the 4 th International Symposium of Formal Methods Europe (FME’97), Springer-Verlag Lecture Notes in Computer Science, No.1313, p.459.

    Google Scholar 

  28. “The verification of low-level code”, D. Clutterbuck and B. Carré, Software Engineering Journal, Vol.3,No.3 (May 1988), p.97.

    Article  Google Scholar 

  29. “Automatic Verification of Object Code Against Source Code”, Sakthi Subramanian and Jeffrey Cook, Proceedings of the 11 th Annual Conference on Computer Assurance (COMPASS’96), IEEE Computer Society Press, June 1996, p.46.

    Google Scholar 

  30. “Automatic Generation of C++ Code from an ESCRO2 Specification”, P. Grabow and L. Liu, Proceedings of the 19 th Computer Software and Applications Conference (COMPSAC’95), September 1995, p.18.

    Google Scholar 

  31. “Is Proof More Cost-Effective Than Testing”, Steve King, Jonathan Hammond, Rod Chapman, and Andy Pryor, IEEE Transactions on Software Engineering, Vol.26,No.8 (August 2000), p.675.

    Article  Google Scholar 

  32. “Science and Substance: A Challenge to Software Engineers”, Norman Fenton, Shari Lawrence Pfleeger, and Robert L. Glass, IEEE Software, Vol.11,No.4 (July 1994), p.86.

    Article  Google Scholar 

  33. “The Software-Research Crisis”, Robert Glass, IEEE Software, Vol.11,No.6 (November 1994), p.42.

    Article  Google Scholar 

  34. “Observation on Industrial Practice Using Formal Methods”, Susan Gerhart, Dan Craigen, and Ted Ralston, Proceedings of the 15 th International Conference on Software Engineering (ICSE’93), 1993, p.24.

    Google Scholar 

  35. “How Effective Are Software Engineering Methods?”, Norman Fenton, The Journal of Systems and Software, Vol.22,No.2 (August 1993), p.141.

    Article  Google Scholar 

  36. “Industrial Applications of Formal Methods to Model, Design, and Analyze Computer Systems: An International Survey”, Dan Craigen, Susan Gerhart, and Ted Ralston, Noyes Data Corporation, 1994 (originally published by NIST).

    Google Scholar 

  37. “The Evaluation of Three Specification and Verification Methodologies”, Richard Platek, Proceedings of the 4 th Seminar on the DoD Computer Security Initiative (later the National Computer Security Conference), August 1981, p.X-1.

    Google Scholar 

  38. “Ina Jo: SDC’s Formal Development Methodology”, ACM SIGSOFT Software Engineering Notes, Vol.5,No.3 (July 1980).

    Google Scholar 

  39. “FDM — A Specification and Verification Methodology”, Richard Kemmerer, Proceedings of the 3 rd Seminar on the DoD Computer Security Initiative Program (later the National Computer Security Conference) November 1980, p.L-1.

    Google Scholar 

  40. “INATEST: An Interactive System for Testing Formal Specifications”, Steven Eckmann and Richard Kemmerer, ACM SIGSOFT Software Engineering Notes, Vol.10,No.4 (August 1985), p.17.

    Article  Google Scholar 

  41. “Gypsy: A Language for Specification and Implementation of Verifiable Programs”, Richard Cohen, Allen Ambler, Donald Good, James Browne, Wilhelm Burger, Charles Hoch, and Robert Wells, SIGPLAN Notices, Vol.12,No.3 (March 1977), p.1.

    Article  Google Scholar 

  42. “A Report on the Development of Gypsy”, Richard Cohen, Donald Good and Lawrence Hunter, Proceedings of the 1978 National ACM Conference, December 1978, p.116.

    Google Scholar 

  43. “Building Verified Systems with Gypsy”, Donald Good, Proceedings of the 3 rd Seminar on the DoD Computer Security Initiative Program (later the National Computer Security Conference), November 1980, p.M-1.

    Google Scholar 

  44. “Industrial Use of Formal Methods”, Steven Miller, Dependable Computing and Fault-Tolerant Systems, Vol.9, Springer-Verlag, 1995, p.33.

    Google Scholar 

  45. “Can we rely on Formal Methods?”, Natarajan Shankar, Dependable Computing and Fault-Tolerant Systems, Vol.9, Springer-Verlag, 1995, p.42.

    Google Scholar 

  46. “Applications of Formal Methods”, Mike Hinchey and Jonathan Bowen, Prentice-Hall International, 1995.

    Google Scholar 

  47. “A Case Study in Model Checking Software Systems”, Jeannette Wing and Mondonna Vaziri-Farahani, Science of Computer Programming, Vol.28,No.2–3 (April 1997), p.273.

    Article  Google Scholar 

  48. “A survey of mechanical support for formal reasoning”, Peter Lindsay, Software Engineering Journal, Vol.3,No.1 (January 1988), p.3.

    Article  Google Scholar 

  49. “Verification Technology and the A1 Criteria”, Terry Vickers Benzel, ACM SIGSOFT Software Engineering Notes, Vol.10,No.4 (August 1985), p.108.

    Article  Google Scholar 

  50. “Verifying security”, Maureen Cheheyl, Morrie Gasser, George Huff, and Jonathan Millen, ACM Computing Surveys, Vol.13,No.3 (September 1981), p.279.

    Article  Google Scholar 

  51. “A Role for Formal Methodists”, Fred Schneider, Dependable Computing and Fault-Tolerant Systems, Vol.9, Springer-Verlag, 1995, p.54.

    Google Scholar 

  52. “Software Testing Techniques (2nd ed)”, Boris Beizer, Van Nostrand Reinhold, 1990.

    Google Scholar 

  53. “Engineering Requirements for Production Quality Verification Systems”, Stephen Crocker, ACM SIGSOFT Software Engineering Notes, Vol.10,No.4 (August 1985), p.15.

    Article  Google Scholar 

  54. “Problems, methods, and specialisation”, Michael Jackson, Software Engineering Journal, Vol.9,No.6 (November 1994), p.249.

    Article  ADS  Google Scholar 

  55. “Formal Methods and Traditional Engineering”, Michael Jackson, The Journal of Systems and Software, Vol.40,No.3 (March 1998), p.191.

    Article  Google Scholar 

  56. “Verifying the Specification-to-Code Correspondence for Abstract Data Types”, Daniel Schweizer and Christoph Denzler, Dependable Computing and Fault-Tolerant Systems, Vol.11, Springer-Verlag, 1998, p.33.

    Google Scholar 

  57. ”Strong vs. Weak Approaches to Systems Development”, Iris Vessey and Robert Glass, Communications of the ACM, Vol.41,No.4 (April 1998), p.99

    Article  Google Scholar 

  58. “Panel Session: Kernel Performance Issues”, Marvin Shaefer (chairman), Proceedings of the 1981 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, August 1981, p.162.

    Google Scholar 

  59. “The Best Available Technologies for Computer Security”, Carl Landwehr, IEEE Computer, Vol.16,No 7 (July 1983), p.86.

    Google Scholar 

  60. “A Retrospective on the VAX VMM Security Kernel”, Paul Karger, Mary Ellen Zurko, Douglas Bonin, Andrew Mason, and Clifford Kahn, IEEE Transactions on Software Engineering, Vol.17,No.11 (November 1991), p.1147.

    Article  Google Scholar 

  61. “Formal Construction of the Mathematically Analyzed Separation Kernel”, W. Martin, P. White, F.S. Taylor, and A. Goldberg, Proceedings of the 15 th International Conference on Automated Software Engineering (ASE’00), IEEE Computer Society Press, September 2000, p.133.

    Google Scholar 

  62. “Formal Methods Reality Check: Industrial Usage”, Dan Craigen, Susan Gerhart, and Ted Ralston, IEEE Transactions on Software Engineering, Vol.21,No.2 (February 1995), p.90.

    Article  Google Scholar 

  63. “Mathematical Methods: What we Need and Don’t Need”, David Parnas, IEEE Computer, Vol.29,No.4 (April 1996), p.28.

    Google Scholar 

  64. “Literate Specifications”, C. Johnson, Software Engineering Journal, Vol.11,No.4 (July 1996), p.225.

    Article  Google Scholar 

  65. “Mathematical Notation in Formal Specification: Too Difficult for the Masses?”, Kate Finney, IEEE Transactions on Software Engineering, Vol.22,No.2 (February 1996), p.158.

    Article  Google Scholar 

  66. “The Design of a Family of Applications-oriented Requirements Languages”, Alan Davis, IEEE Computer, Vol.15,No.5 (May 1982), p.21.

    Google Scholar 

  67. “An Operational Approach to Requirements Specification for Embedded Systems”, IEEE Transactions on Software Engineering, Vol.8,No.3 (May 1982), p.250.

    Google Scholar 

  68. “A Comparison of Techniques for the Specification of External System Behaviour”, Alan Davis, Communications of the ACM, Vol.31,No.9 (September 1988), p.1098.

    Article  Google Scholar 

  69. “A 15 Year Perspective on Automatic Programming”, IEEE Transactions on Software Engineering, Vol.11,No.11 (November 1985), p.1257.

    Google Scholar 

  70. “Operational Specification as the Basis for Rapid Prototyping”, Robert Balzer, Neil Goldman, and David Wile, ACM SIGSOFT Software Engineering Notes, Vol.7,No.5 (December 1982), p.3.

    Article  Google Scholar 

  71. “Fault Tolerance by Design Diversity: Concepts and Experiments”, Algirdas Avižienis and John Kelly, IEEE Computer, Vol.17,No.8 (August 1984), p.67.

    Google Scholar 

  72. “Coding for a Believable Specification to Implementation Mapping”, William Young and John McHugh,, Proceedings of the 1987 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, August 1987, p.140.

    Google Scholar 

  73. “DoD Overview: Computer Security Program Direction”, Colonel Joseph Greene Jr., Proceedings of the 8 th National Computer Security Conference, September 1985, p.6.

    Google Scholar 

  74. “The Emperor’s Old Armor”, Bob Blakley, Proceedings of the 1996 New Security Paradigms Workshop, ACM, 1996, p.2.

    Google Scholar 

  75. “Analysis of a Kernel Verification”, Terry Vickers Benzel, Proceedings of the 1984 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, August 1984, p.125.

    Google Scholar 

  76. “Increasing Assurance with Literate Programming Techniques”, Andrew Moore and Charles Payne Jr., Proceedings of the 11 th Annual Conference on Computer Assurance (COMPASS’96), National Institute of Standards and Technology, June 1996.

    Google Scholar 

  77. “Formal Verification Techniques for a Network Security Device”, Hicham Adra and William Sandberg-Maitland, Proceedings of the 3 rd Annual Canadian Computer Security Symposium, May 1991, p.295.

    Google Scholar 

  78. “Assessment and Control of Software”, Capers Jones, Yourdon Press, 1994.

    Google Scholar 

  79. “An InaJo Proof Manager”, Daniel Berry, ACM SIGSOFT Software Engineering Notes, Vol.10,No.4 (August 1985), p.19.

    Article  Google Scholar 

  80. “Formal Methods: Promises and Problems”, Luqi and Joseph Goguen, IEEE Software, Vol.14,No.1 (January 1997), p.73.

    Article  Google Scholar 

  81. “A Security Model for Military Message Systems”, Carl Landwehr, Constance Heitmeyer, and John McLean, ACM Transactions on Computer Systems, Vol.2,No.3 (August 1984), p.198.

    Article  Google Scholar 

  82. “Risk Analysis of ‘Trusted Computer Systems’”, Klaus Brunnstein and Simone Fischer-Hübner, Computer Security and Information Integrity, Elsevier Science Publishers, 1991, p.71.

    Google Scholar 

  83. “A Retrospective on the Criteria Movement”, Willis Ware, Proceedings of the 18 th National Information Systems Security Conference (formerly the National Computer Security Conference), October 1995, p.582.

    Google Scholar 

  84. “Are We Testing for True Reliability?”, Dick Hamlet, IEEE Software, Vol.9,No.4 (July 1992), p.21.

    Article  Google Scholar 

  85. “The Limits of Software: People, Projects, and Perspectives”, Robert Britcher and Robert Glass, Addison-Wesley, 1999.

    Google Scholar 

  86. “A Review of the State of the Practice in Requirements Modelling”, Mitch Lubars, Colin Potts, and Charlie Richter, Proceedings of the IEEE International Symposium on Requirements Engineering, IEEE Computer Society Press, January 1993, p.2.

    Google Scholar 

  87. “Software-Engineering Research Revisited”, Colin Potts, IEEE Software, Vol.10,No.5 (September 1993), p.19.

    Article  Google Scholar 

  88. “Invented Requirements and Imagined Customers: Requirements Engineering for Offthe-Shelf Software”, Colin Potts, Proceedings of the 2 nd IEEE International Symposium on Requirements Engineering, IEEE Computer Society Press, March 1995, p.128.

    Google Scholar 

  89. “Validating a High-Performance, Programmable Secure Coprocessor”, Sean Smith, Ron Perez, Steve Weingart, and Vernon Austel, Proceedings of the 22 nd National Information Systems Security Conference (formerly the National Computer Security Conference), October 1999.

    Google Scholar 

  90. “A New Paradigm for Trusted Systems”, Dorothy Denning, Proceedings of the New Security Paradigms Workshop’ 92, 1992, p.36.

    Google Scholar 

  91. “TCB Subsets for Incremental Evaluation”, William Shockley and Roger Schell, Proceedings of the 3 rd Aerospace Computer Security Conference, December 1987, p.131.

    Google Scholar 

  92. “Does TCB Subsetting Enhance Trust?”, Richard Feiertag, Proceedings of the 5 th Annual Computer Security Applications Conference, December 1989, p.104.

    Google Scholar 

  93. “Considerations in TCB Subsetting”, Helena Winkler-Parenty, Proceedings of the 5 th Annual Computer Security Applications Conference, December 1989, p.105.

    Google Scholar 

  94. “Requirements for Market Driven Evaluations for Commercial Users of Secure Systems”, Peter Callaway, Proceedings of the 3 rd Annual Canadian Computer Security Symposium, May 1991, p.207.

    Google Scholar 

  95. “Re-Use of Evaluation Results”, Jonathan Smith, Proceedings of the 15 th National Computer Security Conference, October 1992, p.534.

    Google Scholar 

  96. “Using a Mandatory Secrecy and Integrity Policy on Smart Cards and Mobile Devices”, Paul Karger, Vernon Austel, and David Toll, Proceedings of the EuroSmart Security Conference, June 2000, p.134.

    Google Scholar 

  97. “The Need for an Integrated Design, Implementation, Verification, and Testing Methodology”, R.Alan Whitehurst, ACM SIGSOFT Software Engineering Notes, Vol.10,No.4 (August 1985), p.97.

    Article  Google Scholar 

  98. “SELECT — A Formal System for Testing and Debugging Programs by Symbolic Execution”, Robert Boyer, Bernard Elspas, and Karl Levitt, ACM SIGPLAN Notices, Vol.10,No.6 (June 1975), p.234.

    Article  Google Scholar 

  99. “A Review of Formal Methods”, Robert Vienneau, A Review of Formal Methods, Kaman Science Corporation, 1993, p.3.

    Google Scholar 

  100. “CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows intruders to execute arbitrary code”, CERT, http://www.cert.org/advisories/CA-2001-25.html, 6 September 2001.

  101. “Security hole found in Gauntlet: NAI firewall suffers second serious hole. Experts ask, is anything safe?”, Kevin Poulsen, SecurityFocus News, http://www.-securityfocus.com/news/248, 4 September 2001.

  102. “PGP’s Gauntlet Firewall Vulnerable”, George Hulme, Wall Street and Technology, http://www.wallstreetandtech.com/story/itWire/IWK20010911S0003, 11 September 2001.

  103. “Formal Specification and Verification of Control Software for Cryptographic Equipment”, D.Richard Kuhn and James Dray, Proceedings of the 1990 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, August 1990, p.32.

    Google Scholar 

  104. “Making Sense of Specifications: The Formalization of SET (Transcript of Discussion)”, Lawrence Paulson, Proceedings of the 8 th International Security Protocols Workshop, April 2000, Springer-Verlag Lecture Notes in Computer Science, No.2133, p.82.

    Google Scholar 

  105. “Formal Verification of Cardholder Registration in SET”, Giampaolo Bella, Fabio Massacci, Lawrence Paulson, and Piero Tramontano, Proceedings of the 6 th European Symposium on Research in Computer Security (ESORICS 2000), Springer-Verlag Lecture Notes in Computer Science, No.1895, p.159.

    Google Scholar 

  106. “A Cryptographic Evaluation of IPsec”, Niels Ferguson and Bruce Schneier, Counterpane Labs, 1999, http://www.counterpane.com/ipsec.html.

  107. “Making Sense of Specifications: The Formalization of SET”, Giampaolo Bella, Fabio Massacci, Lawrence Paulson, and Piero Tramontano, Proceedings of the 8 th International Security Protocols Workshop, April 2000, Springer-Verlag Lecture Notes in Computer Science, No.2133, p.74.

    Google Scholar 

  108. “Information Flow and Invariance”, Joshua Guttman, Proceedings of the 1987 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, August 1987, p.67.

    Google Scholar 

  109. “Symbol Security Condition Considered Harmful”, Marvin Schaefer, Proceedings of the 1989 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, August 1989, p.20.

    Google Scholar 

  110. “Re: WuFTPD: Providing *remote* root since at least 1994”, Theo de Raadt, posting to the bugtraq mailing list, message-ID 200006272322.e5RNMIv18874@cvs.-openbsd.org, 27 June 2000.

    Google Scholar 

  111. “A Logic of Authentication”, Michael Burrows, Martín Abadi, and Roger Needham, ACM Transactions on Computer Systems, Vol.8,No.1 (February 1990), p.18.

    Article  Google Scholar 

  112. “Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR”, Gavin Lowe, Proceedings of the 2d International Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’96), Springer-Verlag Lecture Notes in Computer Science, No.1055, March 1996, p.147.

    Google Scholar 

  113. “Casper: A Compiler for the Analysis of Security Protocols”, Gavin Lowe, Proceedings of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, May 1997, p.18.

    Google Scholar 

  114. “Analyzing the Needham-Schroeder Public Key Protocol: A Comparison of Two Approaches”, Catherine Meadows, Proceedings of the 4 th European Symposium on Research in Computer Security (ESORICS’96), Springer-Verlag Lecture Notes in Computer Science, No.1146, September 1996, p.351.

    Google Scholar 

  115. “On the Verification of Cryptographic Protocols — A Tale of Two Committees”, Dieter Gollman, Proceedings of the Workshop on Secure Architectures and Information Flow, Electronic Notes in Theoretical Computer Science (ENTCS), Vol.32, 2000, http://www.elsevier.nl/gej-ng/31/29/23/57/23/show/-Products/notes/index.htt.

  116. “The Logic of Computer Programming”, Zohar Manna and Richard Waldinger, IEEE Transactions on Software Engineering, Vol.4,No.3 (May 1978), p.199.

    Article  MathSciNet  Google Scholar 

  117. “Verifying a Real System Design — Some of the Problems”, Ruaridh Macdonald, ACM SIGSOFT Software Engineering Notes, Vol.10,No.4 (August 1985), p.128.

    Article  MathSciNet  Google Scholar 

  118. “On the Inevitable Intertwining of Specification and Implementation”, William Swartout and Robert Balzer, Communications of the ACM, Vol.25,No.7 (July 1982), p.438.

    Article  Google Scholar 

  119. “An Empirical Investigation of the Effect of Formal Specifications on Program Diversity”, Thomas McVittie, John Kelly, and Wayne Yamamoto, Dependable Computing and Fault-Tolerant Systems, Vol.6, Springer-Verlag, 1992, p.219.

    Google Scholar 

  120. “Proving Properties of Security Protocols by Induction”, Lawrence Paulson, Proceedings of the 10 th Computer Security Foundations Workshop (CSFW’97), June 1997, p.70.

    Google Scholar 

  121. “Verifying Security Protocols with Brutus”, E.M. Clarke, S. Jha, and W. Marrero, ACM Transactions on Software Engineering and Methodology, Vol.9,No.4 (October 2000), p.443.

    Article  Google Scholar 

  122. “Automated Analysis of Cryptographic Protocols Using Murϕ”, John Mitchell, Mark Mitchell, and Ulrich Stern, Proceedings of the 1997 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, May 1997, p.141.

    Google Scholar 

  123. “Strand Spaces: Why is a Security Protocol Correct”, F.Javier Thayer Fábrega, Jonathan Herzog, and Joshua Guttman, Proceedings of the 1998 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, May 1998, p.160.

    Google Scholar 

  124. “Athena: a novel approach to efficient automatic security protocol analysis”, Dawn Xiaoding Song, Sergey Berezin, and Adrian Perrig, Journal of Computer Security, Vol.9,Nos.1,2 (2000), p.47.

    Google Scholar 

  125. “Dynamic Analysis of Security Protocols”, Alec Yasinsac, Proceedings of the New Security Paradigms Workshop, September 2000, p.77.

    Google Scholar 

  126. “Social Processes and Proofs of Theorems and Programs”, Richard DeMillo, Richard Lipton, and Alan Perlis, Communications of the ACM, Vol.22,No.5 (May 1979), p.271.

    Article  Google Scholar 

  127. “Fermat’s Last Theorem”, Simon Singh, Fourth Estate, 1997.

    Google Scholar 

  128. “Adventures of a Mathematician”, Stanislaw Ulam, Scribners, 1976.

    Google Scholar 

  129. “Program Verification: The Very Idea”, James Fetzer, Communications of the ACM, Vol.31,No.9 (September 1988), p.1048.

    Article  Google Scholar 

  130. “Cost Profile of a Highly Assured, Secure Operating System”, Richard Smith, ACM Transactions on Information and System Security, Vol.4,No.1 (February 2001), p.72.

    Article  Google Scholar 

  131. “Programming by Action Clusters”, Peter Naur, BIT, Vol.9,No.3 (September 1969), p.250.

    Article  MATH  Google Scholar 

  132. Review No.19,420, Burt Leavenworth, Computing Reviews, Vol.11,No.7 (July 1970), p.396.

    Google Scholar 

  133. “Software Reliability through Proving Programs Correct”, Proceedings of the IEEE International Symposium on Fault-Tolerant Computing, March 1971, p.125.

    Google Scholar 

  134. “Toward a Theory of Test Data Selection”, John Goodenough and Susan Gerhart, IEEE Transactions on Software Engineering, Vol.1,No.2 (June 1975), p.156.

    MathSciNet  Google Scholar 

  135. “On Formalism in Specifications”, IEEE Software, Vol.2,No.1 (January 1985), p.6.

    Google Scholar 

  136. “Software Engineering (2nd ed)”, Stephen Schach, Richard Irwin and Asken Associates, 1993.

    Google Scholar 

  137. “Acceptance of Formal Methods: Lessons from Hardware Design”, David Dill and John Rushby, IEEE Computer, Vol.29,No.4 (April 1996), p.23.

    Google Scholar 

  138. “Formal Hardware Verification: Methods and systems in comparison”, Lecture Notes in Computer Science, No.1287, Springer-Verlag, 1997.

    Google Scholar 

  139. “Formal methods in computer aided design: Second international conference proceedings”, Lecture Notes in Computer Science, No.1522, Springer-Verlag, 1998.

    Google Scholar 

  140. “Formal Methods For Developing High Assurance Computer Systems: Working Group Report”, Mats Heimdahl and Constance Heitmeyer, Proceedings of the 2 nd Workshop on Industrial-Strength Formal Specification Techniques (WIFT’98), IEEE Computer Society Press, October 1998.

    Google Scholar 

  141. “Taking Z Seriously”, Anthony Hall, The Z formal specification notation: Proceedings of ZUM’97, Springer-Verlag Lecture Notes in Computer Science, No.1212, 1997, p.1.

    Google Scholar 

  142. “Software Technology Maturation”, Samuel Redwine and William Riddle, Proceedings of the 8 th International Conference on Software Engineering (ICSE’85), IEEE Computer Society Press, August 1985, p.189.

    Google Scholar 

  143. “OO is NOT the Silver Bullet”, J.Barrie Thompson, Proceedings of the 20 th Computer Software and Applications Conference (COMPSAC’96), IEEE Computer Society Press, 1996, p.155.

    Google Scholar 

  144. “The Psychological Study of Programming”, B. Sheil, Computing Surveys, Vol.13,No.1 (March 1981), p.101.

    Article  Google Scholar 

  145. “Seven More Myths of Formal Methods” Jonathan Bowen and Michael Hinchey, IEEE Software, Vol.12,No.4 (July 1995), p.34.

    Article  Google Scholar 

  146. “Belief in Correctness”, Marshall Abrams and Marvin Zelkowitz, Proceedings of the 17 th National Computer Security Conference, October 1994, p.132.

    Google Scholar 

  147. “Status Report on Software Measurement”, Shari Lawrence Pfleeger, Ross Jeffery, Bill Curtis, and Barbara Kitchenham, IEEE Software, Vol.14,No.2 (March/April 1997), p.33.

    Article  Google Scholar 

  148. “Does Organizational Maturity Improve Quality?”, Khaled El Emam and Nazim Madhavji, IEEE Software, Vol.13,No.5 (September 1996), p.209.

    Google Scholar 

  149. “Is Software Process Re-engineering and Improvement the’ silver Bullet’ of the 1990’s or a Constructive Approach to Meet Pre-defined Business Targets”, Annie Kuntzmann-Combelles, Proceedings of the 20 th Computer Software and Applications Conference (COMPSAC’96), 1996, p.435.

    Google Scholar 

  150. “Safer C: Developing for High-Integrity and Safety-Critical Systems”, Les Hatton, McGraw-Hill, 1995.

    Google Scholar 

  151. “Can You Trust Software Capability Evaluations”, Emilie O’Connell and Hossein Saiedian, IEEE Computer, Vol.33,No.2 (February 2000), p.28.

    Google Scholar 

  152. “New Paradigms for High Assurance Systems”, John McLean, Proceedings of the 1992 New Security Paradigms Workshop, IEEE Press, 1993, p.42.

    Google Scholar 

  153. “Quantitative Measures of Security”, John McLean, Dependable Computing and Fault-Tolerant Systems, Vol.9, Springer-Verlag, 1995, p.223.

    MathSciNet  Google Scholar 

  154. “The Feasibility of Quantitative Assessment of Security”, Catherine Meadows, Dependable Computing and Fault-Tolerant Systems, Vol.9, Springer-Verlag, 1995, p.228.

    Google Scholar 

  155. “Determining Assurance Levels by Security Engineering Process Maturity”, Karen Ferraiolo and Joel Sachs, Proceedings of the 5 th Annual Canadian Computer Security Symposium, May 1993, p.477.

    Google Scholar 

  156. “Community Response to CMM-Based Security Engineering Process Improvement”, Marcia Zior, Proceedings of the 18 th National Information Systems Security Conference (formerly the National Computer Security Conference), October 1995 p.404.

    Google Scholar 

  157. “Systems Security Engineering Capability Maturity Model (SSE-CMM), Model Description Document Version 2.0”, Systems Security Engineering Capability Maturity Model (SSE-CMM) Project, 1 April 1999.

    Google Scholar 

  158. “RE: [open-source] Market demands for reliable software”, Gary Stoneburner, posting to the open-source@csl.sri.com mailing list, message-ID 5.0.0.25.2.-20010404083833.009fd100@mail.nist.gov, 4 April 2001.

    Google Scholar 

  159. “OS/360 Computer Security Penetration Exercise”, S. Goheen and R. Fiske, MITRE Working Paper WP-4467, The MITRE Corporation, 16 October 1972.

    Google Scholar 

  160. “HOWTO: Password Change Filtering & Notification in Windows NT”, Microsoft Knowledge Base Article Q151082, June 1997.

    Google Scholar 

  161. “A new Microsoft security bulletin and the OffloadModExpo functionality”, Sergio Tabanelli, posting to the aucrypto mailing list, message-ID 20000413102943.-OGOB5378.fep03-svc.tin.it@fep11-svc.tin.it, 13 April 2000.

    Google Scholar 

  162. “A Software Process Immaturity Model”, Anthony Finkelstein, ACM SIGSOFT Software Engineering Notes, Vol.17,No.4 (October 1992), p.22.

    Article  Google Scholar 

  163. “Rules to Lose By: The Hopeless character class”, Roger Koppy, Dragon Magazine, Vol.9,No.11 (April 1985), p.54.

    Google Scholar 

  164. “The Need for a Failure Model for Security”, Catherine Meadows, Dependable Computing and Fault-tolerant Systems, Vol.9, 1995.

    Google Scholar 

  165. “The Second Annual Report on CASE”, CASE Research Corp, Washington, 1990.

    Google Scholar 

  166. “An Empirical Evaluation of the Use of CASE Tools”, S. Stobart, A. van Reeken, G. Low, J. Trienekens, J. Jenkins, J. Thompson, and D. Jeffery, Proceedings of the 6 th International Workshop on Computer-Aided Software Engineering (CASE’93), IEEE Computer Society Press, July 1993, p.81.

    Google Scholar 

  167. “The Methods Won’t Save You (but it can help)”, Patrick Loy, ACM SIGSOFT Software Engineering Notes, Vol.18,No.1 (January 1993), p.30.

    Article  Google Scholar 

  168. “What Determines the Effectiveness of CASE Tools? Answers Suggested by Empirical Research”, Joseph Trienekens and Anton van Reeken, Proceedings of the 5 th International Workshop on Computer-Aided Software Engineering (CASE’92), IEEE Computer Society Press, July 1992, p.258.

    Google Scholar 

  169. “Albert Einstein and Empirical Software Engineering”, Shari Lawrence Pfleeger, IEEE Computer, Vol.32,No.10 (October 1999), p.32.

    Google Scholar 

  170. “Rethinking the modes of software engineering research”, Alfonso Fugetta, Journal of Systems and Software, Vol.47,No.2–3 (July 1999), p.133.

    Article  Google Scholar 

  171. “Evaluating Software Engineering Technologies”, David Card, Frank McGarry, Gerald Page, IEEE Transactions on Software Engineering, Vol.13,No.7 (July 1987), p.845.

    Article  Google Scholar 

  172. “Investigating the Influence of Formal Methods”, Shari Lawrence Pfleeger and Les Hatton, IEEE Computer, Vol.30,No.2 (February 1997), p.33.

    Google Scholar 

  173. “Formal Methods are a Surrogate for a More Serious Software Concern”, Robert Glass, IEEE Computer, Vol.29,No.4 (April 1996), p.19.

    MathSciNet  Google Scholar 

  174. “The Realities of Software Technology Payoffs”, Robert Glass, Communications of the ACM, Vol.42,No.2 (February 1999), p.74.

    Article  Google Scholar 

  175. “Software failures, follies, and fallacies”, Les Hatton, IEE Review, Vol.43,No.2 (March 1997), p.49.

    Article  Google Scholar 

  176. “More Testing Should be Taught”, Terry Shepard, Margaret Lamb, and Diane Kelly, Communications of the ACM, Vol.44,No.6 (June 2001), p.103.

    Article  Google Scholar 

  177. “Applying Mathematical Software Documentation: An Experience Report”, Brian Bauer and David Parnas, Proceedings of the 10 th Annual Conference on Computer Assurance (COMPASS’95), IEEE Computer Society Press, June 1995, p.273.

    Google Scholar 

  178. “What’s Wrong with Software Engineering Research Methodology”, Franck Xia, ACM SIGSOFT Software Engineering Notes, Vol.23,No.1 (January 1998), p.62.

    Article  Google Scholar 

  179. “Assessing Modularity in Trusted Computing Bases”, J. Arnold, D. Baker, F. Belvin, R. Bottomly, S. Chokhani, and D. Downs, Proceedings of the 15 th National Computer Security Conference, October 1992, p.44. Republished in the Proceedings of the 5 th Annual Canadian Computer Security Symposium, May 1993, p.351

    Google Scholar 

  180. “The Sorry State of Software Practice Measurement and Evaluation”, William Hetzel, The Journal of Systems and Software, Vol.31,No.2 (November 1995), p.171.

    Article  Google Scholar 

  181. “Evaluating the Effectiveness of Z: The Claims Made About CICS and Where We Go From Here”, Kate Finney and Norman Fenton, The Journal of Systems and Software, Vol.35,No.3 (December 1996), p.209.

    Article  Google Scholar 

  182. “Rigor in Software Complexity Measurement Experimentation”, S. MacDonell, The Journal of Systems and Software, Vol.16,No.2 (October 1991), p.141.

    Article  Google Scholar 

  183. “The Mathematical Validity of Software Metrics”, B. Henderson-Sellers, ACM SIGSOFT Software Engineering Notes, Vol.21,No.5 (September 1996), p.89.

    Article  Google Scholar 

  184. “Experimental Evaluation in Computer Science: A Quantitative Study”, Walter Tichy, Paul Lukowicz, Lutz Prechelt, and Ernst Heinz, The Journal of Systems and Software, Vol.28,No.1 (January 1995), p.9.

    Article  Google Scholar 

  185. “Beware the Engineering Metaphor”, Wei-Lung Wang, Communications of the ACM, Vol.45,No.5 (May 2002), p.27

    Article  Google Scholar 

  186. “How Microsoft Builds Software”, Michael Cusumano and Richard Selby, Communications of the ACM, Vol.40,No.6 (June 1997), p.53.

    Article  Google Scholar 

  187. “Software Development on Internet Time”, Michael Cusumano and David Yoffie, IEEE Computer, Vol.32,No.10 (October 1999), p.60.

    Google Scholar 

  188. “Extreme Programming Explained: Embrace Change”, Kent Beck, Addison-Wesley, 1999.

    Google Scholar 

  189. “Embracing Change with Extreme Programming”, Kent Beck, IEEE Computer, Vol.32,No.10 (October 1999), 70.

    MathSciNet  Google Scholar 

  190. “XP”, John Vlissides, C++ Report, June 1999.

    Google Scholar 

  191. “Pair Programming on the C3 Project”, Jim Haungs, IEEE Computer, Vol.34,No.2 (February 2001), p.119.

    Google Scholar 

  192. “Bush Threatens ISO Certification on Taliban”, Mark Todaro, BBspot International News, http://bbspot.com/News/2001/10/iso9000.html, 16 October 2001.

Download references

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag New York, Inc.

About this chapter

Cite this chapter

(2004). Verification Techniques. In: Cryptographic Security Architecture. Springer, New York, NY. https://doi.org/10.1007/0-387-21551-4_4

Download citation

  • DOI: https://doi.org/10.1007/0-387-21551-4_4

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-0-387-95387-8

  • Online ISBN: 978-0-387-21551-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation