Advertisement

How to Specify Security Services: A Practical Approach

  • Javier Lopez
  • Juan J. Ortega
  • Jose Vivas
  • Jose M. Troya
Conference paper
  • 324 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2828)

Abstract

Security services are essential for ensuring secure communications. Typically no consideration is given to security requirements during the initial stages of system development. Security is only added latter as an afterthought in function of other factors such as the environment into which the system is to be inserted, legal requirements, and other kinds of constraints. In this work we introduce a methodology for the specification of security requirements intended to assist developers in the design, analysis, and implementation phases of protocol development. The methodology consists of an extension of the ITU-T standard requirements language MSC and HMSC, called SRSL, defined as a high level language for the specification of security protocols. In order to illustrate it and evaluate its power, we apply the new methodology to a real world example, the integration of an electronic notary system into a web-based multi-users service platform.

References

  1. 1.
    ITU-T Recommendation Z.100 (11/99), Specification and Description Language (SDL), Geneva (1999) Google Scholar
  2. 2.
    ITU-T Recommendation Z.120 (11/99), Message Sequence Charts (MSC-2000), Geneva (1999)Google Scholar
  3. 3.
    Jurjëns, J.: Towards development of secure systems using UMLsec. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, p. 187. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Lopez, J., Ortega, J.J., Troya, J.M.: Protocol Engineering Applied to Formal Analysis of Security Systems. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, p. 246. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Lopez, J., Ortega, J.J., Troya, J.M.: Verification of authentication protocols using SDL-Method. In: Workshop of Information Security, Ciudad-Real- SPAIN (April 2002)Google Scholar
  6. 6.
    Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: Proceedings of DISCEX 2000, pp. 237–250. IEEE Comp. Society Press, Los Alamitos (2000)Google Scholar
  7. 7.
    Menezes, A., Van Oorschot, P.C., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefzbMATHGoogle Scholar
  8. 8.
    Millen, J., Denker, G.: CAPSL integrated protocol environment. In: DARPA Information Survivability Conference (DISCEX 2000), IEEE Computer Society, Los Alamitos (2000)Google Scholar
  9. 9.
    Denker, M.J., Capsl, G., Mucapsl, J.: Telecommunications and Information Technology (2002)Google Scholar
  10. 10.
    Object Management Group, http://www.omg.org/
  11. 11.
    Ryan, P., Schneider, S.: The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley, Reading (2001)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Javier Lopez
    • 1
  • Juan J. Ortega
    • 1
  • Jose Vivas
    • 2
  • Jose M. Troya
    • 1
  1. 1.Computer Science DepartmentE.T.S. Ingeniería Informática University of MalagaSpain
  2. 2.Hewlett-Packard Labs.BristolUK

Personalised recommendations