A formal development cycle for security engineering in Isabelle
Working paper
Kammueller, F. 2020. A formal development cycle for security engineering in Isabelle. arxiv.org.
Type | Working paper |
---|---|
Title | A formal development cycle for security engineering in Isabelle |
Authors | Kammueller, F. |
Abstract | In this paper, we show a security engineering process based on a formal notion of refinement fully formalized in the proof assistant Isabelle. This Refinement-Risk Cycle focuses on attack analysis and security refinement supported by interactive theorem proving. Since we use a fully formalized model of infrastructures with actors and policies we can support a novel way of formal security refinement for system specifications. This formal process is built practically as an extension to the Isabelle Infrastructure framework with attack trees. We define a formal notion of refinement on infrastructure models. Thanks to the formal foundation of Kripke structures and branching time temporal logic in the Isabelle Infrastructure framework, these stepwise transformations can be interleaved with attack tree analysis thus providing a fully formal security engineering framework. The process is illustrated on an IoT healthcare case study introducing GDPR requirements and blockchain. |
Journal | Cornell University, arxiv.org |
Publisher | arxiv.org |
Publication dates | |
Online | 04 Jan 2020 |
Publication process dates | |
Deposited | 15 Dec 2020 |
Submitted | 04 Jan 2020 |
Accepted | 04 Jan 2020 |
Output status | Published |
Language | English |
https://repository.mdx.ac.uk/item/8910x
Restricted files
First submitted version
67
total views0
total downloads2
views this month0
downloads this month