Abstract. We present a case study in the formal verification of an open source Java implementation of SSH. We discuss the security flaws we found and fixed by means of formal specification and verification – using the specification language JML and the program verification tool ESC/Java2 – and by more basic manual code inspection. Of more general interest is the methodology we propose to formalise security protocols such as SSH using finite state machines. This provides a precise but accessible formal specification, that is not only useful for formal verification, but also for development, testing, and for clarification of official specification in natural language.
Special issue ARES'12International audienceThis paper presents a novel technique for obtaining imple...
AbstractJava Card is a version of Java developed to run on devices with severe storage and processin...
Security-critical systems are challenging to design and implement correctly and securely. A lot of v...
International audienceThis paper presents an experiment in which an implementation of the client sid...
This paper examines the suitability and use of runtime verification as means for monitoring security...
There has been a significant amount of work devoted to the static verification of security protocol ...
In the past, formal verification of security properties of distributed applications has been mostly ...
The Java security package allows a programmer to add security features to Java applications. Althoug...
Nowadays, verification of programs is gaining increased importance. The software industry appears ...
Designing and coding security protocols is an error prone task. Several flaws are found in protocol ...
Contains fulltext : 29857.pdf (publisher's version ) (Open Access)Programs contain...
This thesis is concerned with formal development of Java Card applets. Java Card is a technology tha...
Formal verification is usually taught with a focus on functional languages, such as Agda, or special...
AbstractAn important missing link in the construction of secure systems is finding a practical way t...
AbstractThis paper presents a case study in the formal specification and verification of a smart car...
Special issue ARES'12International audienceThis paper presents a novel technique for obtaining imple...
AbstractJava Card is a version of Java developed to run on devices with severe storage and processin...
Security-critical systems are challenging to design and implement correctly and securely. A lot of v...
International audienceThis paper presents an experiment in which an implementation of the client sid...
This paper examines the suitability and use of runtime verification as means for monitoring security...
There has been a significant amount of work devoted to the static verification of security protocol ...
In the past, formal verification of security properties of distributed applications has been mostly ...
The Java security package allows a programmer to add security features to Java applications. Althoug...
Nowadays, verification of programs is gaining increased importance. The software industry appears ...
Designing and coding security protocols is an error prone task. Several flaws are found in protocol ...
Contains fulltext : 29857.pdf (publisher's version ) (Open Access)Programs contain...
This thesis is concerned with formal development of Java Card applets. Java Card is a technology tha...
Formal verification is usually taught with a focus on functional languages, such as Agda, or special...
AbstractAn important missing link in the construction of secure systems is finding a practical way t...
AbstractThis paper presents a case study in the formal specification and verification of a smart car...
Special issue ARES'12International audienceThis paper presents a novel technique for obtaining imple...
AbstractJava Card is a version of Java developed to run on devices with severe storage and processin...
Security-critical systems are challenging to design and implement correctly and securely. A lot of v...