
By Achim D. Brucker and Burkhart Wolff.
CVS is a widely known version management system, which can be used for the distributed development of software as well as its distribution from a central database. In this paper, we provide an outline of a formal security analysis of a CVS-Server architecture performed in . The analysis is based on an abstract architecture (enforcing a role-based access control on the repository), which is refined to an implementation architecture (based on the usual discretionary access control provided by the POSIX environment). Both architectures serve as framework to formulate access control and confidentiality properties. Both the abstract as well as the concrete architecture are specified in the language Z. Based on a logical embedding of Z into Isabelle/HOL, we provide formal, machine-checked proofs for consistency properties of the specification, for the correctness of the refinement, and for some security properties. Thus, we present a case study for the security analysis of realistic models over an off-the-shelf system by formal machine-checked proofs.
Keywords: security, access control, POSIX, Unix, CVS, Z
Supplementary material: [ Slides ]
Please cite this work as follows: A. D. Brucker and B. Wolff, “A case study of a formalized security architecture,” Electronic Notes in Theoretical Computer Science, vol. 80, pp. 24–40, 2003, doi: 10.1016/S1571-0661(04)80807-7. Proceedings of the Eighth International Workshop on Formal Methods for Industrial Critical Systems (FMICS’03). Author copy: https://logicalhacking.com/publications/brucker.ea-case-2003/
@Article{ brucker.ea:case:2003,
author = {Achim D. Brucker and Burkhart Wolff},
title = {A Case Study of a Formalized Security Architecture},
journal = {Electronic Notes in Theoretical Computer Science },
volume = {80},
note = {Proceedings of the Eighth International Workshop on Formal
Methods for Industrial Critical Systems (FMICS'03). \url{https://logicalhacking.com/publications/brucker.ea-case-2003/}},
Author copy: editor = {Thomas Arts and Wan Fokkink},
publisher = {Elsevier Science Publishers },
address = {Amsterdam },
location = {R{\o}ros, Norway},
year = {2003},
pages = {24--40},
language = {USenglish},
areas = {security, formal methods, software},
keywords = {security, access control, POSIX, Unix, CVS, Z},
abstract = {CVS is a widely known version management system, which can be
used for the distributed development of software as well as
its distribution from a central database. In this paper, we
provide an outline of a formal security analysis of a
CVS-Server architecture performed\cite{brucker.ea:cvs-server:2002}. The analysis is based on
in~
an abstract architecture (enforcing a role-based access
control on the repository), which is refined to an
implementation architecture (based on the usual discretionary
access control provided by the POSIX environment). Both
architectures serve as framework to formulate access control
and confidentiality properties. Both the abstract as well as
the concrete architecture are specified in the language Z.
Based on a logical embedding of Z into Isabelle/HOL, we
provide formal, machine-checked proofs for consistency
properties of the specification, for the correctness of the
refinement, and for some security properties. Thus, we present
a case study for the security analysis of realistic models
over an off-the-shelf system by formal machine-checked
proofs.},doi = {10.1016/S1571-0661(04)80807-7},
pdf = {https://logicalhacking.com/publications/brucker.ea-case-2003/brucker.ea-case-2003.pdf},
}