A Case Study of a Formalized Security Architecture

By Achim D. Brucker and Burkhart Wolff.

CVS is a widely known version management system, which can be used for the distributed development of software as well as its distribution from a central database. In this paper, we provide an outline of a formal security analysis of a CVS-Server architecture performed in . The analysis is based on an abstract architecture (enforcing a role-based access control on the repository), which is refined to an implementation architecture (based on the usual discretionary access control provided by the POSIX environment). Both architectures serve as framework to formulate access control and confidentiality properties. Both the abstract as well as the concrete architecture are specified in the language Z. Based on a logical embedding of Z into Isabelle/HOL, we provide formal, machine-checked proofs for consistency properties of the specification, for the correctness of the refinement, and for some security properties. Thus, we present a case study for the security analysis of realistic models over an off-the-shelf system by formal machine-checked proofs.

Keywords:
security, access control, POSIX, Unix, CVS, Z

Supplementary material:
Slides  ]

Please cite this work as follows:
A. D. Brucker and B. Wolff, “A case study of a formalized security architecture,” Electronic Notes in Theoretical Computer Science, vol. 80, pp. 24–40, 2003, doi: 10.1016/S1571-0661(04)80807-7. Proceedings of the Eighth International Workshop on Formal Methods for Industrial Critical Systems (FMICS’03). Author copy: https://logicalhacking.com/publications/brucker.ea-case-2003/

BibTeX
@Article{ brucker.ea:case:2003,
  author    = {Achim D. Brucker and Burkhart Wolff},
  title     = {A Case Study of a Formalized Security Architecture},
  journal   = {Electronic Notes in Theoretical Computer Science },
  volume    = {80},
  note      = {Proceedings of the Eighth International Workshop on Formal
               Methods for Industrial Critical Systems (FMICS'03). 
               Author copy: \url{https://logicalhacking.com/publications/brucker.ea-case-2003/}},
  editor    = {Thomas Arts and Wan Fokkink},
  publisher = {Elsevier Science Publishers },
  address   = {Amsterdam },
  location  = {R{\o}ros, Norway},
  year      = {2003},
  pages     = {24--40},
  language  = {USenglish},
  areas     = {security, formal methods, software},
  keywords  = {security, access control, POSIX, Unix, CVS, Z},
  abstract  = {CVS is a widely known version management system, which can be
               used for the distributed development of software as well as
               its distribution from a central database. In this paper, we
               provide an outline of a formal security analysis of a
               CVS-Server architecture performed
               in~\cite{brucker.ea:cvs-server:2002}. The analysis is based on
               an abstract architecture (enforcing a role-based access
               control on the repository), which is refined to an
               implementation architecture (based on the usual discretionary
               access control provided by the POSIX environment). Both
               architectures serve as framework to formulate access control
               and confidentiality properties. Both the abstract as well as
               the concrete architecture are specified in the language Z.
               Based on a logical embedding of Z into Isabelle/HOL, we
               provide formal, machine-checked proofs for consistency
               properties of the specification, for the correctness of the
               refinement, and for some security properties. Thus, we present
               a case study for the security analysis of realistic models
               over an off-the-shelf system by formal machine-checked
               proofs.},
  doi       = {10.1016/S1571-0661(04)80807-7},
  pdf       = {https://logicalhacking.com/publications/brucker.ea-case-2003/brucker.ea-case-2003.pdf},
}