Abstract
Security automata are a convenient way to describe security policies. Their typical use is to monitor the execution of an application, and to interrupt it as soon as the security policy is violated. However, run-time adherence checking is not always convenient. Instead, we aim at developing a technique to verify adherence to a security policy statically. To do this, we consider a security automaton as specification, and we generate JML annotations that inline the monitor - as a specification - into the application. We describe this translation and prove preservation of program behaviour, i.e., if monitoring does not reveal a security violation, the generated annotations are respected by the program. The correctness proofs are formalised using the PVS theorem prover. This reveals several subtleties to be considered in the definition of the translation algorithm and in the program requirements.
Cite
CITATION STYLE
Huisman, M., & Tamalet, A. (2009). A formal connection between security automata and JML annotations. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5503, pp. 340–354). https://doi.org/10.1007/978-3-642-00593-0_23
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
