Petri net-based verification of security protocol implementation in software evolution Online publication date: Mon, 22-Oct-2018
by Mohd Anuaruddin Bin Ahmadon; Shingo Yamaguchi; B.B. Gupta
International Journal of Embedded Systems (IJES), Vol. 10, No. 6, 2018
Abstract: Implementation of security protocol in software plays an important role to protect the whole system from vulnerabilities. In order to protect the system from new threats, software needs to adapt to new security requirements thus security upgrades and patches are implemented to the software. Previous works only focus on logical correctness of the security protocol but we focus on the successful implementation of security protocol in a program. A program evolves as programmers apply security patches to its source code. Hence, the process of verifying important security protocol implementation is difficult. In this paper, we propose model-driven security verification throughout software evolution. It consists of two major methods: 1) reverse engineering method to translate a program into Petri net model; 2) model-driven verification method to confirm that the security protocol implementation is valid. Concretely, for a program X that implements a security protocol specification A, does its derivation Y also implement A? The answer is yes if Y inherits the behaviour of X. We apply behavioural inheritance analysis to verify security protocol implementation. We also illustrate the methods with an example in software evolution.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Embedded Systems (IJES):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com