Kuzman Katkalov

Model-Driven Testing of Security Protocols with SecureMDD

Designing and executing test cases for security protocols is a tedious and technically complicated process. The SecureMDD approach allows intuitive, model-driven development of security-critical applications based on cryptographic protocols. With this paper we introduce a method which combines the model-driven approach used in SecureMDD with the design of functional and security tests. We construct and evaluate new modeling guidelines that allow the modeler to easily define such test cases during the modeling stage. We also implement model transformation routines to generate runnable tests for applications developed with SecureMDD.

Modeling test cases for security protocols with SecureMDD

Designing and executing test cases for security-critical protocols is a technically complicated and tedious process. SecureMDD is a model-driven approach that enables development of security-critical applications based on cryptographic protocols. In this paper we introduce a method which combines the model-driven approach used in SecureMDD with the design of functional and security tests. We construct and evaluate new modeling guidelines that allow the modeler to easily define such test cases during the modeling stage. We also implement model transformation routines to generate runnable tests for actual implementation of applications developed with SecureMDD.

Integrating a Model-Driven Approach and Formal Verification for the Development of Secure Service Applications

We present SecureMDD, a development method for secure service applications that integrates a model-driven approach with formal specification techniques using abstract state machines (ASMs), refinement to code and verification with the interactive theorem prover KIV. A larger case study is used to highlight various aspects of the method with a focus on services and their formal verification.

Evaluation of Jif and Joana as Information Flow Analyzers in a Model-Driven Approach

Checking for information leaks in real-world applications is a difficult task. IFlow is a model-driven approach which allows to develop information flow-secure applications using intuitive modeling guidelines. It supports the automatic generation of partial Java code while also providing the developer with the ability to formally verify complex information flow properties. To simplify the formal verification, we integrate an automatic Java application information flow analyzer, allowing to check simple noninterference properties. In this paper, we evaluate both Jif and Joana as such analyzers to determine the best suiting information flow control tool in the context of, but not limited to the IFlow approach.

Declassification of Information with Complex Filter Functions

Many applications that handle private or confidential data release part of this data in a controlled manner through filter functions. However, it can be difficult to reason formally about exactly what or how much information is declassified. Often, anonymity is measured by reasoning about the equivalence classes of all inputs to the filter that map to the same output. An observer or attacker that sees the output of the filter then only knows that the secret input belongs to one of these classes, but not the exact input. We propose a technique suitable for complex filter functions together with a proof method, that additionally can provide meaningful guarantees. We illustrate the technique with a DistanceTracker app in a leaky and a non-leaky version.

Modeling information flow properties with UML

Providing guarantees regarding the privacy of sensitive information in a distributed system consisting of mobile apps and services is a challenging task. Our IFlow approach allows the model-driven development of such systems, as well as the automatic generation of code and a formal model. In this paper, we introduce modeling guidelines for the design of intuitive, flexible and expressive information flow properties with UML. Further, we show how these properties can be guaranteed using a combination of automatic language-based information flow control and model-based interactive verification.

Abstracting security-critical applications for model checking in a model-driven approach

Model checking at the design level makes it possible to find protocol flaws in security-critical applications automatically. But depending on the size of the application and especially on the abstraction of the application model, model checking may need a lot of resources, primarily time. To reduce the complexity, the application models are usually highly abstracted. But in a model-driven approach with automatic generation of runnable applications the application models need to be detailed and are often too complex to check in reasonable time. In this paper we describe an approach to handle this problem by using additional UML models to restrict the protocol runs, the attacker abilities and the numbers of participants. This makes model checking of large applications in our model-driven approach called SecureMDD possible without manual abstraction of the generated specifications. For model checking we use AVANTSSAR and show how the restrictions modeled within UML are translated. We demonstrate our approach with a smart card based electronic ticketing example.

Formalizing Information Flow Control in a Model-Driven Approach

Information flow control is a promising formal technique to guarantee the privacy and desired release of our data in an always connected world. However, it is not easy to apply in practice. IFlow is a model-driven approach that supports the development of distributed systems with information flow control. A system is modeled with UML and automatically transformed into a formal specification as well as Java code. This paper shows how the this specification is generated and presents several advantages of a model-driven approach for information flow control.

Code Abstractions for Automatic Information Flow Control in a Model-Driven Approach.

Automatic information flow control (IFC) can be used to guarantee the absence of information leaks in security-critical applications. However, IFC of real-world, complex, distributed systems is challenging. In this paper, we show how a model-driven approach for development of such applications consisting of mobile apps and web services can help solve those challenges using automatic code abstractions.

Secure Integration of Third Party Components in a Model-Driven Approach

Model-driven approaches facilitate the development of applications by introducing domain-specific abstractions. Our model-driven approach called SecureMDD supports the domain of security-critical applications that use web services. Because many applications use external web services i.e. services developed and provided by someone else, the integration of such web services is an important task of a model-driven approach. In this paper we present an approach to integrate and exchange external developed web services that use standard or non-standard cryptographic protocols, in security-critical applications. All necessary information is defined in an abstract way in the application model, which means that no manual changes of the generated code are necessary. We also show how security properties for the whole system including external web services can be defined and proved. For demonstration we use an electronic ticketing case study that integrates an external payment service.