Shoichi Morimoto

A Survey of Formal Verification for Business Process Modeling

Information systems have to respond well to the changing business environment. Thus, they must have architecture which withstands the change. To design such systems, business process modeling is effective, however, the models include often abstractness and arbitrariness. Therefore, there have been efforts that validate rigorousness of the models. They have defined semantics of the models and applied various logics and formal methods to verification of the rigorousness. This paper focuses on formal verification of the models and surveys the efforts. We also discuss the prospect of the solutions. The establishment of the verification will be surely helpful toward solving the problems on business process reengineering, business process management, service-oriented architecture, and so on.

Formal verification of security specifications with common criteria

This paper proposes a formalization and verification technique for security specifications, based on common criteria. Generally, it is difficult to define reliable security properties that should be applied to validate an information system. Therefore, we have applied security functional requirements that are defined in the ISO/IEC 15408 common criteria to the formal verification of security specifications. We formalized the security criteria of ISO/IEC 15408 and developed a process, using Z notation, for verifying security specifications. We also demonstrate some examples of the verification instances using the theorem prover Z/EVES. In the verification process, one can verify strictly whether specifications satisfy the security criteria defined in ISO/IEC 15408.

Application of COBIT to Security Management in Information Systems Development

COBIT is a collection of good practices and processes for IT governance. It provides the effective measures, indicators and activities for enterprise. COBIT has also been applied to the other governance, e. g., software process, security governance, IT service management. However, since COBIT is too general-purpose, it requires deep expert knowledge for the implementation of each application. Although the guideline of security management is also published, its contents are abstract. Therefore, we examined the contents of COBIT and defined a framework which specializes in security engineering from the guideline. This paper presents the framework and its application to information systems development. The framework effectively utilizes the COBIT-based security management and solves various subjects of security in the development.

A security requirement management database based on ISO/IEC 15408

With the scale-spreading and diversification of information systems, security requirements for the systems are being more and more complicated. It is desirable to apply database technologies to information security engineering in order to manage the security requirements in design and development of the systems. This paper proposes a security requirement management database based on the international standard ISO/IEC 15408 that defines security functional requirements which should be satisfied by various information systems. The database can aid design and development of information systems that require high security such that it enables to suitably refer to required data of security requirements.

A security specification verification technique based on the international standard ISO/IEC 15408

This paper proposes a security specification verification technique based on the international standard ISO/IEC 15408. We formalized the security criteria of ISO/IEC 15408 and developed the verification technique of security specifications based on the formalized criteria with formal methods. With the technique, one can formally verify whether or not specifications satisfy the security criteria of ISO/IEC 15408. Ambiguity and/or oversight about security in specifications written in natural language can also be detected.

Patterning Protection Profiles by UML for Security Specifications

A protection profile is a security specification template that defines an implementation-independent set of IT security requirements for a category of information systems. The protection profiles have also been certified to satisfy the international standard ISO/IEC 15408 security criteria. However, because the protection profiles are complicated and their classifications are not clear, they are not widely used. This paper proposes an approach to model protection profiles as UML patterns. By using the patterns, designers and developers can easily specify security issues of target systems to satisfy ISO/IEC 15408 criteria. The paper also shows how to verify specifications with the patterns by theorem-proving and model-checking technologies

Classification, formalization and verification of security functional requirements

This paper proposes a new hybrid method to formally verify whether the security specification of a target information system satisfies security functional requirements defined in ISO/IEC 15408 evaluation criteria for security. We classify at first the security functional requirements of ISO/IEC 15408 into two classes: static requirements concerning static properties and dynamic requirements concerning dynamic behavior of target systems, and then formalize the static requirements with Z notation and the dynamic requirements with temporal logic. Thus, we can verify static properties using theorem-proving and dynamic behavior using model-checking. As a result, developers can easily use the method to verify whether the security specification of a target information system satisfies both static and dynamic security functional requirements defined in ISO/IEC 15408. The new method is an evolution and improvement of our early verification method where only Z notation was adapted and to verify dynamic behavior of target systems is difficult.

A Security Specification Library with a Schemaless Database

In order to develop highly secure information systems, it is important to make a security specification of the systems, although it requires heavy labor. Thus database technologies have been applied to software engineering and information security engineering for practical reuse of security specifications. However, because the specifications do not have fixed layout, it is difficult to develop a flexible and useful library for the documents with conventional database technologies. Therefore, this paper proposes a security specification library with a schemaless native XML database. Users of the library can directly store and manage security specifications with any layout. Consequently, the library mitigates the labor for making security specifications.

A web user interface of the security requirement management database based on ISO/IEC 15408

In order to support design and development of secure information systems, we have proposed a security requirement management database based on the international standard ISO/IEC 15408. Design and development of secure information systems concern issues of information security engineering as well as software engineering. Our security requirement management database will be useful in practices only if we can provide its users with a highly usable user interface. This paper presents the design and development of a web user interface of our security requirement management database. We analyze and define usability requirements that the database should satisfy, present design and implementation of the web user interface, and show some examples for evaluating the interface from the viewpoint of usability engineering.

Security in persistently reactive systems

From the viewpoints of dependable computing and ubiquitous computing, a new type of reactive systems, named Persistently Reactive Systems, was proposed. Persistently reactive systems cause some new security issues because of their continuous and persistent running without stopping their services. Based on the recognition that a persistently reactive systems can be constructed following the methodology of soft system buses, this paper defines security issues in persistently reactive systems with security requirements and security functions. To solve the issues, we propose a framework of SSB-connector, such that designers and developers can easily design and develop reliable and secure functional components of a persistently reactive system.