Towards formal specification of abstract security properties.
Formal methods, especially in the field of model checking, have been used traditionally to analyse security solutions in order to determine whether they fulfil certain properties. Practical results have proven the suitability and advantages of the use of formal approaches for this purpose. However, in these works the definition of the different security properties shows two main problems: (i) properties are frequently assumed to have a universal definition; and (ii) the definition of security properties is strongly dependent on the underlying verification model. In this paper we introduce a different approach to the formal specification of security properties. We argue that security properties should be defined in formal, intuitive and abstract terms, and that reasoning mechanisms must exist for these specifications in order to relate different properties. Our goal is to reason about properties in order to guarantee interoperability of these properties and consequently of the solutions complying with them.
A. Maña and G. Pujol. Towards formal specification of abstract security properties. Third International Conference on Availability, Reliability and Security, Barcelona, 2008, pp. 80-87, doi: 10.1109/ARES.2008.202.