Publication
Formal Security Analysis of Electronic Software Distribution Systems
The 27th International Conference on Computer Safety, Reliability and Security (SAFECOMP 2008)
Author(s): Monika Maidl, David von Oheimb, Peter Hartmann, Richard Robinson
Year: 2008
Publisher: Springer LNCS
Editors: Michael Harrison and Mark-Alexander Sujan
Keywords:loadable software, infrastructure, information issurance, safety, system architecture,
software engineering, safety, security, certification, formal methods
Abstract:
Software distribution to target devices like factory controllers,
medical instruments, vehicles or airplanes is increasingly performed
electronically over insecure networks. Such software often implements vital
functionality, and so the software distribution process can be highly critical,
both from the safety and the security perspective. In this paper, we introduce a
novel software distribution system architecture with a generic core component,
such that the overall software transport from the supplier to the target device is
an interaction of several instances of this core component communicating over
insecure networks. The main advantage of this architecture is reduction of
development and certification costs. The second contribution of this paper
describes the validation and verification of the proposed system. We use a mix
of formal methods, more precisely the AVISPA tool, and the Common Criteria
(CC) methodology, to achieve high confidence in the security of the software
distribution system at moderate costs.
Copyright © 2008 Boeing, Siemens, and FH Landshut
Preprint
Slides
BibTeX entry:
@inproceedings{SAFECOMP08-Siemens-FHLandshut-Boeing,
author = {Monika Maidl and Oheimb, David von and Peter Hartmann and Richard Robinson},
title = {Formal Security Analysis of Electronic Software Distribution Systems},
booktitle = {Proc. of the 27th International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
editor = {Michael Harrison and Mark-Alexander Sujan},
publisher = {Springer},
series = {LNCS},
volume = 5219,
pages = {415--428},
year = 2008,
note = {\url{http://ddvo.net/papers/SAFECOMP08.html}},
abstract = {
Software distribution to target devices like factory controllers,
medical instruments, vehicles or airplanes is increasingly performed
electronically over insecure networks. Such software often implements vital
functionality, and so the software distribution process can be highly critical,
both from the safety and the security perspective. In this paper, we introduce a
novel software distribution system architecture with a generic core component,
such that the overall software transport from the supplier to the target device is
an interaction of several instances of this core component communicating over
insecure networks. The main advantage of this architecture is reduction of
development and certification costs. The second contribution of this paper
describes the validation and verification of the proposed system. We use a mix
of formal methods, more precisely the AVISPA tool, and the Common Criteria
(CC) methodology, to achieve high confidence in the security of the software
distribution system at moderate costs.
}
}