Abstract
Security services are essential for ensuring secure communications. Typically no consideration is given to security requirements during the initial stages of system development. Security is only added latter as an afterthought in function of other factors such as the environment into which the system is to be inserted, legal requirements, and other kinds of constraints. In this work we introduce a methodology for the specification of security requirements intended to assist developers in the design, analysis, and implementation phases of protocol development. The methodology consists of an extension of the ITU-T standard requirements language MSC and HMSC, called SRSL, defined as a high level language for the specification of security protocols. In order to illustrate it and evaluate its power, we apply the new methodology to a real world example, the integration of an electronic notary system into a web-based multi-users service platform.
Chapter PDF
Similar content being viewed by others
References
ITU-T Recommendation Z.100 (11/99), Specification and Description Language (SDL), Geneva (1999)
ITU-T Recommendation Z.120 (11/99), Message Sequence Charts (MSC-2000), Geneva (1999)
Jurjëns, J.: Towards development of secure systems using UMLsec. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, p. 187. Springer, Heidelberg (2001)
Lopez, J., Ortega, J.J., Troya, J.M.: Protocol Engineering Applied to Formal Analysis of Security Systems. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, p. 246. Springer, Heidelberg (2002)
Lopez, J., Ortega, J.J., Troya, J.M.: Verification of authentication protocols using SDL-Method. In: Workshop of Information Security, Ciudad-Real- SPAIN (April 2002)
Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: Proceedings of DISCEX 2000, pp. 237–250. IEEE Comp. Society Press, Los Alamitos (2000)
Menezes, A., Van Oorschot, P.C., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Millen, J., Denker, G.: CAPSL integrated protocol environment. In: DARPA Information Survivability Conference (DISCEX 2000), IEEE Computer Society, Los Alamitos (2000)
Denker, M.J., Capsl, G., Mucapsl, J.: Telecommunications and Information Technology (2002)
Object Management Group, http://www.omg.org/
Ryan, P., Schneider, S.: The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley, Reading (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Lopez, J., Ortega, J.J., Vivas, J., Troya, J.M. (2003). How to Specify Security Services: A Practical Approach. In: Lioy, A., Mazzocchi, D. (eds) Communications and Multimedia Security. Advanced Techniques for Network and Data Protection. CMS 2003. Lecture Notes in Computer Science, vol 2828. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45184-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-45184-6_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20185-4
Online ISBN: 978-3-540-45184-6
eBook Packages: Springer Book Archive