Abstract
(English)
|
An essential prerequisite for the prosperous growth of electronic commerce business and electronic government is that the underlying protocols provide the security properties needed. Yet a design and analysis methodology for secure protocols in these areas does not exist. Thus CASENET will develop methodologies and tools to build secure and reliable protocols for transactions involved in e-commerce and e-government applications. Using the project's results, the protocol generation process will start with the informal specification of the actions and the security requirements. These will be transformed into a formal specification, which will finally be analysed with respect to the desired security properties. Feedback of the analysis can be used for a redesign of the protocol(s). Moreover, existing protocols already being deployed can be transformed into input appropriate for the tools in order to test their security and reliability. User Trials will evaluate the methodologies and tools.
Objectives:
The objectives of CASENET are to develop and implement a tool-supported framework for the systematic specification, design and analysis of e-commerce and e-government transactions to produce protocols with proven security properties, and to assist in code generation for these protocols.
The methodologies and tools developed by the project will:
1. enable the designer of an e-commerce or e-government application to generate a formal protocol specification with the desired security properties
2. be usable for the security analysis of protocols already deployed
3. after successful analysis, assist in transforming the formal protocol specification into final code
4. provide test cases for testing the code with respect to the initial requirements and services for real-time auditing in order to check that the participants of a protocol act according to the description.
Work description:
The work in CASENET has four main components, the first one being the scientific one (WP2 and WP3). These two workpackages will both start with investigating and evaluating existing methods, tools, languages, to decide on those to use.
Based on these decisions, methodologies and tools will be developed:
1. For the specification of the actions and security requirements of e-commerce and e-government application
2. For its transformation into a formal specification of protocols and transactions providing the relevant security properties, for the transformation of already existing protocols and transactions into a format appropriate for the design tools, and for using the feedback of the analysis for a redesign of the protocols and transactions (WP2)
3. For the analysis of the protocols and transactions with respect to these security properties, for test case generation, and for services for real-time auditing (to check that the protocol participants act properly) (WP3).WP4 as the second project component deals with the integration of the tools into a software package, with basic interfaces for the applications designer for interaction.
The third main component of CASENET are the trials to be performed by the Trial partners (WP5). Three different trial scenarios will be provided for validation and evaluation of methodologies and tools. Finally, the fourth project component comprises Project Management (WP1) and exploitation and dissemination of the project's results (WP6). WP2 and WP3 will start with the beginning of the project. As these include a revision phase after the first User trials, WP2 and WP3 will last until the end of the project. WP4 will start with month 4, after decisions have been made, since we expect some tools, languages etc. to be available as a starting point. Trials will start at project begin with a trial preparation phase and will continue until the end of the project, parallel to the development of methodologies and tools.
Milestones:
- M3 Decision on Existing Approaches, Formal Languages and Tools to use.
- M8 External review and User Trial/Scenario Preparation.
- M12 First Prototype of Specification, Design And Analysis Methodologies and Tools, Integration of Tools.
- M18 Methodology for Existing Protocols and Analysis Feedback, Trials on Beta Version of Methodologies and Tools.
- M24 Final Version of Methodologies and Tools.
|
