Formal methods have provided approaches for investigating software engineering
fundamentals and also have high potential to improve current practices in dependability …

Attacks against computer systems can cause considerable economic or physical damage.
High-quality development of security-critical systems is difficult, mainly because of the …

We show how a variety of confidentiality properties can be expressed in terms of the
abstraction mechanisms that CSP provides. We argue that determinism of the abstracted low …

In the recent years, many formalizations of security properties have been proposed, most of
which are based on different underlying models and are consequently difficult to compare. A …

Various formulations of non-interference have been proposed to try to characterise the
absence of information flows in system or network. There is still no consensus in the …

The Semantics of Circus Page 1 The Semantics of Circus Jim Woodcock1 and Ana Cavalcanti2
1 Oxford University Computing Laboratory Wolfson Building, Parks Road, Oxford, UK …

We discuss the issues involved in modelling and verifying key-exchange protocols within the
framework of CSP and its model-checking tool FDR. Expressing such protocols within a …

We show how UML (the industry standard in object-oriented modelling) can be used to
express security requirements during system development. Using the extension …

In this paper we define a combination of Object-Z and CSP called CSP-OZ. The basic idea is
to define a CSP-semantics for every Object-Z class. Special care is taken to capture the …

The Compositional Security Checker (CoSeC for short) is a semantic-based tool for the
automatic verification of some compositional information flow properties. The specifications …