Copy the page URI to the clipboard
Yu, Yijun; Piwek, Paul; Tun, Thein Than and Nuseibeh, Bashar
(2014).
URL: http://cmna.csc.liv.ac.uk//CMNA14/Yu.pdf
Abstract
The satisfaction of software security requirements can be argued using supporting facts and domain assumptions. Sometimes, these facts or assumptions may be questioned, as more knowledge about vulnerabilities becomes available. This results in rebuttals that can be derived from the new information. In this paper, we outline an extension of our OpenArgue tool with an explanation facility that makes a rebuttal more transparent by showing, step by step, why the original security argument does not hold. We achieve this by using the output of the Alligator theorem prover, which constructs explicit and checkable proof objects. We illustrate the feasibility of this approach by applying it to an existing case study of a PIN entry device which involves a security argument that has been rebutted. The output of the prover enables us to unpack the logical reasoning behind the rebuttal at a much greater level of detail. This promises to be useful for argument explanation.