{"title":"安全考试的建模与验证研究综述","authors":"Diego Marmsoler","doi":"10.1145/3545182","DOIUrl":null,"url":null,"abstract":"Exams are an important way for assessing people’s skills and, as such, play a key role in establishing meritocracy in modern societies. To be effective, however, exams need to be fair and secure against tampering which is where Rosario Giustolisi’s book “Modelling and Verification of Secure Exams” [5] comes to a rescue. Over 133 pages, the book describes how to formalize and verify various types of exams. It is best suited for an audience with background in formal methods as well as security wanting to learn more about how formal methods can be used for the design and analysis of secure exam protocols. The book provides a nice overview of key elements of different types of exams, leading to a good understanding of exam protocols in general. To start with, the book introduces basic aspects of an exam, such as roles and principals, phases, and potential threats. In addition, different types of exams, such as traditional, computer-assisted, computer-based, internet-assisted, and internet-based, are identified and briefly discussed. The book even shows how to formally model an exam in the applied pi-calculus [1] as the concurrent execution of different types of processes, such as candidates, examiners, question committee, collector, and remaining authorities. Of particular interest are the various security requirements identified for exams and the way they are formalized. To this end, the book describes three types of security requirements: Authentication is formalized in terms of correspondence properties of the form “if a certain event happens then another event must have happened before”. Privacy requirements are formalized as special kind of bisimilarity requirements. To formalize verifiability requirements, the author first introduces an alternative definition of an exam (compared to the process algebraic one) based on basic set theory. Verifiability is then formulated as a predicate-logic formula over the model. Here, clarity is diminished by the fact that the book uses a mix of two different formalisms: while the applied","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":" ","pages":"1 - 3"},"PeriodicalIF":1.4000,"publicationDate":"2022-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Review on Modelling and Verification of Secure Exams\",\"authors\":\"Diego Marmsoler\",\"doi\":\"10.1145/3545182\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Exams are an important way for assessing people’s skills and, as such, play a key role in establishing meritocracy in modern societies. To be effective, however, exams need to be fair and secure against tampering which is where Rosario Giustolisi’s book “Modelling and Verification of Secure Exams” [5] comes to a rescue. Over 133 pages, the book describes how to formalize and verify various types of exams. It is best suited for an audience with background in formal methods as well as security wanting to learn more about how formal methods can be used for the design and analysis of secure exam protocols. The book provides a nice overview of key elements of different types of exams, leading to a good understanding of exam protocols in general. To start with, the book introduces basic aspects of an exam, such as roles and principals, phases, and potential threats. In addition, different types of exams, such as traditional, computer-assisted, computer-based, internet-assisted, and internet-based, are identified and briefly discussed. The book even shows how to formally model an exam in the applied pi-calculus [1] as the concurrent execution of different types of processes, such as candidates, examiners, question committee, collector, and remaining authorities. Of particular interest are the various security requirements identified for exams and the way they are formalized. To this end, the book describes three types of security requirements: Authentication is formalized in terms of correspondence properties of the form “if a certain event happens then another event must have happened before”. Privacy requirements are formalized as special kind of bisimilarity requirements. To formalize verifiability requirements, the author first introduces an alternative definition of an exam (compared to the process algebraic one) based on basic set theory. Verifiability is then formulated as a predicate-logic formula over the model. Here, clarity is diminished by the fact that the book uses a mix of two different formalisms: while the applied\",\"PeriodicalId\":50432,\"journal\":{\"name\":\"Formal Aspects of Computing\",\"volume\":\" \",\"pages\":\"1 - 3\"},\"PeriodicalIF\":1.4000,\"publicationDate\":\"2022-06-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Formal Aspects of Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3545182\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Formal Aspects of Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3545182","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
Review on Modelling and Verification of Secure Exams
Exams are an important way for assessing people’s skills and, as such, play a key role in establishing meritocracy in modern societies. To be effective, however, exams need to be fair and secure against tampering which is where Rosario Giustolisi’s book “Modelling and Verification of Secure Exams” [5] comes to a rescue. Over 133 pages, the book describes how to formalize and verify various types of exams. It is best suited for an audience with background in formal methods as well as security wanting to learn more about how formal methods can be used for the design and analysis of secure exam protocols. The book provides a nice overview of key elements of different types of exams, leading to a good understanding of exam protocols in general. To start with, the book introduces basic aspects of an exam, such as roles and principals, phases, and potential threats. In addition, different types of exams, such as traditional, computer-assisted, computer-based, internet-assisted, and internet-based, are identified and briefly discussed. The book even shows how to formally model an exam in the applied pi-calculus [1] as the concurrent execution of different types of processes, such as candidates, examiners, question committee, collector, and remaining authorities. Of particular interest are the various security requirements identified for exams and the way they are formalized. To this end, the book describes three types of security requirements: Authentication is formalized in terms of correspondence properties of the form “if a certain event happens then another event must have happened before”. Privacy requirements are formalized as special kind of bisimilarity requirements. To formalize verifiability requirements, the author first introduces an alternative definition of an exam (compared to the process algebraic one) based on basic set theory. Verifiability is then formulated as a predicate-logic formula over the model. Here, clarity is diminished by the fact that the book uses a mix of two different formalisms: while the applied
期刊介绍:
This journal aims to publish contributions at the junction of theory and practice. The objective is to disseminate applicable research. Thus new theoretical contributions are welcome where they are motivated by potential application; applications of existing formalisms are of interest if they show something novel about the approach or application.
In particular, the scope of Formal Aspects of Computing includes:
well-founded notations for the description of systems;
verifiable design methods;
elucidation of fundamental computational concepts;
approaches to fault-tolerant design;
theorem-proving support;
state-exploration tools;
formal underpinning of widely used notations and methods;
formal approaches to requirements analysis.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
