Abstract:To develop trustworthy distributed systems, verification techniques and formal methods, including lightweight and practical approaches, have been employed to certify the design or implementation of security protocols. Lightweight formal methods offer a more accessible alternative to traditional fully formalised techniques by focusing on simplified models and tool support, making them more applicable in practical settings. The technical advantages of formal verification over manual testing are increasingly recognised in the cybersecurity community. However, for practitioners, formal modelling and verification are often too complex and unfamiliar to be used routinely. In this paper, we present an Eclipse IDE for the design, verification, and implementation of security protocols and evaluate its effectiveness, including feedback from users in educational settings. It offers user-friendly assistance in the formalisation process as part of a Model-Driven Development approach. This IDE centres around the Alice & Bob (AnB) notation, the AnBx Compiler and Code Generator, the OFMC model checker, and the ProVerif cryptographic protocol verifier. For the evaluation, we identify the six most prominent limiting factors for formal method adoption, based on relevant literature in this field, and we consider the IDE's effectiveness against those criteria. Additionally, we conducted a structured survey to collect feedback from university students who have used the toolkit for their projects. The findings demonstrate that this contribution is valuable as a workflow aid and helps users grasp essential cybersecurity concepts, even for those with limited knowledge of formal methods or cryptography. Crucially, users reported that the IDE has been an important component to complete their projects and that they would use again in the future, given the opportunity.

A Practical Approach to Formal Methods: An Eclipse Integrated Development Environment (IDE) for Security Protocols

Interactive support for secure programming education.

Supporting secure programming in web applications through interactive static analysis.

Formal Reasoning Using an Iterative Approach with an Integrated Web IDE

Evaluating formal model verification tools in an industrial context: the case of a smart device life cycle management system

Towards Enabling Overture as a Platform for Formal Notation IDEs

Model-Driven Engineering for Formal Verification and Security Testing of Authentication Protocols

A Survey of Practical Formal Methods for Security

Towards a Data Centric Approach for the Design and Verification of Cryptographic Protocols

A Structured Approach To The Formal Certification Of Safety Of Computer Aided Development Tools

Towards A Broader Acceptance Of Formal Verification Tools: The Role Of Education

DeepSec: Deciding Equivalence Properties for Security Protocols -- Improved theory and practice

A Generic Methodology for the Modular Verification of Security Protocol Implementations (extended version)

Establishing and Fixing Security Protocols Weaknesses Using a Logic-based Verification Tool.

Embedding Secure Coding Instruction into the IDE: A Field Study in an Advanced CS Course.

Pattern-Based Approach to Modelling and Verifying System Security.

User-Guided Verification of Security Protocols via Sound Animation

Automated Logic-Based Technique for Formal Verification of Security Protocols

Formalization and Verification of Reconfigurable Discrete-event System Using Model Driven Engineering and Isabelle/HOL

An Integrated Development Environment for the Prototype Verification System

Evaluation of Formal IDEs for Human-Machine Interface Design and Analysis: The Case of CIRCUS and PVSio-web