Your search keyword '"automated verification"' showing total 37 results

1. Quantitative Access Control Policy Analysis and Repair Using Model Counting

Author

Eiers, William

Subjects

Computer science, Automata, Automated Verification, Model Counting, Policy Analysis, Quantitative Analysis, Software Engineering

Abstract

Due to ubiquitous use of software services, protecting the confidentiality of private information stored in compute clouds is becoming an increasingly critical problem. Although access control specification languages and libraries provide mechanisms for protecting confidentiality of information, without verification and validation techniques that can assist users in writing policies, complex policy specifications are likely to have errors that can lead to unintended and unauthorized access to data, possibly with disastrous consequences. Current state-of-the art approaches focus on either assertion checking which requires manual specification of assertions (which may not be available or difficult to write) or compare existing policies and report binary results (such as policy 1 is more permissive than policy 2). These techniques however cannot perform quantitative analysis on policies (how much more permissive is policy 1 than policy 2?). It is crucial to develop automated approaches for quantitatively assessing properties of access control policies.Model counting is an emerging area with applications in quantitative analysis. A model counting constraint solver computes the number of solutions for a given constraint within a given bound. Recently, model counting constraint solvers have also been applied to automating quantitative software verification, analysis and security tasks. The goal in quantitative program analysis is not to just give a ``yes'' or ``no'' answer, but to also quantify the result. For example, rather than answering if there is information leakage in a program with a ``yes'' or ``no'' answer, quantitative analysis techniques can compute the amount of information leaked. In this dissertation, we first discuss state-of-the-art techniques for model counting using automata-theoretic techniques and its applications in quantitative program analysis. We then introduce the revamped model counting constraint solver ABC2. Next, we discuss how model counting techniques can be combined with traditional policy analysis approaches to perform quantitative analysis of access control policies, culminating in the open-source policy analysis tool Quacky. At the end, we introduce a quantitative symbolic analysis approach for automated policy repair for fixing overly permissive policies.

Published

2023

2. Rational verification: game-theoretic verification of multi-agent systems.

Author

Abate, Alessandro, Gutierrez, Julian, Hammond, Lewis, Harrenstein, Paul, Kwiatkowska, Marta, Najib, Muhammad, Perelli, Giuseppe, Steeples, Thomas, and Wooldridge, Michael

Subjects

COMPUTER science, MULTIAGENT systems, ARTIFICIAL intelligence

Abstract

We provide a survey of the state of the art of rational verification: the problem of checking whether a given temporal logic formula ϕ is satisfied in some or all game-theoretic equilibria of a multi-agent system – that is, whether the system will exhibit the behavior ϕ represents under the assumption that agents within the system act rationally in pursuit of their preferences. After motivating and introducing the overall framework of rational verification, we discuss key results obtained in the past few years as well as relevant related work in logic, AI, and computer science. [ABSTRACT FROM AUTHOR]

Published

2021

3. AUTOMATION AND GAMIFICATION OF COMPUTER SCIENCE STUDY.

Author

ZSIGMOND, IMRE

Subjects

GAMIFICATION, COLLEGE teachers, AUTOMATION, SCIENCE teachers, COMPUTER science

Abstract

A large part of the job of a university teacher in computer science is to verify student exercises. The task of verifying correctness, coding style, conventions, and grading is laborious and if done correctly leaves little time for questions. Automating aspects of this work helps all parties involved by freeing time up for questions. The solution detailed in the paper automates a number of these tasks and provides near instant feedback for the students, together with a platform to gamify student learning. [ABSTRACT FROM AUTHOR]

Published

2019

4. Automated Verification of Building Components Using BIM Models and Point Clouds

Author

Pavol Mayer, Gabriela Bariczová, Ján Erdélyi, Tomas Funtik, and Richard Honti

Subjects

Computer science, 0211 other engineering and technologies, Point cloud, 020101 civil engineering, 02 engineering and technology, 0201 civil engineering, Computational science, lcsh:TA1-2040, point clouds, 021105 building & construction, bim, automated verification, ifc, verification of buildings, lcsh:Engineering (General). Civil engineering (General)

Abstract

One of the most important parts of construction work is the verification of the geometry of the parts of structures and buildings constructed. Today this procedure is often semi- or fully automated. The paper introduces an approach for the automated verification of parts of buildings, by comparing the design of a building (as-planned model), derived from a Building Information Model (BIM) in an Industry Foundation Classes (IFC) exchange format to a terrestrial laser scanning (TLS) point cloud (as-built model). The approach proposed has three main steps. The process begins with the acquisition of information from the as-planned model in the IFC exchange format; the second step is the automated (wall) plane segmentation from the point cloud. In the last step, the two models mentioned are compared to determine the deviations from the design, and the as-built wall flatness quantification is also executed. The potential of the proposed algorithm is shown in a case-study.

Published

2020

5. Resource Provisioning Strategies for BPMN Processes: Specification and Analysis using Maude

Author

Camilo Rocha, Francisco Durán, Gwen Salaün, Universidad de Málaga [Málaga] = University of Málaga [Málaga], Pontificia universidad Javeriana, Cali, Construction of verified concurrent systems (CONVECS ), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire d'Informatique de Grenoble (LIG), Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP ), Université Grenoble Alpes (UGA)-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes (UGA)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP ), and Université Grenoble Alpes (UGA)

Subjects

Maude, Logic, Computer science, Business process, BPMN, 02 engineering and technology, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], Theoretical Computer Science, Business process management, Business Process Model and Notation, Resource (project management), Business processes, 0202 electrical engineering, electronic engineering, information engineering, automated verification, business.industry, resource provisioning, Probabilistic logic, simulation-based analysis, 020207 software engineering, Provisioning, computer.file_format, rewriting logic, Computational Theory and Mathematics, 020201 artificial intelligence & image processing, Rewriting, Executable, business, Software engineering, computer, Software

Abstract

International audience; Business process optimization is a strategic activity in organizations because of its potential to increase profit margins and reduce operational costs. One of the main challenges in this activity is concerned with the problem of optimizing allocation and sharing of resources. Companies are continuously adjusting their resources to their needs following different strategies. However, the dynamic provisioning strategies are hard to compare. This paper proposes an automatic analysis technique to evaluate and compare the execution time and resource occupancy of a business process relative to a workload and a provisioning strategy. Four different strategies are presented, which are guided-respectively-by recent resource usage, recent resource request, predicted behavior, and a combination of available strategies. Such analysis is performed on models conforming to an extension of BPMN with quantitative information, including resource availability and constraints. Within this framework, the approach is fully mechanized using a formal and executable specification in the Maude rewriting logic framework, which relies on existing techniques and tools for simulating probabilistic and real-time specifications. The paper includes results on the extensive experimentation that has been carried out for validation purposes.

Published

2021

6. A Framework for Model and Verification of Safety-Critical Operating System Based on ARINC653

Author

Dianfu Ma and Wenjing Xu

Subjects

Correctness, TK7800-8360, Computer Networks and Communications, business.industry, Computer science, Proof assistant, ARINC653, Context (language use), computer.software_genre, Mathematical proof, Formal methods, Automation, Formal proof, Hardware and Architecture, Control and Systems Engineering, context-based, Signal Processing, Operating system, automated verification, Electrical and Electronic Engineering, Electronics, business, formal verification, Formal verification, computer

Abstract

As the scale and complexity of safety-critical software continue to grow, it is necessary to ensure safety and reliability to avoid minor errors leading to catastrophic disasters. Meantime, the traditional method, such as testing and simulation alone is insufficient to ensure the correctness of systems. This leads to using formal methods to provide sufficient evidence for systems. However, design a high assurance safety-critical system by formal methods is challenging due to the complexity of operating systems. In addition, the traditional interactive theorem prover used in system verification requires hand-written proofs, which are more expensive. Therefore, the efforts of providing a standardized formal framework as well as safety proofs, are notable for the develop a safety-critical system. The purpose of this paper is to provide a safety framework to establish a highly reliable and safety-critical operating system based on the ARINC653 standard, a multilevel and standardized formal model. To verify the functional correctness of this model, we propose a context-based formal proof method for programs. To achieve this goal, we first model 57 core services of ARINC653 and define the high-level requirements as pre-and post-conditions. Then, we construct a set of specification statements a formal axiom system transformed into logical sentences, and the core service model is transformed into a logical sentence sequence to be proved. Finally, a context-based formal proof system for specification correctness is developed. We have verified the correctness of safety-critical operating system core services with this system. Experience shows that the verification system we developed can be achieved the functional correctness of a complete OS with a low implement burden, and that can simplify the difficulty of automated verification and increase the degree of automation of proof.

Published

2021

7. Towards efficient verification of population protocols

Author

Michael Blondin, Philipp J. Meyer, Stefan Jaax, and Javier Esparza

Subjects

FOS: Computer and information sciences, Computer Science - Logic in Computer Science, Correctness, Theoretical computer science, Reachability problem, Computer science, Population, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Article, Theoretical Computer Science, Software, 0202 electrical engineering, electronic engineering, information engineering, education, Population protocols, Protocol (science), education.field_of_study, Class (computer programming), Automated verification, business.industry, Model of computation, Petri net, Logic in Computer Science (cs.LO), Decidability, ddc, Computer Science - Distributed, Parallel, and Cluster Computing, Hardware and Architecture, 010201 computation theory & mathematics, 020201 artificial intelligence & image processing, Distributed, Parallel, and Cluster Computing (cs.DC), business, Termination

Abstract

Population protocols are a well established model of computation by anonymous, identical finite state agents. A protocol is well-specified if from every initial configuration, all fair executions reach a common consensus. The central verification question for population protocols is the well-specification problem: deciding if a given protocol is well-specified. Esparza et al. have recently shown that this problem is decidable, but with very high complexity: it is at least as hard as the Petri net reachability problem, which is EXPSPACE-hard, and for which only algorithms of non-primitive recursive complexity are currently known. In this paper we introduce the class WS3 of well-specified strongly-silent protocols and we prove that it is suitable for automatic verification. More precisely, we show that WS3 has the same computational power as general well-specified protocols, and captures standard protocols from the literature. Moreover, we show that the membership problem for WS3 reduces to solving boolean combinations of linear constraints over N. This allowed us to develop the first software able to automatically prove well-specification for all of the infinitely many possible inputs., 29 pages, 1 figure

Published

2021

8. Gobra: Modular Specification and Verification of Go Programs

Author

Peter Müller, Felix A. Wolf, Wytse Oortwijn, Martin Clochard, João C. Pereira, Linard Arquint, Silva, Alexandra, and Leino, K. Rustan M.

Subjects

Separation logic, Automated verification, Deductive verification, Programming language, Computer science, Concurrency, Interfaces, 020207 software engineering, Program logics, Channel-based concurrency, 02 engineering and technology, Formal methods, Modular specification, computer.software_genre, Subtyping, Imperative programming, System programming, 020204 information systems, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, 0202 electrical engineering, electronic engineering, information engineering, computer, Heap (data structure)

Abstract

Go is an increasingly-popular systems programming language targeting, especially, concurrent and distributed systems. Go differentiates itself from other imperative languages by offering structural subtyping and lightweight concurrency through goroutines with message-passing communication. This combination of features poses interesting challenges for static verification, most prominently the combination of a mutable heap and advanced concurrency primitives. We present Gobra, a modular, deductive program verifier for Go that proves memory safety, crash safety, data-race freedom, and user-provided specifications. Gobra is based on separation logic and supports a large subset of Go. Its implementation translates an annotated Go program into the Viper intermediate verification language and uses an existing SMT-based verification backend to compute and discharge proof obligations., Lecture Notes in Computer Science, 12759, ISSN:0302-9743, ISSN:1611-3349, Computer Aided Verification, 33rd International Conference, CAV 2021, Virtual Event, July 20–23, 2021, Proceedings, Part I, ISBN:978-3-030-81684-1, ISBN:978-3-030-81685-8

Published

2021

9. Random Probing Security: Verification, Composition, Expansion and New Constructions

Author

Sonia Belaïd, Abdul Rahman Taleb, Matthieu Rivain, Emmanuel Prouff, Jean-Sébastien Coron, CryptoExperts, University of Luxembourg [Luxembourg], Agence nationale de la sécurité des systèmes d'information (ANSSI), Polynomial Systems (PolSys), LIP6, Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS)-Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS), and This work is partly supported by the French FUI-AAP25 VeriSiCC project.

Subjects

Computer science [C05] [Engineering, computing & technology], 050101 languages & linguistics, Automated verification, Theoretical computer science, Computer science, Physical reality, Masking countermeasure, 05 social sciences, Compiler, 02 engineering and technology, Adversary, Random probing model, Sciences informatiques [C05] [Ingénierie, informatique & technologie], computer.software_genre, Mathematical proof, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Masking, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, computer, Implementation

Abstract

International audience; The masking countermeasure is among the most powerful countermeasures to counteract side-channel attacks. Leakage models have been exhibited to theoretically reason on the security of such masked implementations. So far, the most widely used leakage model is the probing model defined by Ishai, Sahai, and Wagner at (CRYPTO 2003). While it is advantageously convenient for security proofs, it does not capture an adversary exploiting full leakage traces as, e.g., in horizontal attacks. Those attacks target the multiple manipulations of the same share to reduce noise and recover the corresponding value. To capture a wider class of attacks another model was introduced and is referred to as the random probing model. From a leakage parameter p, each wire of the circuit leaks its value with probability p. While this model much better reflects the physical reality of side channels, it requires more complex security proofs and does not yet come with practical constructions. In this paper, we define the first framework dedicated to the random probing model. We provide an automatic tool, called VRAPS, to quantify the random probing security of a circuit from its leakage probability. We also formalize a composition property for secure random probing gadgets and exhibit its relation to the strong non-interference (SNI) notion used in the context of probing security. We then revisit the expansion idea proposed by Ananth, Ishai, and Sahai (CRYPTO 2018) and introduce a compiler that builds a random probing secure circuit from small base gadgets achieving a random probing expandability property. We instantiate this compiler with small gadgets for which we verify the expected properties directly from our automatic tool. Our construction can tolerate a leakage probability up to 2 −8 , against 2 −25 for the previous construction, with a better asymptotic complexity.

Published

2020

10. Tornado: Automatic Generation of Probing-Secure Masked Bitsliced Implementations

Author

Sonia Belaïd, Raphaël Wintersdorff, Pierre-Évariste Dagand, Darius Mercadier, Matthieu Rivain, CryptoExperts, Well Honed Infrastructure Software for Programming Environments and Runtimes ( Whisper), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-LIP6, Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS)-Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS), This work is partly supported by the French FUI-AAP25 VeriSiCC project, the Émergence(s) program of the City of Paris and the EDITE doctoral school., and Well Honed Infrastructure Software for Programming Environments and Runtimes (Whisper)

Subjects

050101 languages & linguistics, Class (computer programming), Automated verification, Cryptographic primitive, [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL], Computer science, business.industry, 05 social sciences, Cryptographic implementations, Compiler, Bitslice, 02 engineering and technology, Computer security model, computer.software_genre, Masking, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Tornado, business, Formal verification, computer, Implementation

Abstract

International audience; Cryptographic implementations deployed in real world devices often aim at (provable) security against the powerful class of side-channel attacks while keeping reasonable performances. Last year at Asiacrypt, a new formal verification tool named tightPROVE was put forward to exactly determine whether a masked implementation is secure in the well-deployed probing security model for any given security order t. Also recently, a compiler named Usuba was proposed to automatically generate bitsliced implementations of cryptographic primitives.This paper goes one step further in the security and performances achievements with a new automatic tool named Tornado. In a nutshell, from the high-level description of a cryptographic primitive, Tornado produces a functionally equivalent bitsliced masked implementation at any desired order proven secure in the probing model, but additionally in the so-called register probing model which much better fits the reality of software implementations. This framework is obtained by the integration of Usuba with tightPROVE+, which extends tightPROVE with the ability to verify the security of implementations in the register probing model and to fix them with inserting refresh gadgets at carefully chosen locations accordingly.We demonstrate Tornado on the lightweight cryptographic primitives selected to the second round of the NIST competition and which somehow claimed to be masking friendly. It advantageously displays performances of the resulting masked implementations for several masking orders and prove their security in the register probing model.

Published

2020

11. Automatic security verification of mobile app configurations

Author

Gabriele Costa, Luca Verderame, Alessio Merlo, and Alessandro Armando

Subjects

Automated verification, SIMPLE (military communications protocol), Computer Networks and Communications, Computer science, Distributed computing, Bring your own device, 020207 software engineering, 02 engineering and technology, Policy enforcement, Computer security model, Static analysis, BYOD paradigm, Computer security, computer.software_genre, Security policy, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, BYOD paradigm, Android security, Partial model checking, Policy enforcement, Automated verification, State (computer science), Android security, Mobile device, computer, Partial model checking, Software

Abstract

The swift and continuous evolution of mobile devices is encouraging both private and public organizations to adopt the Bring Your Own Device (BYOD) paradigm. As a matter of fact, the BYOD paradigm drastically reduces costs and increases productivity by allowing employees to carry out business tasks on their personal devices. However, it also increases the security concerns, since a compromised device could disruptively access the resources of the organization. The current mobile application distribution model based on application markets does not cope with this issue. In a previous work the concept of secure meta-market has been introduced as a mean to distribute mobile applications always guaranteed to comply with any given BYOD policy. This is achieved through a suitable combination of static analysis (i.e.model checking) and code instrumentation techniques. Although crucial, enforcing security policies over individual applications is not sufficient in general. Indeed, several well documented threats arise from the malicious interaction among applications which are harmless if isolated. In this paper, a novel technique for the security verification of groups of mobile app is proposed. The approach relies on partial model checking (PMC) to extend the existing security guarantees to groups of applications. The experimental results demonstrate the viability of the approach. Moreover, we show through a case study that even a fairly simple security policy can be violated by applications which are compliant if considered one by one. A practical approach to the validation of groups of mobile apps is presented.The approach relies on partial model checking for mitigating state explosion.Experiments on real applications show that the technique scales on real systems.The solution is integrated with a prototype of the Secure Meta-Market (SMM).

Published

2018

12. Automated generation of hybrid automata for multi-rigid-body mechanical systems and its application to the falsification of safety properties

Author

Michael D. O'Toole and Eva Navarro Lopez

Subjects

0209 industrial biotechnology, Hybrid systems, Dynamical systems theory, Computer science, Bounded model checking, 02 engineering and technology, 020901 industrial engineering & automation, Formal specification, Dynamical systems, Computational methods, 0202 electrical engineering, electronic engineering, information engineering, Complex behaviours, Simulation, Hybrid automata models, Automated verification, Applied Mathematics, Control engineering, Computer simulation, Rigid body, Computer Science Applications, Automaton, Mechanical system, Control and Systems Engineering, Modeling and Simulation, Hybrid system, Transition system, 020201 artificial intelligence & image processing, Electronic design automation, Design automation, Software, Systems with impacts and friction

Abstract

What if we designed a tool to automatically generate a dynamical transition system for the formal specification of mechanical systems subject to multiple impacts, contacts and discontinuous friction? Such a tool would represent an advance in the description and simulation of these complex systems. This is precisely what this paper offers: Dyverse Rigid Body Toolbox (DyverseRBT). This tool requires a sufficiently expressive computational model that can accurately describe the behaviour of the system as it evolves over time. For this purpose, we propose an alternative abstraction of multi-rigid-body mechanical systems with multiple contacts as an extended version of the classical hybrid automaton, which we call multi-rigid-body hybrid automaton. One of the chief characteristics of the multi-rigid-body hybrid automaton is the inclusion of computation nodes to encode algorithms to calculate the contact forces. The computation nodes consist of a set of non-dynamical discrete locations, discrete transitions and guards between these locations, and resets on transitions. They can account for the energy transfer not explicitly considered within the rigid-body formalism. The proposed modelling framework is well-suited for the automated verification of dynamical properties of realistic mechanical systems. We show this by the falsification of safety properties over the transition system generated by DyverseRBT.

Published

2017

13. A Rewriting Logic Approach to Resource Allocation Analysis in Business Process Models

Author

Francisco Durán, Gwen Salaün, Camilo Rocha, Universidad de Málaga [Málaga] = University of Málaga [Málaga], Pontificia universidad Javeriana, Cali, Construction of verified concurrent systems (CONVECS ), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire d'Informatique de Grenoble (LIG ), and Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019])-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019])

Subjects

Maude, Business process, Computer science, resource allocation, BPMN, 02 engineering and technology, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], computer.software_genre, Business Process Model and Notation, Resource (project management), Business processes, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, automated verification, [INFO]Computer Science [cs], ComputingMilieux_MISCELLANEOUS, Programming language, 020207 software engineering, computer.file_format, Business process modeling, rewriting logic, executable specification, Resource allocation, Rewriting, Executable, State (computer science), computer, Software

Abstract

This paper presents an approach for the modeling and analysis of resource allocation for business processes. It enables the automatic computation of measures for precisely identifying and optimizing the allocation of resources in business processes, including resource usage over time. The proposed analysis, especially suited to support decision-making strategies, is illustrated with a case study of a parcel ordering and delivery by drones that is developed throughout the paper. The paper comprises an encoding of a significant and expressive subset of the Business Process Model and Notation (BPMN) in rewriting logic, an executable logic of concurrent change that can naturally deal with state and with concurrent computations. The encoding is by itself a formal semantics and interpreter of the BPMN subset that captures all concurrent behavior and thus is used to simulate the concurrent evolution of any business process with a given number of resources and replicas.

Published

2019

14. A METHODOLOGY FOR DESIGN SPACE EXPLORATION OF REAL-TIME LOCATION SYSTEMS

Author

D.A. Kirov, R. Passerone, and A.A. Ozhiganov

Subjects

Computer science, Design space exploration, Real-time computing, Design flow, cyber-physical systems, localization, lcsh:QA75.5-76.95, design space exploration, real-time location systems, automated verification, lcsh:QC350-467, Statement (computer science), statistical model checking, Class (computer programming), Mechanical Engineering, Cyber-physical system, Problem statement, ИЗУЧЕНИЕ ПРОСТРАНСТВА ПРОЕКТНЫХ РЕШЕНИЙ,DESIGN SPACE EXPLORATION,ЛОКАЛИЗАЦИЯ,LOCALIZATION,ПОЗИЦИОНИРОВАНИЕ,POSITIONING,СИСТЕМЫ ПОЗИЦИОНИРОВАНИЯ ОБЪЕКТОВ В РЕАЛЬНОМ ВРЕМЕНИ,ИМИТАЦИОННОЕ МОДЕЛИРОВАНИЕ,SIMULATION,СИМУЛЯЦИЯ,АВТОМАТИЗИРОВАННАЯ ВЕРИФИКАЦИЯ,AUTOMATED VERIFICATION,СТАТИСТИЧЕСКАЯ ПРОВЕРКА МОДЕЛЕЙ,STATISTICAL MODEL CHECKING,СЕТЕВЫЕ ВСТРОЕННЫЕ СИСТЕМЫ,ВСТРАИВАЕМЫЕ СИСТЕМЫ,EMBEDDED SYSTEMS,КИБЕРФИЗИЧЕСКИЕ СИСТЕМЫ,CYBER-PHYSICAL SYSTEMS,REAL-TIME LOCATION SYSTEMS,RTLS,NETWORKED EMBEDDED SYSTEMS,CPS, RTLS, Formal methods, simulation, Atomic and Molecular Physics, and Optics, Computer Science Applications, Electronic, Optical and Magnetic Materials, Real-time locating system, positioning, Systems engineering, networked embedded systems, embedded systems, CPS, lcsh:Electronic computers. Computer science, lcsh:Optics. Light, Information Systems

Abstract

Scope of Research. This paper deals with the problem of design space exploration for a particular class of networked embedded systems called Real-Time Location Systems (RTLS). Methods. The paper contains a clear and detailed plan of an ongoing research and could be considered as a review, a vision and a statement of objectives. Analytical and formal methods, simulation and automated verification will be involved in the research. Main Results. Analysis of the state of the art (current design flow, existing simulation tools and verification techniques) has revealed several limitations for performing efficient design space exploration of RTLS, especially for safety-critical applications. The review part of the paper also contains a clear problem statement. The main outcome of this research is the proposed vision of a novel methodology for determining the best-suited technology and its configuration from the space of potential solutions. In particular, it is planned to extend an existing simulation framework and apply automated verification techniques. The latter will be used for checking simulation results and also for exploring different system configuration alternatives, that is, to optimize the design, which is a novel approach. A case study for validating the methodology is also proposed. Practical Significance. The proposed methodology will highly increase the breadth of design space exploration of RTLS as well as the confidence on taken design decisions. It will also contribute to optimizing the design.

Published

2015

15. Deductive Verification of the Sliding Window Protocol

Author

D. A. Chkliaev and V. A. Nepomniaschy

Subjects

Economics and Econometrics, interactive theorem proving, Correctness, Computer science, Distributed computing, формальная спецификация, Information technology, Formal proof, коммуникационные протоколы, sliding window protocol, отказоустойчивость, Sliding window protocol, Materials Chemistry, Media Technology, Computer Science::Networking and Internet Architecture, automated verification, Protocol (object-oriented programming), протокол скользящего окна, Computer Science::Cryptography and Security, formal specification, pvs, lcsh:T58.5-58.64, lcsh:Information technology, Proof assistant, Degree of parallelism, Forestry, T58.5-58.64, автоматизированная верификация, Selective Repeat ARQ, communication protocols, fault tolerance, Communications protocol, интерактивное доказательство теорем

Abstract

We consider the well-known Sliding Window Protocol which provides reliable and efficient transmission of data over unreliable channels. A formal proof of correctness for this protocol faces substantial difficulties caused by a high degree of parallelism which creates a significant potential for errors. Here we consider a version of the protocol that is based on selective repeat of frames. The specification of the protocol by a state machine and its safety property are represented in the language of the verification system PVS. Using the PVS system, we give an interactive proof of this property of the Sliding Window Protocol.

Published

2015

16. Contributions to Formal Specification and Modular Verification of Parallel and Sequential Software

Author

Weide, Alan

Subjects

Computer Science, automated verification, automated reasoning, parallel programming, concurrent programming, C++, software engineering

Abstract

Modular verification of parallel and concurrent software built from reusable data abstractions is a challenging problem. Reasoning about sequential software can be modularized using the specifications of data abstractions, but the need to consider implementation details complicates reasoning about parallel execution.Addressing this challenge requires advancing the state of the art in several ways, beginning with a theoretical foundation. The A/P Calculus for describing the effects of program actions is developed in this dissertation to enable sound modular reasoning about parallel programs with non-interfering parallel sections of operation calls on abstract data types. Building on the calculus and a programming language with clean semantics, a methodology for designing decomposable data abstractions is presented to produce fork-join parallel programs that are manifestly data race free and readily amenable to modular reasoning. A new specification construct, the non-interference contract, is proposed to enhance the specification of data abstractions to hide implementation details and yet facilitate modular reasoning about parallel programs that share objects among processes.As a key first step to transition these results to practice, this dissertation describes Clean++, a discipline for writing software in C++ that leverages move semantics to make ownership transfer the primary data movement operation (as opposed to either deep or shallow copying) and produce programs that are amenable to formal verification with only minimal scaffolding related to pointer manipulation.

Published

2021

17. Formally Verifying Flow Properties in Industrial Systems

Author

Maxime Puys, Jannik Dreier, Jean-Louis Roch, Pascal Lafourcade, Marie-Laure Potet, Proof techniques for security protocols (PESTO), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), VERIMAG (VERIMAG - IMAG), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019]), Université Clermont Auvergne [2017-2020] (UCA [2017-2020]), Laboratoire d'Informatique, de Modélisation et d'Optimisation des Systèmes (LIMOS), Ecole Nationale Supérieure des Mines de St Etienne-Centre National de la Recherche Scientifique (CNRS)-Université Clermont Auvergne [2017-2020] (UCA [2017-2020]), This work has been partially funded by the CNRS PEPS SISC ASSI 2016., ANR-11-LABX-0025,PERSYVAL-lab,Systemes et Algorithmes Pervasifs au confluent des mondes physique et numérique(2011), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Université Clermont Auvergne [2017-2020] (UCA [2017-2020])-Centre National de la Recherche Scientifique (CNRS), and Ecole Nationale Supérieure des Mines de St Etienne-Université Clermont Auvergne [2017-2020] (UCA [2017-2020])-Centre National de la Recherche Scientifique (CNRS)

Subjects

[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Computer science, industrial systems, Systems engineering, Industrial systems, automated verification, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, SCADA, Flow properties, Security protocols, [INFO.INFO-CL]Computer Science [cs]/Computation and Language [cs.CL], symbolic model, flow integrity

Abstract

International audience; In contrast to other IT systems, industrial systems often do not only require classical properties like data confidentiality or authentication of the communication, but have special needs due to their interaction with physical world. For example, the reordering or deletion of some commands sent to a machine can cause the system to enter an unsafe state with potentially catastrophic effects. To prevent such attacks, the integrity of the message flow is necessary. We provide a formal definition of Flow Integrity. We apply our framework to two well-known industrial protocols: OPC-UA and MODBUS. Using TAMARIN, a cryptographic protocol verification tool, we confirm that most of the secure modes of these protocols ensure Flow Integrity given a resilient network. However, we also identify a weakness in a supposedly secure version of MODBUS.

Published

2017

18. Modeling and verification of insider threats using logical analysis

Author

Florian Kammüller and Christian W. Probst

Subjects

Formal modeling, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, HOL, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, Higher-order logic, Insider, Insider threats, EC Grant Agreement nr.: FP7/2007-2013, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Formal verification, Automated verification, Context model, 021103 operations research, SCS-Cybersecurity, Proof assistant, Insider threat, Computer Science Applications, EC Grant Agreement nr.: FP7/318003, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, Control and Systems Engineering, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, 020201 artificial intelligence & image processing, computer, Information Systems

Abstract

In this paper, we combine formal modeling and analysis of infrastructures of organizations with sociological explanation to provide a framework for insider threat analysis. We use the higher order logic (HOL) proof assistant Isabelle/HOL to support this framework. In the formal model, we exhibit and use a common trick from the formal verification of security protocols, showing that it is applicable to insider threats. We introduce briefly a three-step process of social explanation, illustrating that it can be applied fruitfully to the characterization of insider threats. We introduce the insider theory constructed in Isabelle that implements this process of social explanation. To validate that the social explanation is generally useful for the analysis of insider threats and to demonstrate our framework, we model and verify the insider threat patterns of entitled independent and Ambitious Leader in our Isabelle/HOL framework.

Published

2017

19. Checking Business Process Evolution

Author

Ajay Krishna, Gwen Salaün, Pascal Poizat, Modélisation et Vérification (MoVe), Laboratoire d'Informatique de Paris 6 (LIP6), Université Pierre et Marie Curie - Paris 6 (UPMC)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre et Marie Curie - Paris 6 (UPMC)-Centre National de la Recherche Scientifique (CNRS), Université Paris Nanterre (UPN), Construction of verified concurrent systems (CONVECS ), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire d'Informatique de Grenoble (LIG ), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019])-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Centre National de la Recherche Scientifique (CNRS)-Université Grenoble Alpes [2016-2019] (UGA [2016-2019]), LIP6, and Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS)-Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Process modeling, Process (engineering), Business process, Computer science, Model transformation, Process calculus, BPMN, 02 engineering and technology, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], computer.software_genre, LNT, Business process discovery, Business Process Model and Notation, Business process management, Business processes, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Web application, automated verification, [INFO]Computer Science [cs], computer.programming_language, Artifact-centric business process model, Business rule, Programming language, business.industry, model transformation, 020207 software engineering, Business process modeling, Workflow, Code refactoring, 020201 artificial intelligence & image processing, Software engineering, business, computer, Software

Abstract

International audience; Business processes support the modeling and the implementation of software as workflows of local and inter-process activities. Taking over structuring and composition, evolution has become a central concern in software development. We advocate it should be taken into account as soon as the modeling of business processes, which can thereafter be made executable using process engines or model-to-code transformations. We show here that business process evolution needs formal analysis in order to compare different versions of processes, identify precisely the differences between them, and ensure the desired consistency. To reach this objective, we first present a model transformation from the BPMN standard notation to the LNT process algebra. We then propose a set of relations for comparing business processes at the formal model level. With reference to related work, we propose a richer set of comparison primitives supporting renaming, refinement, property- and context-awareness. Thanks to an implementation of our approach that can be used through a Web application, we put the checking of evolution within the reach of business process designers.

Published

2016

20. PSYNC: A partially synchronous language for fault-tolerant distributed algorithms

Author

Cezara Drăgoi, Thomas A. Henzinger, Damien Zufferey, Analyse Statique par Interprétation Abstraite (ANTIQUE), Département d'informatique - ENS Paris (DI-ENS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), Institute of Science and Technology [Austria] (IST Austria), Computer Science and Artificial Intelligence Laboratory [Cambridge] (CSAIL), Massachusetts Institute of Technology (MIT), Département d'informatique de l'École normale supérieure (DI-ENS), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), and Institute of Science and Technology [Klosterneuburg, Austria] (IST Austria)

Subjects

Consensus, Scala, Computer science, Distributed computing, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Runtime system, 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], Round model, Formal verification, Implementation, computer.programming_language, Abstraction (linguistics), Automated verification, 020207 software engineering, Lockstep, Computer Graphics and Computer-Aided Design, Asynchrony (computer programming), 020202 computer hardware & architecture, 010201 computation theory & mathematics, Asynchronous communication, Distributed algorithm, 020201 artificial intelligence & image processing, Partially synchrony, computer, Fault-tolerant distributed algorithms, Software

Abstract

International audience; Fault-tolerant distributed algorithms play an important role in many critical/high-availability applications. These algorithms are notoriously difficult to implement correctly, due to asynchronous communication and the occurrence of faults, such as the network dropping messages or computers crashing. We introduce PSYNC, a domain specific language based on the Heard-Of model, which views asynchronous faulty systems as synchronous ones with an adversarial environment that simulates asyn-chrony and faults by dropping messages. We define a runtime system for PSYNC that efficiently executes on asynchronous networks. We formalise the relation between the runtime system and PSYNC in terms of observational refinement. This high-level synchronous abstraction introduced by PSYNC simplifies the design and implementation of fault-tolerant distributed algorithms and enables automated formal verification. We have implemented an embedding of PSYNC in the SCALA programming language with a runtime system for partially synchronous networks. We show the applicability of PSYNC by implementing several important fault-tolerant distributed algorithms and we compare the implementation of consensus algorithms in PSYNC against implementations in other languages in terms of code size, runtime efficiency, and verification.

Published

2016

21. Dynamic consistency in process algebra: From Paradigm to ACP

Author

Andova, S., Groenewegen, L.P.J., Vink, de, E.P., Poizat, P., Sirjani, M., Visualization and 3D User Interfaces, Computer Security, and Formal System Analysis

Subjects

coordination, Theoretical computer science, Correctness, General Computer Science, Process (engineering), Computer science, Process calculus, computer.software_genre, Operational semantics, Theoretical Computer Science, mCRL2, Component (UML), automated verification, Dynamic consistency, Abstraction (linguistics), Job shop scheduling, Programming language, Verification, Process algebra, Work in process, Collaboration, Paradigm, Algebra, Dynamic constraint, Branching bisimulation, computer, Software, Computer Science(all)

Abstract

The coordination modelling language Paradigm addresses collaboration between components in terms of dynamic constraints. Within a Paradigm model, component dynamics are consistently specified at various levels of abstraction. The operational semantics of Paradigm is given. For a large, general subclass of Paradigm models a translation into process algebra is provided. Once expressed in process algebra, relying on a correctness result, Paradigm models are amenable to process algebraic reasoning and to verification via the mCRL2 toolset. Examples of a scheduling problem illustrate the approach.

Published

2011

22. Detection Of Control Flow Errors In Parallel Programs At Compile Time

Author

Bruce P. Lester

Subjects

Computer science, Programming language, parallel programming, automated verification, parallel compilers, deadlock, control flow graph, frequency analysis, Parallel computing, computer.software_genre, Control flow analysis, Control flow, Program analysis, Manifest expression, Parallel programming model, Compiler, computer, Compile time, Compiler correctness

Abstract

This paper describes a general technique to identify control flow errors in parallel programs, which can be automated into a compiler. The compiler builds a system of linear equations that describes the global control flow of the whole program. Solving these equations using standard techniques of linear algebra can locate a wide range of control flow bugs at compile time. This paper also describes an implementation of this control flow analysis technique in a prototype compiler for a well-known parallel programming language. In contrast to previous research in automated parallel program analysis, our technique is efficient for large programs, and does not limit the range of language features.

Published

2010

23. Verification of consensus algorithms using satisfiability solving

Author

André Schiper and Tatsuhiro Tsuchiya

Subjects

Model checking, Paxos, Consensus, Distributed Consensus, Theoretical computer science, Computer Networks and Communications, Computer science, Agreement, Induction, Time, Theoretical Computer Science, State space, Formal verification, Bounded Model Checking, Systems, Abstraction model checking, Tree traversal, Computational Theory and Mathematics, Automated Verification, Solver, Hardware and Architecture, Theory of computation, Fault-tolerant distributed algorithms

Abstract

Consensus is at the heart of fault-tolerant distributed computing systems. Much research has been devoted to developing algorithms for this particular problem. This paper presents a semi-automatic verification approach for asynchronous consensus algorithms, aiming at facilitating their development. Our approach uses model checking, a widely practiced verification method based on state traversal. The challenge here is that the state space of these algorithms is huge, often infinite, thus making model checking infeasible. The proposed approach addresses this difficulty by reducing the verification problem to small model checking problems that involve only single phases of algorithm execution. Because a phase consists of a small, finite number of rounds, bounded model checking, a technique using satisfiability solving, can be effectively used to solve these problems. The proposed approach allows us to model check several consensus algorithms up to around 10 processes.

Published

2010

24. Separation Logic Verification of C Programs with an SMT Solver

Author

Matko Botinčan, Matthew Parkinson, Wolfram Schulte, Huuck, Ralf, Klein, Gerwin, and Schlich, Bastian

Subjects

High-level verification, Separation logic, Functional verification, General Computer Science, Programming language, Computer science, automated theorem proving, computer.software_genre, Theoretical Computer Science, Automated theorem proving, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, Satisfiability modulo theories, automated verification, Bunched logic, Automated reasoning, C programming language, computer, Logic optimization, Computer Science(all)

Abstract

This paper presents a methodology for automated modular verification of C programs against specifications written in separation logic. The distinguishing features of the approach are representation of the C memory model in separation logic by means of rewrite rules suitable for automation and the careful integration of an SMT solver behind the separation logic prover to guide the proof search.

Published

2009

25. A Robust Framework for Securing Composed Web Services

Author

Najah Ben Said, Saddek Bensalem, Marius Bozga, Takoua Abdellatif, Bozga, Marius, VERIMAG (VERIMAG - IMAG), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Grenoble (INPG)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Université Joseph Fourier - Grenoble 1 (UJF), and Université de Carthage - University of Carthage

Subjects

computer.internet_protocol, Computer science, dependency flow graph, Sherwood Applied Business Security Architecture, Data security, 02 engineering and technology, computer.software_genre, Logical security, 03 medical and health sciences, 0302 clinical medicine, component-based systems, 0202 electrical engineering, electronic engineering, information engineering, automated verification, Database, business.industry, 020207 software engineering, Computer security model, 030227 psychiatry, [INFO.INFO-ES] Computer Science [cs]/Embedded Systems, Business Process Execution Language, Security service, Software security assurance, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, Web service, Software engineering, business, computer, information flow security, non-interference

Abstract

International audience; This paper proposes a framework that automatically checks and configures data security in Web Services starting from high level business requirements. We consider BPEL-based composed Web Services. BPEL processes and initial security parameters are represented as component-based models labeled with security annotations. These models are formal and enable automated analysis and synthesis of security configurations, under the guidance of the service designer. The security property considered is the non-interference. The overall approach is practical since security is defined separately from functional processes and automatically verified. We illustrate its utility to solve intricate security problems using a smart grid application.

Published

2015

26. Automated verification of the FreeRTOS scheduler in HIP/SLEEK

Author

Guanhua He, João F. Ferreira, Cristian Gherghina, Shengchao Qin, Wei-Ngan Chin, and Universidade do Minho

Subjects

Correctness, Computer science, Embedded systems, 02 engineering and technology, Separation logic, computer.software_genre, Kernel (linear algebra), Component (UML), 0202 electrical engineering, electronic engineering, information engineering, Memory safety, Operating systems, Automated verification, FreeRTOS, Science & Technology, business.industry, Programming language, Process (computing), 020207 software engineering, HIP/SLEEK, Data structure, Task (computing), Task scheduler, Embedded system, 020201 artificial intelligence & image processing, business, computer, Software, Information Systems

Abstract

Automated verification of operating system kernels is a challenging problem, partly due to the use of shared mutable data structures. In this paper, we show how we can automatically verify memory safety and functional correctness properties of the task scheduler component of the FreeRTOS kernel using the verification system Hip/Sleek. We show how some of Hip/Sleek features such as user-defined predicates and lemmas make the specifications highly expressive and the verification process viable. To the best of our knowledge, this is the first code-level verification of memory safety and functional correctness properties of the FreeRTOS scheduler. The outcome of our experiment confirms that Hip/Sleek can indeed be used to verify code that is used in production. Moreover, since the properties that we verify are quite general, we envisage that the same approach can be adopted to verify components of other operating systems.

Published

2014

27. Model-Driven Information Flow Security for Component-Based Systems

Author

Marius Bozga, Takoua Abdellatif, Najah Ben Said, Saddek Bensalem, VERIMAG (VERIMAG - IMAG), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Grenoble (INPG)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Université Joseph Fourier - Grenoble 1 (UJF), and Saddek Bensalem and Yassine Lakhnech and Axel Legay

Subjects

unwinding conditions, Cloud computing security, Computer science, Distributed computing, Covert channel, Computer security model, Security policy, Security information and event management, Security service, Component (UML), component-based systems, automated verification, Network security policy, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, information flow security, non-interference

Abstract

International audience; This paper proposes a formal framework for studying information flow security in component-based systems. The security policy is defined and verified from the early steps of the system design. Two kinds of non-interference properties are formally introduced and for both of them, sufficient conditions that ensures and simplifies the automated verification are proposed. The verification is compositional, first locally, by checking the behavior of every atomic component and then globally, by checking the inter-components communication and coordination. The potential benefits are illustrated on a concrete case study about constructing secure heterogeneous distributed systems.

Published

2014

28. Automated verification of Prolog programs

Author

Baudouin Le Charlier, Sabina Rossi, Christophe Leclère, and Agostino Cortesi

Subjects

Automated verification, Horn clause, Theoretical computer science, Logic, Computer science, Programming language, Abstract interpretation, computer.software_genre, Datalog, Set (abstract data type), Prolog, Logic programs, Constraint programming, Abstract Interpretation, Logic Programs, computer, Logic programming, computer.programming_language, Declarative programming

Abstract

Although Prolog is (still) the most widely used logic language, it suffers from a number of drawbacks which prevent it from being truely declarative. The nondeclarative features such as the depth-first search rule are nevertheless necessary to make Prolog reasonably efficient. Several authors have proposed methodologies to reconcile declarative programming with the algorithmic features of Prolog. The idea is to analyse the logic program with respect to a set of properties such as modes, types, sharing, termination, and the like in order to ensure that the operational behaviour of the Prolog program complies with its logic meaning. Such analyses are tedious to perform by hand and can be automated to some extent. This paper presents a state-of-the-art analyser which allows one to integrate many individual analyses previously proposed in the literature as well as new ones. Conceptually, the analyser is based on the notion of abstract sequence which makes it possible to collect all kinds of desirable information, including relations between the input and output sizes of terms, multiplicity, and termination.

Published

1999

29. Automated Verification of Model. Transformations in the Automotive Industry

Author

James R. Cordy, Fabian Büttner, Gehan M. K. Selim, Juergen Dingel, Shige Wang, School of computing [Kingston], Queen's University [Kingston, Canada], LINA, Mines Nantes (Mines Nantes), Modeling Technologies for Software Production, Operation, and Evolution (ATLANMOD), Laboratoire d'Informatique de Nantes Atlantique (LINA), Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Mines Nantes (Mines Nantes)-Université de Nantes (UN)-Centre National de la Recherche Scientifique (CNRS)-Département informatique - EMN, Mines Nantes (Mines Nantes)-Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Research and Development [General Motors], General Motors [Warren], ACM and IEEE, and Ana Moreira and Bernhard Schaetz

Subjects

Functional verification, Computer science, Model Transformation, Model transformation, 020207 software engineering, 02 engineering and technology, [INFO.INFO-CL]Computer Science [cs]/Computation and Language [cs.CL], Intelligent verification, Transformation (function), AUTOSAR, Automated Verification, 0202 electrical engineering, electronic engineering, information engineering, Systems engineering, 020201 artificial intelligence & image processing, Verification, Automotive Industry, Software system, computer, Software verification, computer.programming_language

Abstract

International audience; Many companies have adopted MDD for developing their software systems. Several studies have reported on such industrial experiences by discussing the effects of MDD and the issues that still need to be addressed. However, only a few studies have discussed using automated verification of industrial model transformations. We previously demonstrated how transformations can be used to migrate GM legacy models to AUTOSAR models. In this study, we investigate using automated verification for such industrial transformations. We report on applying an automated verification approach to the GM-to-AUTOSAR transformation that is based on checking the satisfiability of a relational transformation representation, or a transformation model, with respect to well-formedness OCL constraints. An implementation of this approach is available as a prototype for the ATL language. We present the verification results of this transformation and discuss the practicality of using such tools on industrial size problems.

Published

2013

30. A run-time verification framework for smart grid applications implemented on simulation frameworks

Author

Selim Ciraci, Hasan Sözer, Bedir Tekinerdogan, Özyeğin University, and Sözer, Hasan

Subjects

Sensor networks, Computer science, Equipment testing, Smart grid applications, Power system simulation, Run-time verification, Smart power grids, Architecture, Code (cryptography), Automated verification, Software engineering, business.industry, Runtime verification, Simulation framework, Toolsets, Architectural levels, Smart grid, Feature (computer vision), Embedded system, Key (cryptography), Runtime observers, Key feature, business, Wireless sensor network

Abstract

Date of Conference: 18-26 May 2013 Conference name: 2nd International Workshop on Software Engineering Challenges for the Smart Grid (SE4SG), 2013 Smart grid applications are implemented and tested with simulation frameworks as the developers usually do not have access to large sensor networks to be used as a test bed. The developers are forced to map the implementation onto these frameworks which results in a deviation between the architecture and the code. On its turn this deviation makes it hard to verify behavioral constraints that are described at the architectural level. We have developed the ConArch toolset to support the automated verification of architecture-level behavioral constraints. A key feature of ConArch is programmable mapping for architecture to the implementation. Here, developers implement queries to identify the points in the target program that correspond to architectural interactions. ConArch generates runtime observers that monitor the flow of execution between these points and verifies whether this flow conforms to the behavioral constraints. We illustrate how the programmable mappings can be exploited for verifying behavioral constraints of a smart grid application that is implemented with two simulation frameworks. © 2013 IEEE.

Published

2013

31. Preface of Special issue on Automated Verification of Critical Systems (AVoCS'14)

Author

Marieke Huisman and Jaco van de Pol

Subjects

Model checking, Operations research, Computer science, CR-D.2.4, industrial systems, FMT-IA: INDUSTRIAL APPLICATION OF FORMAL METHODS, Formal Methods, critical systems, METIS-318452, EC Grant Agreement nr.: FP7/2007-2013, EWI-27002, International research, IR-100718, Automated verification, business.industry, Subject (documents), Formal methods, Abstract interpretation, EC Grant Agreement nr.: FP7/258405, Automated theorem proving, 2023 OA procedure, Industrial systems, Software engineering, business, Software, EC Grant Agreement nr.: FP7/287767

Abstract

AVoCS 2014, the 14th International Conference on Automated Verification of Critical Systems has been hosted by the University of Twente, and has taken place in Enschede, Netherlands, on 24-26 September, 2014. The aim of the AVoCS series is to contribute to the interaction and exchange of ideas among members of the international research community on tools and techniques for the verification of critical systems. The subject is to be interpreted broadly and inclusively. It covers all aspects of automated verification, including model checking, theorem proving, abstract interpretation, and refinement pertaining to various types of critical systems (safety-critical, security-critical, business-critical, performance-critical, etc.).

Published

2016

32. jStar-eclipse

Author

Matko Botinčan, Matthew Parkinson, Mike Dodds, Dino Distefano, Radu Grigore, Daiva Naudziuniene, Gymothy, Tibor, and Zeller, Andreas

Subjects

Java, Computer science, business.industry, Programming language, Visitor pattern, Pooling, Separation logic, computer.software_genre, Abstract reasoning, User experience design, Software design pattern, Software engineering, business, computer, Java annotation, automated verification, separation logic, Eclipse, computer.programming_language

Abstract

jStar is a tool for automatically verifying Java programs. It uses separation logic to support abstract reasoning about object specifications. jStar can verify a number of challenging design patterns, including Subject/Observer, Visitor, Factory and Pooling. However, to use jStar one has to deal with a family of command-line tools that expect specifications in separate files and diagnose the errors by inspecting the text output from these tools. In this paper we present a plug-in, called jStar-eclipse, allowing programmers to use jStar from within Eclipse IDE. Our plug-in allows writing method contracts in Java source files in form of Java annotations. It automatically translates Java annotations into jStar specifications and propagates errors reported by jStar back to Eclipse, pinpointing the errors to the locations in source files. This way the plug-in ensures an overall better user experience when working with jStar. Our end goal is to make automated verification based on separation logic accessible to a broader audience.

Published

2011

33. Rational verification: game-theoretic verification of multi-agent systems

Author

Julian Gutierrez, Thomas Steeples, Marta Kwiatkowska, Paul Harrenstein, Lewis Hammond, Alessandro Abate, Giuseppe Perelli, Muhammad Sharfi Najib, and Michael Wooldridge

Subjects

Theoretical computer science, Game theoretic, Computer science, Multi-agent system, Automated Synthesis, Multi-Agent Systems, Model Checking, Work (electrical), Game Theory, Artificial Intelligence, Automated Verification, Key (cryptography), Temporal logic, State (computer science)

Abstract

We provide a survey of the state of the art ofrational verification: the problem of checking whether a given temporal logic formulaϕis satisfied in some or all game-theoretic equilibria of a multi-agent system – that is, whether the system will exhibit the behaviorϕrepresents under the assumption that agents within the system act rationally in pursuit of their preferences. After motivating and introducing the overall framework of rational verification, we discuss key results obtained in the past few years as well as relevant related work in logic, AI, and computer science.

34. Automated analysis of security protocols with global state

Author

Robert Künnemann, Steve Kremer, Combination of approaches to the security of infinite states systems (CASSIS), Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174) (FEMTO-ST), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Department of Computer Science, TU Darmstadt, Technische Universität Darmstadt (TU Darmstadt), arXiv, European Project: 258865,EC:FP7:ERC,ERC-2010-StG_20091028,PROSECURE(2011), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Technische Universität Darmstadt - Technical University of Darmstadt (TU Darmstadt), Proof techniques for security protocols (PESTO), Inria Nancy - Grand Est, Saarland University [Saarbrücken], European Project: 645865,H2020 ERC,ERC-2014-CoG,SPOOC(2015), Programming securely with cryptography (PROSECCO), Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), and IEEE Computer Society

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Stateful security protocols, Theoretical computer science, Horn clause, Computer Networks and Communications, Computer science, Security APIs, Process calculus, 0102 computer and information sciences, 02 engineering and technology, computer.software_genre, Security token, 01 natural sciences, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 0202 electrical engineering, electronic engineering, information engineering, Safety, Risk, Reliability and Quality, Multiset, Automated verification, Programming language, Message passing, 020207 software engineering, Specification language, Cryptographic protocol, Computer security model, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, Pi calculus, 010201 computation theory & mathematics, Hardware and Architecture, 020201 artificial intelligence & image processing, State (computer science), Cryptography and Security (cs.CR), computer, Software

Abstract

International audience; Security APIs, key servers and protocols that need to keep the status of transactions, require to maintain a global, non-monotonic state, e.g., in the form of a database or register. However, most existing automated verification tools do not support the analysis of such stateful security protocols – sometimes because of fundamental reasons, such as the encoding of the protocol as Horn clauses, which are inherently monotonic. A notable exception is the recent tamarin prover which allows specifying protocols as multiset rewrite (msr) rules, a formalism expressive enough to encode state. As multiset rewriting is a " low-level " specification language with no direct support for concurrent message passing, encoding protocols correctly is a difficult and error-prone process. We propose a process calculus which is a variant of the applied pi calculus with constructs for manipulation of a global state by processes running in parallel. We show that this language can be translated to msr rules whilst preserving all security properties expressible in a dedicated first-order logic for security properties. The translation has been implemented in a prototype tool which uses the tamarin prover as a backend. We apply the tool to several case studies among which a simplified fragment of PKCS#11, the Yubikey security token, and an optimistic contract signing protocol.

35. Past pushdown timed automata and safety verification

Author

Zhe Dang, Richard A. Kemmerer, Tevfik Bultan, and Oscar H. Ibarra

Subjects

Nested word, Theoretical computer science, TheoryofComputation_COMPUTATIONBYABSTRACTDEVICES, General Computer Science, Nested stack automaton, Computer science, Reachability problem, Timed automaton, Temporal logic, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Past formulas, Theoretical Computer Science, Deterministic pushdown automaton, Presburger arithmetic, Reachability, Computer Science::Logic in Computer Science, 0202 electrical engineering, electronic engineering, information engineering, Two-way deterministic finite automaton, Timed automata, Automated verification, Context-free language, Pushdown automaton, 020207 software engineering, Embedded pushdown automaton, Automaton, Nondeterministic algorithm, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, 010201 computation theory & mathematics, Computer Science::Formal Languages and Automata Theory, Computer Science(all)

Abstract

We consider past pushdown timed automata that are discrete pushdown timed automata with past formulas as enabling conditions. Using past formulas allows a past pushdown timed automaton to access the past values of the finite state variables in the automaton. We prove that the reachability (i.e., the set of reachable configurations from an initial configuration) of a past pushdown timed automaton can be accepted by a nondeterministic reversal-bounded counter-machine augmented with a pushdown stack (i.e., a reversal-bounded NPCM). By using the known fact that the emptiness problem for reversal-bounded NPCMs is decidable, we show that model-checking past pushdown timed automata against Presburger safety properties on discrete clocks and stack word counts is decidable. We also investigate the reachability problem for a class of transition systems under some fairness constraints in the form of generalized past formulas. Finally, we present an example ASTRAL specification to demonstrate the usefulness of the results.

36. Formal design and verification of operational transformation algorithms for copies convergence

Author

Michaël Rusinowitch, Abdessamad Imine, Gérald Oster, Pascal Molli, Combination of approaches to the security of infinite states systems (CASSIS), Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174) (FEMTO-ST), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Centre National de la Recherche Scientifique (CNRS)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Environment for cooperation (ECOO), INRIA Lorraine, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS)-Université Henri Poincaré - Nancy 1 (UHP)-Université Nancy 2-Institut National Polytechnique de Lorraine (INPL)-Centre National de la Recherche Scientifique (CNRS), Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Belfort-Montbeliard (UTBM)-Ecole Nationale Supérieure de Mécanique et des Microtechniques (ENSMM)-Université de Franche-Comté (UFC), Université Bourgogne Franche-Comté [COMUE] (UBFC)-Université Bourgogne Franche-Comté [COMUE] (UBFC)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)

Subjects

Theoretical computer science, General Computer Science, Computer science, Distributed computing, Replication, 0102 computer and information sciences, 02 engineering and technology, Operational transformation, 01 natural sciences, Theoretical Computer Science, 020204 information systems, Convergence (routing), 0202 electrical engineering, electronic engineering, information engineering, Algebraic number, Formal verification, Collaborative software, Automated verification, Distributed groupware systems, business.industry, Algebraic specification, Replication (computing), 010201 computation theory & mathematics, Order (business), business, Algorithm, Computer Science(all)

Abstract

Distributed groupware systems provide computer support for manipulating objects such as a text document or a filesystem, shared by two or more geographically separated users. Data replication is a technology to improve performance and availability of data in distributed groupware systems. Indeed, each user has a local copy of the shared objects, upon which he may perform updates. Locally executed updates are then transmitted to the other users. This replication potentially leads, however, to divergent (i.e. different) copies. In this respect, Operational Transformation (OT) algorithms are applied for achieving convergence of all copies, i.e. all users view the same objects. Using these algorithms users can exchange their updates in any order since the convergence should be ensured in all cases. However, the design of such algorithms is a difficult and error-prone activity since building the correct updates for maintaining good convergence properties of the local copies requires examining a large number of situations. In this paper, we present the modelling and deductive verification of OT algorithms with algebraic specifications. We show in particular that many OT algorithms in the literature do not satisfy convergence properties unlike what was stated by their authors.

37. Automated verification of shape, size and bag properties via user-defined predicates in separation logic

Author

Shengchao Qin, Wei-Ngan Chin, Huu Hai Nguyen, and Cristina David

Subjects

Soundness, High-level verification, Automated verification, Separation logic, Functional verification, Computer science, Programming language, Runtime verification, Entailment checking, 020207 software engineering, 02 engineering and technology, computer.software_genre, Data structure, Intelligent verification, Inductive shape predicates with size and bag properties, 020204 information systems, Pointer (computer programming), TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, 0202 electrical engineering, electronic engineering, information engineering, computer, Software

Abstract

Despite their popularity and importance, pointer-based programs remain a major challenge for program verification. In recent years, separation logic has emerged as a contender for formal reasoning of pointer-based programs. Recent works have focused on specialized provers that are mostly based on fixed sets of predicates. In this paper, we propose an automated verification system for ensuring the safety of pointer-based programs, where specifications handled are concise, precise and expressive. Our approach uses user-definable predicates to allow programmers to describe a wide range of data structures with their associated shape, size and bag (multi-set) properties. To support automatic verification, we design a new entailment checking procedure that can handle well-founded predicates (that may be recursively defined) using unfold/fold reasoning. We have proven the soundness and termination of our verification system and built a prototype system to demonstrate the viability of our approach.