formal methods for components and objects 9th international symposium, fmco 2010, graz, austria, november 29-december 1, 2010 revised papers

406 460 0
formal methods for components and objects 9th international symposium, fmco 2010, graz, austria, november 29-december 1, 2010 revised papers

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

[...]... flexibility and expressiveness of the language, and that the resulting models are logically adequate, while on the other hand they are clear to read and feasible to construct for system designers who are not experts in formal methods Keywords: services, security, specification language, formal analysis 1 Introduction Formal Security Analysis Security in distributed systems such as web services and SOA is... Uncertainty Alexandre David, Kim Guldstrand Larsen, Shuhao Li, Marius Mikucionis, and Brian Nielsen 352 Model-Checking and Simulation for Stochastic Timed Systems Arnd Hartmanns 372 Author Index 393 ASLan++ — A Formal Security Specification Language for Distributed Systems David von Oheimb1 and Sebastian M¨dersheim2 o 1 2 Siemens... change group memberships AVANTSSAR and Its Specification Language The EU-funded Project AVANTSSAR has been concerned with developing a formal specification language and automated verification methods and tools to handle systems at design level in which all these three aspects are relevant: non-linear work-flow, relationships between workflows (for instance via databases), and access control policies In this... manager’s messages described below Still, for the sake of relating entities for the security goals, we need to give M, the variable that will hold the manager’s agent name, as a formal parameter of Server The other parameter of Server is, as usual, the Actor A Formal Security Specification Language for Distributed Systems 5 Note that while each instance of Manager and Employee (typically) has a different... the network, in particular concatenation M1.M2 and tuples (M1,M2) of submessages M1 and M2 For “atomic” values in messages, one may use the subtype text, which may be dealt with more efficiently during model-checking For instance, we declare an abstract type of files (or better: file identifiers) as types file < text ; A Formal Security Specification Language for Distributed Systems 7 Sets, which are passed... and again the command is abstracted into the message constructor changeGroup that has the relevant information (the agent A that changes group, and the source and destination group) as parameters The server just retracts the fact that A is a member of G1 and introduces the fact that G2 now contains A Note the command is simply ignored if A is not a member of group G1 at the time the A Formal Security... changeGroup and authentic transmission as a goal 5 Security Goals ASLan++ has been geared as a high-level input language for model checking security aspects of distributed systems, and it is therefore crucial to offer a convenient, clear, and expressive way to formalize the desired security properties The most general way to describe a security property in ASLan++ is to use a first-order temporal-logic formula,... in terms of complexity and decidability [ 21,1 2,15], and in terms of methods and tools that are practically feasible automated verification [8 ,1,1 3,16] Limitations of Security Protocol Analysis The focus of simple security protocols is however quite limited, ignoring a lot of aspects that play a crucial role in distributed systems and that often are relevant for security The first very common aspect that... He, Daniel Kroening, and Philipp R¨mmer u 287 297 The MULTIFORM Project The Hierarchical Compositional Interchange Format Damian Nadales Agut, Bert van Beek, Harsh Beohar, Pieter Cuijpers, and Jasper Fonteijn 316 Application of Model-Checking Technology to Controller Synthesis Alexandre David, Jacob Deleuran Grunnet, Jan Jakob Jessen, Kim Guldstrand Larsen, and Jacob Illum Rasmussen... Specification Language for Distributed Systems 11 command is received; in a more detailed model, one would include a feedback message (whether the command was accepted or not) to the manager 3.4 Concrete Policy Example Let us consider the consequences of the transition just described for our policy For concreteness, let us consider a state where we have a manager m1 , three employees e1 , e2 and e3 , and two groups . Boer Marcello M. Bonsangue (Eds.) Formal Methods for Components and Objects 9th International Symposium, FMCO 2010 Graz, Austria, November 29 - December 1, 2010 Revised Papers 13 Volume Editors Bernhard. Java. The 9th Symposium on Formal Methods for Components and Objects (FMCO 2010) was held in Graz, Austria, from November 29 to December 1, 2010. The venue was Hotel Weitzer. FMCO 2010 was realized as. as a concertation meeting of European projects focussing on formal methods for components and objects. This volume contains 20 revised papers submitted after the symposium by the speakers of each

Ngày đăng: 31/05/2014, 00:38

Mục lục

  • Cover

  • Lecture Notes in Computer Science 6957

  • Formal Methods for Components and Objects

  • ISBN 9783642252709

  • Preface

  • Organization

  • Table of Contents

  • The AVANTSSAR Project

    • ASLan++ — A Formal Security Specification Language for Distributed Systems

      • Introduction

      • Specification Structure and Execution

        • Specifications

        • Entities and Agents

        • Execution Model

        • Dishonest Agents and the Intruder

        • Declarations

        • Statements

        • Terms

      • Policies and Transitions

        • Predicates and Facts

        • Horn Clauses

        • Policy Interaction

        • Concrete Policy Example

        • Meta Policies

      • Channels

        • Abstraction Levels

        • Client Authentication

      • Security Goals

      • Conclusion

      • References

    • Orchestration under Security Constraints

      • Introduction

      • Related Work

      • Introductory Example

      • Formal Description of Service Composition and Adaptation

        • Mediator Synthesis

        • Representation of Messages and Security Constraints

        • Representation of Services

        • Web Services Composition Problem

        • Solving the Composition Problem

        • Generating the Mediator's Adaptation Steps

        • Generating the Mediator's ASLan Specification

      • Experimental Results

        • Avantssar Platform

        • Running Case Study

        • Testing Benchmark

      • Conclusion

      • References

      • Appendix

    • Customizing Protocol Specifications for Detecting Resource Exhaustion and Guessing Attacks

      • Introduction and Motivation

      • The ASLan Specification Language

      • Customized Transitions for Detection of DoS Attacks by Resource Exhaustion

        • Defining Costs and Augmenting Transitions

        • Defining the Attack Condition

      • Combining Transitions and Horn Clauses for Detection of Guessing Attacks

        • Formalization of Guessing

        • Processing Terms That Contain the Secret

        • Using Horn Clauses and Transitions for Intruder Deductions

        • Distinguishing Detectable from Undetectable On-line Attacks

      • Conclusions

      • References

  • The ESF Cost Action IC0701

    • Improving the Usability of Specification Languages and Methods for Annotation-Based Verification

      • Introduction

      • Inside a Typical Annotation-Based Verification System

        • Structure of the Toolchain

        • The Possible Outcomes of Invoking an Annotation-Based Verification Tool

      • Distinguishing Different Kinds of Annotations

        • Annotations and Their Properties

        • Annotations and Existence of Proofs

        • Possible Failures in Authoring Annotations

        • Improving the Annotation Languages and Methodologies

      • Using Data Abstractions in Annotation-Based Verification Systems

        • The VCC Approach

        • Separation of Concerns: Annotation-Based Verification and Algebraic Specifications

      • Conclusions and Future Work

      • References

    • Program Specialization via a Software Verification Tool

      • Introduction

      • Dynamic Logic

      • Sequent Calculus

      • Integrated Simple Partial Evaluator

      • A Sequent Calculus for Bisimulation

        • The Bisimulation Modality

        • Sequent Calculus Rules for the Bisimulation Modality

      • Application

      • Related Work

      • Conclusion and Future Work

      • References

  • The DEPLOY Project

    • Model–Based Analysis Tools for Component Synthesis

      • Introduction

      • Preliminaries

        • B Method Based Formalisms

        • An Example Modelled with the Formalisms

      • The Synthesis Method

        • Applying the Synthesis Method

        • On the Correctness of Our Method

      • Applying the Synthesis Method to NoC Mapping

      • Related Work

      • Conclusions

      • References

    • Shared Event Composition/Decomposition in Event-B

      • Introduction

      • Event-B Language

      • Shared Event Approach

        • Shared Event Composition

        • Shared Event Decomposition

      • Composed Machines: Composition and Refinement

        • Structure of Composed Machines

        • Proof Obligations

        • Monotonicity of Shared Event Composition for Composed Machines

      • Decomposition Guideline

      • File Access Management Case Study

        • Decomposition: AccessMng and FileMng

      • Related Work

      • Conclusions

      • References

  • The HATS Project

    • ABS: A Core Language for Abstract Behavioral Specification

      • Introduction

      • Abstract Behavioral Specification

      • The Design of ABS

        • The Overall Structure of ABS

        • Data Types, Functions, and Pattern Matching

        • Interfaces in ABS

        • The Concurrency Model of ABS

      • A Formal ABS Calculus

        • The Syntax of Core ABS

        • The Type System of Core ABS

      • An Operational Semantics for Core ABS

        • Runtime Configurations

        • A Reduction System for ABS Functional Expressions

        • The Operational Semantics for Concurrent Objects in ABS

      • Subject Reduction for ABS

      • Tool Support

      • Related Work

      • Conclusion

      • References

    • A Component Model for the ABS Language

      • Introduction

      • Primitives for Components and Evolution

      • Operational Semantics

        • Semantics of Reconfiguration

        • Method Invocations and Channel Communications

      • Basic Reconfiguration Patterns

      • Related Work

      • Conclusion

      • References

    • Compositional Algorithmic Verification of Software Product Lines

      • Introduction

      • Hierarchical Variability Modelling

      • A Framework for Compositional Verification

      • Compositional Verification of SHVMs

      • Tool Support and Evaluation

      • Related Work

      • Conclusion

      • References

    • Variability Modelling in the ABS Language

      • Introduction

      • Feature Modelling

        • Concrete Syntax

        • Abstract Syntax

        • Semantics

      • Delta Modelling

        • Syntax

        • Formal Semantics

      • Product Line Configuration

        • Syntax

        • Semantics

      • Product Selection

        • Syntax

        • Semantics

      • Product Generation

      • Related Work

      • Conclusion

      • References

  • The INESS Project

    • Automated Verification of Executable UML Models

      • Introduction

      • Tool Chain

      • Executable UML: Translation Domain

        • Models, Classes and State Machines

        • Expressions and Actions

        • UML Semantics

      • The iUML Representation

        • Transitions in iUML

        • Transition Selection

      • Translation from iUML to mCRL2

      • Verification

        • Safety Properties as Observer Classes

        • Feasibility of Verification

        • Speeding and Scaling Up Verification

      • Discussion and Conclusion

      • References

    • Verification of UML Models by Translation to UML-B

      • Introduction

      • Background

      • UML Model of Interlocking

      • Translation to UML-B

      • Proving the Safety Invariant

      • Future Work

      • Conclusion

      • References

  • The MADES Project

    • Towards the UML-Based Formal Verification of Timed Systems

      • Introduction

      • Modeling and Verification Workflow

      • TRIO and Zot

      • A Verifiable Subset of UML

      • From UML to Temporal Logic Formal Semantics

        • Telephone System

        • UML Diagrams and Their Formal Semantics

      • Related Work

      • Conclusions

      • References

  • The MOGENTES Project

    • Generic Fault Modelling for Fault Injection

      • Introduction

      • Model-Implemented Fault Injection in MODIFI

      • Fault Models

        • Failure Modes

        • Failure Mode Functions

      • Modeling of Fault Models

      • Conclusions

      • References

    • Tightening Test Coverage Metrics: A Case Study in Equivalence Checking Using k-Induction

      • Introduction

      • Mutation-Based Test Case Generation for Simulink

        • Matlab Simulink

        • Mutation-Based Test Case Generation

        • From Simulink to C: Our Test Case Generation Tool Chain

        • The Phenomenon of Equivalent Mutants

      • Detection of Equivalent Mutants Using k-Induction

        • k-Induction for Transition Systems

        • k-Induction in Mutation-Based Testing

        • k-Induction for Software Programs

      • Automatic Invariant Strengthening

        • Abstract Interpretation

        • Adaptation of van Eijk's Method

      • Experiments

        • Simple Examples

        • Larger Simulink Case Studies

      • Related Work

      • Conclusions and Future Work

      • References

  • The MULTIFORM Project

    • The Hierarchical Compositional Interchange Format

      • Introduction

      • Syntax of HCIF

      • Semantic Framework

        • Preliminaries

        • Hybrid Transition Systems

      • Semantics

        • Hierarchical Automata

        • Automaton Postfix Operator

        • Parallel Composition

        • Urgency Operator

      • Case-Study: Patient Support System

      • Concluding Remarks

      • References

    • Application of Model-Checking Technology to Controller Synthesis

      • Introduction

      • Controller Synthesis with Timed Game Automata

      • PAHSCTRL

        • Introduction

        • Problem Definition

        • Abstraction

        • Strategy

        • Refinement

      • Linking Uppaal-tiga to Simulink

        • Introduction

        • Work-Flow

        • Tool Integration

        • Mapping to Simulink

        • Methodology and Example

      • Conclusion and Future Works

      • References

  • The QUASIMODO Project

    • Testing Real-Time Systems under Uncertainty

      • Introduction

      • Preliminaries

        • Timed I/O Transition Systems

          • Definition of TIOTS.

          • TIOTS Composition.

        • Timed Automata

          • Definition of Timed Automata.

          • Uppaal Timed Automata.

        • Timed I/O Game Automaton

        • Relativized Timed Conformance

          • Definition of rtiocoe.

          • Test Purposes.

      • Timed Test Generation

        • Testing Deterministic Controllable TA

          • Discussion.

        • Preset Input Sequences

          • Discussion.

        • Online Testing

          • Discussion.

        • Observable Timed Automata Using Timed Games

          • Discussion.

        • Testing under Partial Observability

          • Observations.

          • Game Solving.

          • Test Execution.

          • Discussion.

      • Related Work

      • Conclusions

      • References

    • Model-Checking and Simulation for Stochastic Timed Systems

      • Introduction

      • A Model for Stochastic Timed Systems

        • Stochastic Timed Automata

        • Compositional Modelling

      • Model-Checking

        • A Modest Approach

        • Deadlines vs. Invariants

      • Simulation

        • Resolving Nondeterminism

        • Partial-Order Methods for Simulation

        • Simulating the Communication Example

      • Conclusion

      • References

  • Author Index

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan