392 research outputs found
Falsification of Cyber-Physical Systems with Robustness-Guided Black-Box Checking
For exhaustive formal verification, industrial-scale cyber-physical systems
(CPSs) are often too large and complex, and lightweight alternatives (e.g.,
monitoring and testing) have attracted the attention of both industrial
practitioners and academic researchers. Falsification is one popular testing
method of CPSs utilizing stochastic optimization. In state-of-the-art
falsification methods, the result of the previous falsification trials is
discarded, and we always try to falsify without any prior knowledge. To
concisely memorize such prior information on the CPS model and exploit it, we
employ Black-box checking (BBC), which is a combination of automata learning
and model checking. Moreover, we enhance BBC using the robust semantics of STL
formulas, which is the essential gadget in falsification. Our experiment
results suggest that our robustness-guided BBC outperforms a state-of-the-art
falsification tool.Comment: Accepted to HSCC 202
Sharper and Simpler Nonlinear Interpolants for Program Verification
Interpolation of jointly infeasible predicates plays important roles in
various program verification techniques such as invariant synthesis and CEGAR.
Intrigued by the recent result by Dai et al.\ that combines real algebraic
geometry and SDP optimization in synthesis of polynomial interpolants, the
current paper contributes its enhancement that yields sharper and simpler
interpolants. The enhancement is made possible by: theoretical observations in
real algebraic geometry; and our continued fraction-based algorithm that rounds
off (potentially erroneous) numerical solutions of SDP solvers. Experiment
results support our tool's effectiveness; we also demonstrate the benefit of
sharp and simple interpolants in program verification examples
Optimistic Non-repudiation Protocol Analysis
The original publication is available at www.springerlink.com ; ISBN 978-3-540-72353-0 (Pring) 0302-9743 (Online) 1611-3349International audienceNon-repudiation protocols with session labels have a number of vulnerabilities. Recently Cederquist, Corin and Dashti have proposed an optimistic non-repudiation protocol that avoids altogether the use of session labels. We have specified and analysed this protocol using an extended version of the AVISPA Tool and one important fault has been discovered. We describe the protocol, the analysis method, show two attack traces that exploit the fault and propose a correction to the protocol
Incremental and Modular Context-sensitive Analysis
Context-sensitive global analysis of large code bases can be expensive, which
can make its use impractical during software development. However, there are
many situations in which modifications are small and isolated within a few
components, and it is desirable to reuse as much as possible previous analysis
results. This has been achieved to date through incremental global analysis
fixpoint algorithms that achieve cost reductions at fine levels of granularity,
such as changes in program lines. However, these fine-grained techniques are
not directly applicable to modular programs, nor are they designed to take
advantage of modular structures. This paper describes, implements, and
evaluates an algorithm that performs efficient context-sensitive analysis
incrementally on modular partitions of programs. The experimental results show
that the proposed modular algorithm shows significant improvements, in both
time and memory consumption, when compared to existing non-modular, fine-grain
incremental analysis techniques. Furthermore, thanks to the proposed
inter-modular propagation of analysis information, our algorithm also
outperforms traditional modular analysis even when analyzing from scratch.Comment: 56 pages, 27 figures. To be published in Theory and Practice of Logic
Programming. v3 corresponds to the extended version of the ICLP2018 Technical
Communication. v4 is the revised version submitted to Theory and Practice of
Logic Programming. v5 (this one) is the final author version to be published
in TPL
A template-based approach for the generation of abstractable and reducible models of featured networks
We investigate the relationship between symmetry reduction and inductive reasoning when applied to model checking networks of featured components. Popular reduction techniques for combatting state space explosion in model checking, like abstraction and symmetry reduction, can only be applied effectively when the natural symmetry of a system is not destroyed during specification. We introduce a property which ensures this is preserved, open symmetry. We describe a template-based approach for the construction of open symmetric Promela specifications of featured systems. For certain systems (safely featured parameterised systems) our generated specifications are suitable for conversion to abstract specifications representing any size of network. This enables feature interaction analysis to be carried out, via model checking and induction, for systems of any number of featured components. In addition, we show how, for any balanced network of components, by using a graphical representation of the features and the process communication structure, a group of permutations of the underlying state space of the generated specification can be determined easily. Due to the open symmetry of our Promela specifications, this group of permutations can be used directly for symmetry reduced model checking.
The main contributions of this paper are an automatic method for developing open symmetric specifications which can be used for generic feature interaction analysis, and the novel application of symmetry detection and reduction in the context of model checking featured networks.
We apply our techniques to a well known example of a featured network – an email system
Automatic Methods for Analyzing Non-repudiation Protocole with an Active Intruder
International audienceNon-repudiation protocols have an important role in many areas where secured transactions with proofs of participation are necessary. Formal methods are clever and without error, therefore using them for verifying such protocols is crucial. In this purpose, we show how to partially represent non-repudiation as a combination of authentications on the Fair Zhou-Gollmann protocol. After discussing the limitations of this method, we define a new one based on the handling of the knowledge of protocol participants. This second method is general and of natural use, as it consists in adding simple annotations in the protocol specification. It is very easy to implement in tools able to handle participants knowledge. We have implemented it in the AVISPA Tool and analyzed the optimistic Cederquist-Corin-Dashti protocol, discovering two attacks. This extension of the AVISPA Tool for handling non-repudiation opens a highway to the specification of many other properties, without any more change in the tool itself
- …