Verification of safety requirements for program code using data abstraction

Large systems in modern development consist of many concurrent processes. To prove safety properties formal modelling techniques are needed. When source code is the only available documentation for deriving the system's behaviour, it is a difficult task to create a suitable model. Implementations of a system usually describe behaviour in too much detail for a formal verification. Therefore automated methods are needed that directly abstract from the implementation, but maintain enough information for a formal system analysis. This paper describes and illustrates a method by which systems with a high degree of parallelism can be verified. The method consists of creating an over-approximation of the behaviour by abstracting from the values of program variables. The derived model, consisting of interface calls between processes, is checked for various safety properties with the mCRL2 tool set

Verification of safety requirements for program code using data abstraction

Large systems in modern development consist of many concurrent processes. To prove safety properties formal modelling techniques are needed. When source code is the only available documentation for deriving the system's behaviour, it is a difficult task to create a suitable model. Implementations of a system usually describe behaviour in too much detail for a formal verification. Therefore automated methods are needed that directly abstract from the implementation, but maintain enough information for a formal system analysis. This paper describes and illustrates a method by which systems with a high degree of parallelism can be verified. The method consists of creating an over-approximation of the behaviour by abstracting from the values of program variables. The derived model, consisting of interface calls between processes, is checked for various safety properties with the mCRL2 tool set

Aspect-based approach to modeling access control policies, An

Department Head: L. Darrell Whitley.2007 Spring.Includes bibliographical references (pages 119-126).Access control policies determine how sensitive information and computing resources are to be protected. Enforcing these policies in a system design typically results in access control features that crosscut the dominant structure of the design (that is, features that are spread across and intertwined with other features in the design). The spreading and intertwining of access control features make it difficult to understand, analyze, and change them and thus complicate the task of ensuring that an evolving design continues to enforce access control policies. Researchers have advocated the use of aspect-oriented modeling (AOM) techniques for addressing the problem of evolving crosscutting features. This dissertation proposes an approach to modeling and analyzing crosscutting access control features. The approach utilizes AOM techniques to isolate crosscutting access control features as patterns described by aspect models. Incorporating an access control feature into a design involves embedding instantiated forms of the access control pattern into the design model. When composing instantiated access control patterns with a design model, one needs to ensure that the resulting composed model enforces access control policies. The approach includes a technique to verify that specified policies are enforced in the composed model. The approach is illustrated using two well-known access control models: the Role- Based Access Control (RBAC) model and the Bell-LaPadula (BLP) model. Features that enforce RBAC and BLP models are described by aspect models. We show how the aspect models can be composed to create a new hybrid access control aspect model. We also show how one can verify that composition of a base (primary) design model and an aspect model that enforces specified policies produces a composed model in which the policies are still enforced

Model checking timed safety instrumented systems

Defects in safety-critical software systems can cause large economical and other losses. Often these systems are far too complex to be tested extensively. In this work a formal verification technique called model checking is utilized. In the technique, a mathematical model is created that captures the essential behaviour of the system. The specifications of the system are stated in some formal language, usually temporal logic. The behaviour of the model can then be checked exhaustively against a given specification. This report studies the Falcon arc protection system engineered by UTU Oy, which is controlled by a single programmable logic controller (PLC). Two separate models of the arc protection system are created. Both models consist of a network of timed automata. In the first model, the controller operates in discrete time steps at a specific rate. In the second model, the controller operates at varying frequency in continuous time. Five system specifications were formulated in timed computation tree logic (TCTL). Using the model checking tool Uppaal both models were verified against all five specifications. The processing times of the verification are measured and presented. The discrete-time model has to be abstracted a lot before it can be verified in a reasonable time. The continuous-time model, however, covered more behaviour than the system to be modelled, and could still be verified in a moderate time period. In that sense, the continuous-time model is better than the discrete-time model. The main contributions of this report are the model checking of a safety instrumented system controlled by a PLC, and the techniques used to describe various TCTL specifications in Uppaal. The conclusion of the work is that model checking of timed systems can be used in the verification of safety instrumented systems

IV Congreso de Lingüística General. Cádiz, del 3 al 6 de abril de 2000. Vol. I

Durante los días 3 al 6 de abril del año 2000 tuvo lugar en la Universidad de Cádiz el IV Congreso de Lingüística General, organizado por el área de Lingüística General de esta Universidad.325 págs