36,219 research outputs found
Deriving Safety Cases for the Formal Safety Certification of Automatically Generated Code
We present an approach to systematically derive safety cases for automatically generated code from information collected during a formal, Hoare-style safety certification of the code. This safety case makes explicit the formal and informal reasoning principles, and reveals the top-level assumptions and external dependencies that must be taken into account; however, the evidence still comes from the formal safety proofs. It uses a generic goal-based argument that is instantiated with respect to the certified safety property (i.e., safety claims) and the program. This will be combined with a complementary safety case that argues the safety of the framework itself, in particular the correctness of the Hoare rules with respect to the safety property and the trustworthiness of the certification system and its individual components
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Event Systems and Access Control
We consider the interpretations of notions of access control (permissions,
interdictions, obligations, and user rights) as run-time properties of
information systems specified as event systems with fairness. We give proof
rules for verifying that an access control policy is enforced in a system, and
consider preservation of access control by refinement of event systems. In
particular, refinement of user rights is non-trivial; we propose to combine
low-level user rights and system obligations to implement high-level user
rights
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Access Control Synthesis for Physical Spaces
Access-control requirements for physical spaces, like office buildings and
airports, are best formulated from a global viewpoint in terms of system-wide
requirements. For example, "there is an authorized path to exit the building
from every room." In contrast, individual access-control components, such as
doors and turnstiles, can only enforce local policies, specifying when the
component may open. In practice, the gap between the system-wide, global
requirements and the many local policies is bridged manually, which is tedious,
error-prone, and scales poorly.
We propose a framework to automatically synthesize local access control
policies from a set of global requirements for physical spaces. Our framework
consists of an expressive language to specify both global requirements and
physical spaces, and an algorithm for synthesizing local, attribute-based
policies from the global specification. We empirically demonstrate the
framework's effectiveness on three substantial case studies. The studies
demonstrate that access control synthesis is practical even for complex
physical spaces, such as airports, with many interrelated security
requirements
Hybrid Information Flow Analysis for Programs with Arrays
Information flow analysis checks whether certain pieces of (confidential)
data may affect the results of computations in unwanted ways and thus leak
information. Dynamic information flow analysis adds instrumentation code to the
target software to track flows at run time and raise alarms if a flow policy is
violated; hybrid analyses combine this with preliminary static analysis.
Using a subset of C as the target language, we extend previous work on hybrid
information flow analysis that handled pointers to scalars. Our extended
formulation handles arrays, pointers to array elements, and pointer arithmetic.
Information flow through arrays of pointers is tracked precisely while arrays
of non-pointer types are summarized efficiently.
A prototype of our approach is implemented using the Frama-C program analysis
and transformation framework. Work on a full machine-checked proof of the
correctness of our approach using Isabelle/HOL is well underway; we present the
existing parts and sketch the rest of the correctness argument.Comment: In Proceedings VPT 2016, arXiv:1607.0183
- …