Using Lightweight Formal Methods for JavaScript Security

The goal of this work was to apply lightweight formal methods to the study of the security of the JavaScript language. Previous work has shown that lightweight formal methods present a new approach to the study of security in the context of the Java Virtual Machine (JVM). The current work has attempted to codify best current practices in the form of a security model for JavaScript. Such a model is a necessary component in analyzing browser actions for vulnerabilities, but it is not sufficient. It is also required to capture actual browser event traces and incorporate these into the model. The work described herein demonstrates that it is (a) possible to construct a model for JavaScript security that captures important properties of current best practices within browsers; and (b) that an event translator has been written that captures the dynamic properties of browser site traversal in such a way that model analysis is tractable, and yields important information about the satisfaction or refutation of the static security rules

An LTL Semantics of Business Workflows with Recovery

We describe a business workflow case study with abnormal behavior management (i.e. recovery) and demonstrate how temporal logics and model checking can provide a methodology to iteratively revise the design and obtain a correct-by construction system. To do so we define a formal semantics by giving a compilation of generic workflow patterns into LTL and we use the bound model checker Zot to prove specific properties and requirements validity. The working assumption is that such a lightweight approach would easily fit into processes that are already in place without the need for a radical change of procedures, tools and people's attitudes. The complexity of formalisms and invasiveness of methods have been demonstrated to be one of the major drawback and obstacle for deployment of formal engineering techniques into mundane projects

Synthesis of Logic Programs from Object-Oriented Formal Specifications

Early validation of requirements is crucial for the rigorous development of software. Without it, even the most formal of the methodologies will produce the wrong outcome. One successful approach, popularised by some of the so-called lightweight formal methods, consists in generating (finite, small) models of the specifications. Another possibility is to build a running prototype from those specifications. In this paper we show how to obtain executable prototypes from formal specifications written in an object oriented notation by translating them into logic programs. This has some advantages over other lightweight methodologies. For instance, we recover the possibility of dealing with recursive data types as specifications that use them often lack finite models

Interface specification methods for software components

This work presents an interface specification language developed as a part of the LIME-project (LightweIght formal methods for distributed component-based Embedded systems). The intention is to provide a mechanism for specifying both external usage of a software component, as well as the internal behavior of a one. The described methodology is considered lightweight because there is no assumption of a complete model of a software component or its interface. The presented approach is an incremental description of properties that are at least expected to hold. The described approach can also be applied to a component which is already (completely or partially) implemented

An integrated approach to high integrity software verification.

Computer software is developed through software engineering. At its most precise, software engineering involves mathematical rigour as formal methods. High integrity software is associated with safety critical and security critical applications, where failure would bring significant costs. The development of high integrity software is subject to stringent standards, prescribing best practises to increase quality. Typically, these standards will strongly encourage or enforce the application of formal methods. The application of formal methods can entail a significant amount of mathematical reasoning. Thus, the development of automated techniques is an active area of research. The trend is to deliver increased automation through two complementary approaches. Firstly, lightweight formal methods are adopted, sacrificing expressive power, breadth of coverage, or both in favour of tractability. Secondly, integrated solutions are sought, exploiting the strengths of different technologies to increase automation. The objective of this thesis is to support the production of high integrity software by automating an aspect of formal methods. To develop tractable techniques we focus on the niche activity of verifying exception freedom. To increase effectiveness, we integrate the complementary technologies of proof planning and program analysis. Our approach is investigated by enhancing the SPARK Approach, as developed by Altran Praxis Limited. Our approach is implemented and evaluated as the SPADEase system. The key contributions of the thesis are summarised below: • Configurable and Sound - Present a configurable and justifiably sound approach to software verification. • Cooperative Integration - Demonstrate that more targeted and effective automation can be achieved through the cooperative integration of distinct technologies. • Proof Discovery - Present proof plans that support the verification of exception freedom. • Invariant Discovery - Present invariant discovery heuristics that support the verification of exception freedom. • Implementation as SPADEase - Implement our approach as SPADEase. • Industrial Evaluation - Evaluate SPADEase against both textbook and industrial subprograms

Adaptive Service Composition Based on Runtime Verification of Formal Properties

Service-Oriented Computing (SOC) has been used in business environments in order to integrate heterogeneous systems. The dynamic nature of these environments causes \ changes in the application requirements. As a result, service composition must be flexible, dynamic and adaptive, which motivate the need to ensure the service composition behavior \ at runtime. The development of adaptive service compositions is still an opportunity due to the complexity of dealing with adaptation issues, for example, how to provide runtime verification \ and automatic adaptation. Formal description techniques can be used to detect runtime undesirable behaviors that help in adaptation process. However, formal techniques have been \ used only at design-time. In this paper, we propose an adaptive service composition approach based on the lightweight use of formal methods. The aim is detecting undesirable behaviors in \ the execution trace. Once an undesirable behavior is detected during the execution of a service composition, our approach triggers an adequate reconfiguration plan for the problem at \ runtime. In order to evaluate the effectiveness of the proposal, we illustrate it with a running example

Lightweight Interaction Modeling in Evolutionary Prototyping

The paper discusses a systematic integration of evolutionary and exploratory prototyping of interactive systems by a lightweight use of formal methods. Formal models guide the development of the underdesigned evolutionary prototype. In combination with techniques from Design Rationale, they implement theexploration and assessment of possible solutions to open design questions. Models and corresponding tool support are used to express design options and to make them more accessible to a broader audience by the creation of parallel model-guided throwaway extensions of the current evolutionary prototype. They are also used to describe design constraints (for example, in terms of tasks or in terms of actions on artifacts) and to assess design options against these criteria. The suggested approach is demonstrated through an example design scenario that shows an intertwining of different design activities and discusses the role of formal models. In particular, the scenario describes a coupling of HOPS models, QOC diagrams, and Java prototypes

Lightweight Formal Verification in Classroom Instruction of Reasoning about Functional Code

In college courses dealing with material that requires mathematical rigor, the adoption of a machine-readable representation for formal arguments can be advantageous. Students can focus on a specific collection of constructs that are represented consistently. Examples and counterexamples can be evaluated. Assignments can be assembled and checked with the help of an automated formal reasoning system. However, usability and accessibility do not have a high priority and are not addressed sufficiently well in the design of many existing machine-readable representations and corresponding formal reasoning systems. In earlier work [Lap09], we attempt to address this broad problem by proposing several specific design criteria organized around the notion of a natural context: the sphere of awareness a working human user maintains of the relevant constructs, arguments, experiences, and background materials necessary to accomplish the task at hand. We report on our attempt to evaluate our proposed design criteria by deploying within the classroom a lightweight formal verification system designed according to these criteria. The lightweight formal verification system was used within the instruction of a common application of formal reasoning: proving by induction formal propositions about functional code. We present all of the formal reasoning examples and assignments considered during this deployment, most of which are drawn directly from an introductory text on functional programming. We demonstrate how the design of the system improves the effectiveness and understandability of the examples, and how it aids in the instruction of basic formal reasoning techniques. We make brief remarks about the practical and administrative implications of the system’s design from the perspectives of the student, the instructor, and the grader