A Symbolic Model for Timed Concurrent Constraint Programming

AbstractConcurrent Constraint Programming (ccp) is a model for concurrency where agents interact with each other by telling and asking constraints (i.e., formulas in logic) into a shared store of partial information. The ntcc calculus extends ccp with the notion of discrete time-units for the specification of reactive systems. Moreover, ntcc features constructors for non-deterministic choices and asynchronous behavior, thus allowing for (1) synchronization of processes via constraint entailment during a time-unit and (2) synchronization of processes along time-intervals. In this paper we develop the techniques needed for the automatic verification of ntcc programs based on symbolic model checking. We show that the internal transition relation, modeling the behavior of processes during a time-unit (1 above), can be symbolically represented by formulas in a suitable fragment of linear time temporal logic. Moreover, by using standard techniques as difference decision diagrams, we provide a compact representation of these constraints. Then, relying on a fixpoint characterization of the timed constructs, we obtain a symbolic model of the observable transition (2 above). We prove that our construction is correct with respect to the operational semantics. Finally, we introduce a prototypical tool implementing our method

An Abstract Interpretation Framework for Diagnosis and Verification of Timed Concurrent Constraint Languages

In this thesis, we propose a semantic framework for tccp based on abstract interpretation with the main purpose of formally verifying and debugging tccp programs. A key point for the efficacy of the resulting methodologies is the adequacy of the concrete semantics. Thus, in this thesis, much effort has been devoted to the development of a suitable small-step denotational semantics for the tccp language to start with. Our denotational semantics models precisely the small-step behavior of tccp and is suitable to be used within the abstract interpretation framework. Namely, it is defined in a compositional and bottom-up way, it is as condensed as possible (it does not contain redundant elements), and it is goal-independent (its calculus does not depend on the semantic evaluation of a specific initial agent). Another contribution of this thesis is the definition (by abstraction of our small-step denotational semantics) of a big-step denotational semantics that abstracts away from the information about the evolution of the state and keeps only the the first and the last (if it exists) state. We show that this big-step semantics is essentially equivalent to the input-output semantics. In order to fulfill our goal of formally validate tccp programs, we build different approximations of our small-step denotational semantics by using standard abstract interpretation techniques. In this way we obtain debugging and verification tools which are correct by construction. More specifically, we propose two abstract semantics that are used to formally debug tccp programs. The first one approximates the information content of tccp behavioral traces, while the second one approximates our small-step semantics with temporal logic formulas. By applying abstract diagnosis with these abstract semantics we obtain two fully-automatic verification methods for tccp

Abstract Diagnosis for tccp using a Linear Temporal Logic

Automatic techniques for program verification usually suffer the well-known state explosion problem. Most of the classical approaches are based on browsing the structure of some form of model (which rep- resents the behavior of the program) to check if a given specification is valid. This implies that a part of the model has to be built, and some- times the needed fragment is quite huge. In this work, we provide an alternative automatic decision method to check whether a given property, specified in a linear temporal logic, is valid w.r.t. a tccp program. Our proposal (based on abstract interpreta- tion techniques) does not require to build any model at all. Our results guarantee correctness but, as usual when using an abstract semantics, completeness is lost.Comini, M.; Titolo, L.; Villanueva García, A. (2014). Abstract Diagnosis for tccp using a Linear Temporal Logic. http://hdl.handle.net/10251/3569

Towards Certified Model Checking for PLTL using One-pass Tableaux

The standard model checking setup analyses whether the given system specification satisfies a dedicated temporal property of the system, providing a positive answer here or a counter-example. At the same time, it is often useful to have an explicit proof that certifies the satisfiability. This is exactly what the {\it certified model checking (CMC)} has been introduced for. The paper argues that one-pass (context-based) tableau for PLTL can be efficiently used in the CMC setting, emphasising the following two advantages of this technique. First, the use of the context in which the eventualities occur, forces them to fulfil as soon as possible. Second, a dual to the tableau sequent calculus can be used to formalise the certificates. The combination of the one-pass tableau and the dual sequent calculus enables us to provide not only counter-examples for unsatisfied properties, but also proofs for satisfied properties that can be checked in a proof assistant. In addition, the construction of the tableau is enriched by an embedded solver, to which we dedicate those (propositional) computational tasks that are costly for the tableaux rules applied solely. The combination of the above techniques is particularly helpful to reason about large (system) specifications

Verification of temporal properties of infinite state systems

No es ningún secreto que tanto los sistemas software como hardware generalmente presentan errores. Los métodos de testeo y simulación pueden identificar muchos problemas importantes, pero para sistemas que tienen requerimientos de seguridad o que son económicamente críticos, es indispensable llevar a cabo una verificación exhaustiva. Tal análisis se puede realizar utilizando métodos de verificación formal. Un enfoque de la verificación formal es la verificación de modelos, que es un proceso totalmente automático basado en la construcción de modelos abstractos para representar sistemas. Poste- riormente, sobre estos modelos se comprueban propiedades deseadas del sistema, normalmente expresadas en alguna lógica temporal, como por ejemplo lógica linear temporal. Las propiedades expresadas con fórmulas de lógica linear temporal pueden describir el orden de los eventos en el tiempo sin describir el tiempo explícitamente. Por eso mismo, son útiles a la hora de verificar las posibles ejecuciones de un sistema. Este proyecto pretende implementar algoritmos de verificación de modelos que determinen si una fórmula de lógica linear temporal que exprese una propiedad de un cierto sistema es satisfecha por éste.It is no secret that computer software programs, computer hardware designs, and computer sys- tems in general exhibit errors. Testing and simulation methods can identify many significant problems, but for systems that have safety or economically critical requirements, exhaustive ver- ification is indispensable. Such exhaustive analysis can be performed with the use of formal verification methods. One approach to formal verification is model checking, which is a fully automated process based on the construction of abstract models to represent systems. These models are then checked against desired properties defining a specification, usually expressed in some temporal logic, such as linear temporal logic (LTL). Temporal properties can describe the ordering of events in time without introducing time explicitly, thereby being useful when verifying the possible executions of a system. This project aims to implement model checking algorithms that determine whether an LTL formula expressing a desired property is satisfied in a computing system

Certificates for decision problems in temporal logic using context-based tableaux and sequent calculi.

115 p.Esta tesis trata de resolver problemas de Satisfactibilidad y Model Checking, aportando certificados del resultado. En ella, se trabaja con tres lógicas temporales: Propositional Linear Temporal Logic (PLTL), Computation Tree Logic (CTL) y Extended Computation Tree Logic (ECTL). Primero se presenta el trabajo realizado sobre Certified Satisfiability. Ahí se muestra una adaptación del ya existente método dual de tableaux y secuentes basados en contexto para satisfactibilidad de fórmulas PLTL en Negation Normal Form. Se ha trabajado la generación de certificados en el caso en el que las fórmulas son insactisfactibles. Por último, se aporta una prueba de soundness del método. Segundo, se ha optimizado con Sat Solvers el método de Certified Satisfiability para el contexto de Certified Model Checking. Se aportan varios ejemplos de sistemas y propiedades. Tercero, se ha creado un nuevo método dual de tableaux y secuentes basados en contexto para realizar Certified Satisfiability para fórmulas CTL yECTL. Se presenta el método y un algoritmo que genera tanto el modelo en el caso de que las fórmulas son satisfactibles como la prueba en el caso en que no lo sean. Por último, se presenta una implementación del método para CTL y una experimentación comparando el método propuesto con otro método de similares características

Specification-driven design

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Civil Engineering, 1990.Includes bibliographical references (leaves 144-151).by Nayel Salah el-Schafei.Ph.D

Verification of temporal properties of infinite state systems

No es ningún secreto que tanto los sistemas software como hardware generalmente presentan errores. Los métodos de testeo y simulación pueden identificar muchos problemas importantes, pero para sistemas que tienen requerimientos de seguridad o que son económicamente críticos, es indispensable llevar a cabo una verificación exhaustiva. Tal análisis se puede realizar utilizando métodos de verificación formal. Un enfoque de la verificación formal es la verificación de modelos, que es un proceso totalmente automático basado en la construcción de modelos abstractos para representar sistemas. Poste- riormente, sobre estos modelos se comprueban propiedades deseadas del sistema, normalmente expresadas en alguna lógica temporal, como por ejemplo lógica linear temporal. Las propiedades expresadas con fórmulas de lógica linear temporal pueden describir el orden de los eventos en el tiempo sin describir el tiempo explícitamente. Por eso mismo, son útiles a la hora de verificar las posibles ejecuciones de un sistema. Este proyecto pretende implementar algoritmos de verificación de modelos que determinen si una fórmula de lógica linear temporal que exprese una propiedad de un cierto sistema es satisfecha por éste.It is no secret that computer software programs, computer hardware designs, and computer sys- tems in general exhibit errors. Testing and simulation methods can identify many significant problems, but for systems that have safety or economically critical requirements, exhaustive ver- ification is indispensable. Such exhaustive analysis can be performed with the use of formal verification methods. One approach to formal verification is model checking, which is a fully automated process based on the construction of abstract models to represent systems. These models are then checked against desired properties defining a specification, usually expressed in some temporal logic, such as linear temporal logic (LTL). Temporal properties can describe the ordering of events in time without introducing time explicitly, thereby being useful when verifying the possible executions of a system. This project aims to implement model checking algorithms that determine whether an LTL formula expressing a desired property is satisfied in a computing system

Automated Security Analysis of Virtualized Infrastructures

Virtualization enables the increasing efficiency and elasticity of modern IT infrastructures, including Infrastructure as a Service. However, the operational complexity of virtualized infrastructures is high, due to their dynamics, multi-tenancy, and size. Misconfigurations and insider attacks carry significant operational and security risks, such as breaches in tenant isolation, which put both the infrastructure provider and tenants at risk. In this thesis we study the question if it is possible to model and analyze complex, scalable, and dynamic virtualized infrastructures with regard to user-defined security and operational policies in an automated way. We establish a new practical and automated security analysis framework for virtualized infrastructures. First, we propose a novel tool that automatically extracts the configuration of heterogeneous environments and builds up a unified graph model of the configuration and topology. The tool is further extended with a monitoring component and a set of algorithms that translates system changes to graph model changes. The benefits of maintaining such a dynamic model are time reduction for model population and closing the gap for transient security violations. Our analysis is the first that lifts static information flow analysis to the entire virtualized infrastructure, in order to detect isolation failures between tenants on all resources. The analysis is configurable using customized rules to reflect the different trust assumptions of the users. We apply and evaluate our analysis system on the production infrastructure of a global financial institution. For the information flow analysis of dynamic infrastructures we propose the concept of dynamic rule-based information flow graphs and develop a set of algorithms that maintain such information flow graphs for dynamic system models. We generalize the analysis of isolation properties and establish a new generic analysis platform for virtualized infrastructures that allows to express a diverse set of security and operational policies in a formal language. The policy requirements are studied in a case-study with a cloud service provider. We are the first to employ a variety of theorem provers and model checkers to verify the state of a virtualized infrastructure against its policies. Additionally, we analyze dynamic behavior such as VM migrations. For the analysis of dynamic infrastructures we pursue both a reactive as well as a proactive approach. A reactive analysis system is developed that reduces the time between system change and analysis result. The system monitors the infrastructure for changes and employs dynamic information flow graphs to verify, for instance, tenant isolation. For the proactive analysis we propose a new model, the Operations Transition Model, which captures the changes of operations in the virtualized infrastructure as graph transformations. We build a novel analysis system using this model that performs automated run-time analysis of operations and also offers change planning. The operations transition model forms the basis for further research in model checking of virtualized infrastructures