Tools and Algorithms for the Construction and Analysis of Systems

This open access book constitutes the proceedings of the 28th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2022, which was held during April 2-7, 2022, in Munich, Germany, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022. The 46 full papers and 4 short papers presented in this volume were carefully reviewed and selected from 159 submissions. The proceedings also contain 16 tool papers of the affiliated competition SV-Comp and 1 paper consisting of the competition report. TACAS is a forum for researchers, developers, and users interested in rigorously based tools and algorithms for the construction and analysis of systems. The conference aims to bridge the gaps between different communities with this common interest and to support them in their quest to improve the utility, reliability, exibility, and efficiency of tools and algorithms for building computer-controlled systems

A CPN-Approach for DistributedAbductive Reasoning : Application to Causal Model-Based Diagnosis

This thesis deals with fault diagnosis of distributed systems from a model-based view where Coloured Petri Nets are used to describe the systembehaviour. The systems concerned here are those comprising different interactingsubsystems. Coloured Behavioural Petri Nets are defined as a particular CPNintended for the description of a system’s causal behaviour, where each transitionis labelled with a matrix describing explicitly its firing ways. The use of suchmatrices helps in tackling the problem of complexity during backward analysis,and gives rise to a very specific technique based on reachability of CBPNs calledCW-analysis. CBPNs together with the CW-analysis are used to develop a dis-tributed model-based diagnosis approach. The diagnostic system is defined as setof diagnostic agents where each is assigned to diagnose a subsystem. Accordingly,the system model consists of a set of place-bordered CBPNs, whereas CW-analysisis exploited to implement a local diagnosis scheme. Once local diagnoses are ob-tained by the different agents, a cooperation process should be initiated to ensureglobal consistency of such diagnoses

Opacity and Structural Resilience in Cyberphysical Systems

Cyberphysical systems (CPSs) integrate communication, control, and computation with physical processes. Examples include power systems, water distribution networks, and on a smaller scale, medical devices and home control systems. Since these systems are often controlled over a network, the sharing of information among systems and across geographies makes them vulnerable to attacks carried out (possibly remotely) by malicious adversaries. An attack could be carried out on the physical system, on the computer(s) controlling the system, or on the communication links between the system and the computer. Thus, significant material damage can be caused by an attacker who is able to gain access to the system, and such attacks will often have the consequence of causing widespread disruption to everyday life. Therefore, ensuring the safety of information critical to nominal operation of the system is of utmost importance. This dissertation addresses two problems in the broad area of the Control and Security of Cyberphysical Systems. First, we present a framework for opacity in CPSs modeled as a discrete-time linear time-invariant (DT-LTI) system. The current state-of-the-art in this field studies opacity for discrete event systems (DESs) described by regular languages. However, the states in a DES are discrete; in many practical systems, it is common for states (and other system variables) to take continuous values. We define a notion of opacity called k-initial state opacity (k-ISO) for such systems. A set of secret states is said to be k-ISO with respect to a set of nonsecret states if the outputs at time k of every trajectory starting from the set of secret states is indistinguishable from the output at time k of some trajectory starting from the set of nonsecret states. Necessary and sufficient conditions to establish k-ISO are presented in terms of sets of reachable states. Opacity of a given DT-LTI system is shown to be equivalent to the output controllability of a system obeying the same dynamics, but with different initial conditions. We then study the case where there is more than one adversarial observer, and define several notions of decentralized opacity. These notions of decentralized opacity will depend on whether there is a centralized coordinator or not, and the presence or absence of collusion among the adversaries. We establish conditions for decentralized opacity in terms of sets of reachable states. In the case of colluding adversaries, we present a condition for non-opacity in terms of the structure of the communication graph. We extend this work to formulate notions of opacity for discrete-time switched linear systems. A switched system consists of a finite number of subsystems and a rule that orchestrates switching among them. We distinguish between the cases when the secret is specified as a set of initial modes, a set of initial states, or a combination of the two. The novelty of our schemes is in the fact that we place restrictions on: i) the allowed transitions between modes (specified by a directed graph), ii) the number of allowed changes of modes (specified by lengths of paths in the directed graph), and iii) the dwell times in each mode. Each notion of opacity is characterized in terms of allowed switching sequences and sets of reachable states and/ or modes. Finally we present algorithmic procedures to verify these notions, and provide bounds on their computational complexity. Second, we study the resilience of CPSs to denial-of-service (DoS) and integrity attacks. The CPS is modeled as a linear structured system, and its resilience to an attack is interpreted in a graph-theoretic framework. The structural systems approach presumes knowledge of only the positions of zero and nonzero entries in the system matrices to infer system properties. This approach is attractive due to the fact that these properties will hold for almost every admissible numerical realization of the system. The structural resilience of the system is characterized in terms of unmatched vertices in maximum matchings of the bipartite graph and connected components of directed graph representations of the system under attack. Further, we establish a condition based on the zero structure of an input matrix that will ensure that the system is structurally resilient to a state feedback integrity attack if it is also resilient to a DoS attack. Finally, we formulate an extension to the case of switched structured systems, and derive conditions for such systems to be structurally resilient to a DoS attack

Contribution to the verification of timed automata (determinization, quantitative verification and reachability in networks of automata)

Cette thèse porte sur la vérification des automates temporisés, un modèle bien établi pour les systèmes temps-réels. La thèse est constituée de trois parties. La première est dédiée à la déterminisation des automates temporisés, problème qui n'a pas de solution en général. Nous proposons une méthode approchée (sur-approximation, sous-approximation, mélange des deux) fondée sur la construction d'un jeu de sûreté. Cette méthode améliore les approches existantes en combinant leurs avantages respectifs. Nous appliquons ensuite cette méthode de déterminisation à la génération automatique de tests de conformité. Dans la seconde partie, nous prenons en compte des aspects quantitatifs des systèmes temps-réel grâce à une notion de fréquence des états acceptants dans une exécution d'un automate temporisé. Plus précisément, la fréquence d'une exécution est la proportion de temps passée dans les états acceptants. Nous intéressons alors à l'ensemble des fréquences des exécutions d'un automate temporisé pour étudier, par exemple, le vide de langages seuils. Nous montrons ainsi que les bornes de l'ensemble des fréquences sont calculables pour deux classes d'automates temporisés. D'une part, les bornes peuvent être calculées en espace logarithmique par une procédure non-déterministe dans les automates temporisés à une horloge. D'autre part, elles peuvent être calculées en espace polynomial dans les automates temporisés à plusieurs horloges ne contenant pas de cycles forçant la convergence d'horloges. Finalement, nous étudions le problème de l'accessibilité des états acceptants dans des réseaux d'automates temporisés qui communiquent via des files FIFO. Nous considérons tout d'abord des automates temporisés à temps discret, et caractérisons les topologies de réseaux pour lesquelles l'accessibilité est décidable. Cette caractérisation est ensuite étendue aux automates temporisés à temps continu.This thesis is about verification of timed automata, a well-established model for real time systems. The document is structured in three parts. The first part is dedicated to the determinization of timed automata, a problem which has no solution in general. We propose an approximate (over-approximation/under-approximation/mix) method based on the construction of a safety game. This method improves both existing approaches by combining their respective advantages. Then, we apply this determinization approach to the generation of conformance tests. In the second part, we take into account quantitative aspects of real time systems thanks to a notion of frequency of accepting states along executions of timed automata. More precisely, the frequency of a run is the proportion of time elapsed in accepting states. Then, we study the set of frequencies of runs of a timed automaton in order to decide, for example, the emptiness of threshold languages. We thus prove that the bounds of the set of frequencies are computable for two classes of timed automata. On the one hand, we prove that bounds are computable in logarithmic space by a non-deterministic procedure in one-clock timed automata. On the other hand, they can be computed in polynomial space in timed automata with several clocks, but having no cycle that forces the convergence between clocks. Finally, we study the reachability problem in networks of timed automata communicating through FIFO channels. We first consider dicrete timed automata, and characterize topologies of networks for which reachability is decidable. Then, this characterization is extended to dense-time automata.RENNES1-Bibl. électronique (352382106) / SudocSudocFranceF