1,773 research outputs found
Towards Practical Graph-Based Verification for an Object-Oriented Concurrency Model
To harness the power of multi-core and distributed platforms, and to make the
development of concurrent software more accessible to software engineers,
different object-oriented concurrency models such as SCOOP have been proposed.
Despite the practical importance of analysing SCOOP programs, there are
currently no general verification approaches that operate directly on program
code without additional annotations. One reason for this is the multitude of
partially conflicting semantic formalisations for SCOOP (either in theory or
by-implementation). Here, we propose a simple graph transformation system (GTS)
based run-time semantics for SCOOP that grasps the most common features of all
known semantics of the language. This run-time model is implemented in the
state-of-the-art GTS tool GROOVE, which allows us to simulate, analyse, and
verify a subset of SCOOP programs with respect to deadlocks and other
behavioural properties. Besides proposing the first approach to verify SCOOP
programs by automatic translation to GTS, we also highlight our experiences of
applying GTS (and especially GROOVE) for specifying semantics in the form of a
run-time model, which should be transferable to GTS models for other concurrent
languages and libraries.Comment: In Proceedings GaM 2015, arXiv:1504.0244
Recommended from our members
A UML-based static verification framework for security
Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language
Model checking web applications
The modelling of web-based applications can assist in capturing and understanding their behaviour.
The development of such applications requires the use of sound methodologies to ensure that the
intended and actual behaviour are the same.
As a verification technique, model checking can assist in finding design
flaws and simplifying the
design of a web application, and as a result the design and the security of the web application can
be improved. Model checking has the advantage of using an exhaustive search of the state space of
a system to determine if the specifications are true or not in a given model.
In this thesis we present novel approaches in modelling and verifying web applications' properties
to ensure their design correctness and security. Since the actions in web applications rely on both
the user input and the server status; we propose an approach for modelling and verifying dynamic
navigation properties. The Spin model checker has been used successfully in verifying communication
protocols. However, the current version of Spin does not support modelling time. We integrate
discrete time in the Spin model to allow the modelling of realistic properties that rely on time
constraints and to analyse the sequence of actions and time. Examining the sequence of actions in
web applications assists in understanding their behaviour in different scenarios such as navigation
errors and in the presence of an intruder. The model checker Uppaal is presented in the literature
as an alternative to Spin when modelling real-time systems. We develop models with real time
constraints in Uppaal in order to validate the results from the Spin models and to compare the
differences between modelling with real time and with discrete time as in Spin. We also compare
the complexity and expressiveness of each model checker in verifying web applications' properties.
The web application models in our research are developed gradually to ensure their correctness and
to manage the complexities of specifying the security and navigation properties. We analyse the
compromised model to compare the differences in the sequence of actions and time with the secure
model to assist in improving early detections of malicious behaviour in web applications
IoTSan: Fortifying the Safety of IoT Systems
Today's IoT systems include event-driven smart applications (apps) that
interact with sensors and actuators. A problem specific to IoT systems is that
buggy apps, unforeseen bad app interactions, or device/communication failures,
can cause unsafe and dangerous physical states. Detecting flaws that lead to
such states, requires a holistic view of installed apps, component devices,
their configurations, and more importantly, how they interact. In this paper,
we design IoTSan, a novel practical system that uses model checking as a
building block to reveal "interaction-level" flaws by identifying events that
can lead the system to unsafe states. In building IoTSan, we design novel
techniques tailored to IoT systems, to alleviate the state explosion associated
with model checking. IoTSan also automatically translates IoT apps into a
format amenable to model checking. Finally, to understand the root cause of a
detected vulnerability, we design an attribution mechanism to identify
problematic and potentially malicious apps. We evaluate IoTSan on the Samsung
SmartThings platform. From 76 manually configured systems, IoTSan detects 147
vulnerabilities. We also evaluate IoTSan with malicious SmartThings apps from a
previous effort. IoTSan detects the potential safety violations and also
effectively attributes these apps as malicious.Comment: Proc. of the 14th ACM CoNEXT, 201
Property specification and static verification of UML models
We present a static verification tool (SVT), a system that performs static verification on UML models composed of UML class and state machine diagrams. Additionally, the SVT allows the user to add extra behavior specification in the form of guards and effects by defining a small action language. UML models are checked against properties written in a special-purpose property language that allows the user to specify linear temporal logic formulas that explicitly reason about UML components. Thus, the SVT provides a strong foundation for the design of reliable systems and a step towards model-driven security
- …