94,299 research outputs found
An integrated approach to high integrity software verification.
Computer software is developed through software engineering. At its most precise, software
engineering involves mathematical rigour as formal methods. High integrity software
is associated with safety critical and security critical applications, where failure
would bring significant costs. The development of high integrity software is subject to
stringent standards, prescribing best practises to increase quality. Typically, these standards
will strongly encourage or enforce the application of formal methods.
The application of formal methods can entail a significant amount of mathematical
reasoning. Thus, the development of automated techniques is an active area of research.
The trend is to deliver increased automation through two complementary approaches.
Firstly, lightweight formal methods are adopted, sacrificing expressive power, breadth of
coverage, or both in favour of tractability. Secondly, integrated solutions are sought,
exploiting the strengths of different technologies to increase automation.
The objective of this thesis is to support the production of high integrity software by
automating an aspect of formal methods. To develop tractable techniques we focus on
the niche activity of verifying exception freedom. To increase effectiveness, we integrate
the complementary technologies of proof planning and program analysis. Our approach
is investigated by enhancing the SPARK Approach, as developed by Altran Praxis Limited.
Our approach is implemented and evaluated as the SPADEase system. The key
contributions of the thesis are summarised below:
• Configurable and Sound - Present a configurable and justifiably sound approach
to software verification.
• Cooperative Integration - Demonstrate that more targeted and effective automation
can be achieved through the cooperative integration of distinct technologies.
• Proof Discovery - Present proof plans that support the verification of exception
freedom.
• Invariant Discovery - Present invariant discovery heuristics that support the verification
of exception freedom.
• Implementation as SPADEase - Implement our approach as SPADEase.
• Industrial Evaluation - Evaluate SPADEase against both textbook and industrial
subprograms
A formal framework for specification-based embedded real-time system engineering
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2008.Includes bibliographical references (v. 2, p. 517-545).The increasing size and complexity of modern software-intensive systems present novel challenges when engineering high-integrity artifacts within aggressive budgetary constraints. Among these challenges, ensuring confidence in the engineered system, through validation and verification activities, represents the high cost item on many projects. The expensive nature of engineering high-integrity systems using traditional approaches can be partly attributed to the lack of analysis facilities during the early phases of the lifecycle, causing the validation and verification activities to begin too late in the engineering lifecycle. Other challenges include the management of complexity, opportunities for reuse without compromising confidence, and the ability to trace system features across lifecycle phases. The use of models as a specification mechanism provides an approach to mitigate complexity through abstraction. Furthermore, if the specification approach has formal underpinnings, the use of models can be leveraged to automate engineering activities such as formal analysis and test case generation. The research presented in this thesis proposes an engineering framework which addresses the high cost of validation and verification activities through specification-based system engineering. More specifically, the framework provides an integrated approach to embedded real-time system engineering which incorporates specification, simulation, formal verification, and test-case generation. The framework aggregates the state-of-the-art in individual software engineering disciplines to provide an end-to-end approach to embedded real-time system engineering. The key aspects of the framework include: * A novel specification language, the Timed Abstract State Machine (TASM) language, which extends the theory of Abstract State Machines (ASM).(cont.) The TASM language is a literate formal specification language which can be applied and multiple levels of abstraction and which can express the three key aspects of embedded real-time systems - function, time, and resources. * Automated verification capabilities achieved through the integration of mature analysis engines, namely the UPPAAL tool suite and the SAT4J SAT solver. The verification capabilities provided by the framework include completeness and consistency verification, model checking, execution time analysis, and resource consumption analysis. * Bi-directional traceability of model features across levels of abstraction and lifecycle phases. Traceability is achieved syntactically through archetypical refinement types; each refinement type provides correctness criteria, which, if met, guarantee semantic integrity through the refinement. * Automated test case generation capabilities for unit testing, integration testing, and regression testing. Unit test cases are generated to achieve TASM specification coverage through the rule coverage criterion. Integration test case generation is achieved through the hierarchical composition of unit test cases. Regression test case generation is achieved by leveraging the bi-directional traceability of model features. The framework is implemented into an integrated tool suite, the TASM toolset, which incorporates the UPPAAL tool suite and the SAT4J SAT solver. The toolset and framework are evaluated through experimentation on three industrial case studies - an automated manufacturing system, a "drive-by-wire" system used at a major automotive manufacturer, and a scripting environment used on the International Space Station.by Martin Ouimet.Ph.D
Transparent code authentication at the processor level
The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturers’ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes
Assurance Benefits of ISO 26262 compliant Microcontrollers for safety-critical Avionics
The usage of complex Microcontroller Units (MCUs) in avionic systems
constitutes a challenge in assuring their safety. They are not developed
according to the development requirements accepted by the aerospace industry.
These Commercial off-the-shelf (COTS) hardware components usually target other
domains like the telecommunication branch. In the last years MCUs developed in
compliance to the ISO 26262 have been released on the market for safety-related
automotive applications. The avionic assurance process could profit from these
safety MCUs. In this paper we present evaluation results based on the current
assurance practice that demonstrates expected assurance activities benefit from
ISO 26262 compliant MCUs.Comment: Submitted to SafeComp 2018: http://www.es.mdh.se/safecomp2018
On the Security of the Automatic Dependent Surveillance-Broadcast Protocol
Automatic dependent surveillance-broadcast (ADS-B) is the communications
protocol currently being rolled out as part of next generation air
transportation systems. As the heart of modern air traffic control, it will
play an essential role in the protection of two billion passengers per year,
besides being crucial to many other interest groups in aviation. The inherent
lack of security measures in the ADS-B protocol has long been a topic in both
the aviation circles and in the academic community. Due to recently published
proof-of-concept attacks, the topic is becoming ever more pressing, especially
with the deadline for mandatory implementation in most airspaces fast
approaching.
This survey first summarizes the attacks and problems that have been reported
in relation to ADS-B security. Thereafter, it surveys both the theoretical and
practical efforts which have been previously conducted concerning these issues,
including possible countermeasures. In addition, the survey seeks to go beyond
the current state of the art and gives a detailed assessment of security
measures which have been developed more generally for related wireless networks
such as sensor networks and vehicular ad hoc networks, including a taxonomy of
all considered approaches.Comment: Survey, 22 Pages, 21 Figure
SOFIA : software and control flow integrity architecture
Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features were added to the LEON3 open source soft microprocessor, and were evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and the clock is 84.6% slower, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor
Lightweight and static verification of UML executable models
Executable models play a key role in many software development methods by facilitating the (semi)automatic implementation/execution of the software system under development. This is possible because executable models promote a complete and fine-grained specification of the system behaviour. In this context, where models are the basis of the whole development process, the quality of the models has a high impact on the final quality of software systems derived from them. Therefore, the existence of methods to verify the correctness of executable models is crucial. Otherwise, the quality of the executable models (and in turn the quality of the final system generated from them) will be compromised. In this paper a lightweight and static verification method to assess the correctness of executable models is proposed. This method allows us to check whether the operations defined as part of the behavioural model are able to be executed without breaking the integrity of the structural model and returns a meaningful feedback that helps repairing the detected inconsistencies.Peer ReviewedPostprint (author's final draft
- …