An Operator-based Approach to Incremental Development of Conform Protocol State Machines

An incremental development framework which supports a conform construction of Protocol State Machines (PSMs) is presented. We capture design concepts and strategies of PSM construction by sequentially applying some development operators: each operator makes evolve the current PSM to another one. To ensure a conform construction, we introduce three conformance relations, inspired by the specification refinement and specification matchings supported by formal methods. Conformance relations preserve some global behavioral properties. Our purpose is illustrated by some development steps of the card service interface of an electronic purse: for each step, we introduce the idea of the development, we propose an operator and we give the new specification state obtained by the application of this operator and the property of this state relatively to the previous one in terms of conformance relation

An Operator-based Approach to Incremental Development of Conform Protocol State Machines

http://drops.dagstuhl.de/opus/volltexte/2006/695/ ISBN : 978-3-939897-02-6International audienceAn incremental development framework which supports a conform construction of Protocol State Machines (PSMs) is presented. We capture design concepts and strategies of PSM construction by sequentially applying some development operators: each operator makes evolve the current PSM to another one. To ensure a conform construction, we introduce three conformance relations, inspired by the specification refinement and specification matchings supported by formal methods. Conformance relations preserve some global behavioral properties. Our purpose is illustrated by some development steps of the card service interface of an electronic purse: for each step, we introduce the idea of the development, we propose an operator and we give the new specification state obtained by the application of this operator and the property of this state relatively to the previous one in terms of conformance relation

Comparing test sets and criteria in the presence of test hypotheses and fault domains

A number of authors have considered the problem of comparing test sets and criteria. Ideally test sets are compared using a preorder with the property that test set T1 is at least as strong as T2 if whenever T2 determines that an implementation p is faulty, T1 will also determine that p is faulty. This notion can be extended to test criteria. However, it has been noted that very few test sets and criteria are comparable under such an ordering; instead orderings are based on weaker properties such as subsumes. This paper explores an alternative approach, in which comparisons are made in the presence of a test hypothesis or fault domain. This approach allows strong statements about fault detecting ability to be made and yet for a number of test sets and criteria to be comparable. It may also drive incremental test generation

A Step-by-step Process to Build Conform UML Protocol State Machines

We propose an approach to the incremental development of protocol state machines using operators which preserve behavioral properties. We introduce two specializations of the protocol conformance relation proposed in UML~2.0, inspired from the work on formal methods as the specification refinement and specification matching. We illustrate our purpose by some development steps of the card service interface of an electronic purse: for each step, we introduce the idea of the development, we propose an operator and we give the new specification state obtained by the application of this operator and the property of this state relatively to the previous one in terms of conformance relation

Deep Space Network information system architecture study

The purpose of this article is to describe an architecture for the Deep Space Network (DSN) information system in the years 2000-2010 and to provide guidelines for its evolution during the 1990s. The study scope is defined to be from the front-end areas at the antennas to the end users (spacecraft teams, principal investigators, archival storage systems, and non-NASA partners). The architectural vision provides guidance for major DSN implementation efforts during the next decade. A strong motivation for the study is an expected dramatic improvement in information-systems technologies, such as the following: computer processing, automation technology (including knowledge-based systems), networking and data transport, software and hardware engineering, and human-interface technology. The proposed Ground Information System has the following major features: unified architecture from the front-end area to the end user; open-systems standards to achieve interoperability; DSN production of level 0 data; delivery of level 0 data from the Deep Space Communications Complex, if desired; dedicated telemetry processors for each receiver; security against unauthorized access and errors; and highly automated monitor and control

Law and Ethics for Autonomous Weapon Systems: Why a Ban Won\u27t Work and How the Laws of War Can

Public debate is heating up over the future development of autonomous weapon systems. Some concerned critics portray that future, often invoking science-fiction imagery, as a plain choice between a world in which those systems are banned outright and a world of legal void and ethical collapse on the battlefield. Yet an outright ban on autonomous weapon systems, even if it could be made effective, trades whatever risks autonomous weapon systems might pose in war for the real, if less visible, risk of failing to develop forms of automation that might make the use of force more precise and less harmful for civilians caught near it. Grounded in a more realistic assessment of technology – acknowledging what is known and what is yet unknown – as well as the interests of the many international and domestic actors involved, this paper outlines a practical alternative: the gradual evolution of codes of conduct based on traditional legal and ethical principles governing weapons and warfare

Customized Software in Distributed Embedded Systems: ISOBUS and the Coming Revolution in Agriculture

The electrification of agricultural equipment has been evolving for many years and in some ways is lagging behind other industries. However this strategy of following the lead of other industries now offers Ag the opportunity to move forward at a revolutionary pace. Network standards defined by the Society of Automotive Engineers (SAE) and the International Organization for Standardization (ISO) committees are the basis for defining a rulebook for this industrystandardizing worldwide electronics interoperability. ISOBUS (ISO 11783) which defines a physical standard between tractors and implements will be an important enabler for most new product definitions. The foundation of this coming revolution will be provided through software. This paper outlines the electronics hardware and software architecture for off-road vehicles that allows for implementation of customized machine control features. There are several key areas discussed. The first enabler for this revolution is a software development and delivery system that defines a design methodology for creating and delivering software modules for a distributed set of controllers. This design methodology presents two advantages that today’s modern electronic technologies can deliver: 1) Customization with commodity hardware and 2) Service without replacing hardware parts anywhere in the world. The second enabler for this machine revolution is an ‘agile’ process to develop the software. Many product ideas are being valuated through a trial and error and continuous improvement process. Software will play an important enabler for these product definitions. A comparison between the worldwide trend for software processes, the Capability Maturity Model (CMM), and what type of process would fit the offroad industry is based around the maturity of the new product ideas. The strong supply chain link between dealers and customers for off-road machines, coupled with the emerging awareness of electronic functions and controls, sets a basis for a specialized software development process. An important enabler for this ‘agile’ process is the re-use of code and incremental testing with reviews. The history of the off-road machine business has been based on proven designs and long times between model updates. However, the worldwide adoption of the ISOBUS standard is poised to change this history. ISOBUS is not only establishing an open system for interoperability, it is establishing a sequence of features for diagnostics, sequenced operations, and information management. As customers discover these capabilities, they will expect them to be further advanced and customized for their specific needs. This requires adding agility into the proven durable processes so that manufacturers can respond faster to these growing needs. Electronics, and especially well-planned software systems, offer an agile technology for meeting this coming need. This paper presents the benchmarking of various embedded software development projects relating project content, project rigor, and quality. From this, insights into maintaining quality are gained in order to include agility into a durable development project. Also, risk and rewards of leveraging low cost country software development skills are addressed to stretch resources or even develop common resources for software systems

FAIR: Forwarding Accountability for Internet Reputability

This paper presents FAIR, a forwarding accountability mechanism that incentivizes ISPs to apply stricter security policies to their customers. The Autonomous System (AS) of the receiver specifies a traffic profile that the sender AS must adhere to. Transit ASes on the path mark packets. In case of traffic profile violations, the marked packets are used as a proof of misbehavior. FAIR introduces low bandwidth overhead and requires no per-packet and no per-flow state for forwarding. We describe integration with IP and demonstrate a software switch running on commodity hardware that can switch packets at a line rate of 120 Gbps, and can forward 140M minimum-sized packets per second, limited by the hardware I/O subsystem. Moreover, this paper proposes a "suspicious bit" for packet headers - an application that builds on top of FAIR's proofs of misbehavior and flags packets to warn other entities in the network.Comment: 16 pages, 12 figure