Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

Assessment of IT Infrastructures: A Model Driven Approach

Several approaches to evaluate IT infrastructure architectures have been proposed, mainly by supplier and consulting firms. However, they do not have a unified approach of these architectures where all stakeholders can cement the decision-making process, thus facilitating comparability as well as the verification of best practices adoption. The main goal of this dissertation is the proposal of a model-based approach to mitigate this problem. A metamodel named SDM (System Definition Model) and expressed with the UML (Unified Modeling Language) is used to represent structural and operational knowledge on the infrastructures. This metamodel is automatically instantiated through the capture of infrastructures configurations of existing distributed architectures, using a proprietary tool and a transformation tool that was built in the scope of this dissertation. The quantitative evaluation is performed using the M2DM (Meta-Model Driven Measurement) approach that uses OCL (Object Constraint Language) to formulate the required metrics. This proposal is expected to increase the understandability of IT infrastructures by all stakeholders (IT architects, application developers, testers, operators and maintenance teams) as well as to allow expressing their strategies of management and evolution. To illustrate the use of the proposed approach, we assess the complexity of some real cases in the diachronic and synchronic perspective

Detecting tax evasion: a co-evolutionary approach

We present an algorithm that can anticipate tax evasion by modeling the co-evolution of tax schemes with auditing policies. Malicious tax non-compliance, or evasion, accounts for billions of lost revenue each year. Unfortunately when tax administrators change the tax laws or auditing procedures to eliminate known fraudulent schemes another potentially more profitable scheme takes it place. Modeling both the tax schemes and auditing policies within a single framework can therefore provide major advantages. In particular we can explore the likely forms of tax schemes in response to changes in audit policies. This can serve as an early warning system to help focus enforcement efforts. In addition, the audit policies can be fine tuned to help improve tax scheme detection. We demonstrate our approach using the iBOB tax scheme and show it can capture the co-evolution between tax evasion and audit policy. Our experiments shows the expected oscillatory behavior of a biological co-evolving system

Role Based Access Control as SecureUML Model in Web Applications Development with Spring Security

Tänapäeval on efektiivse äri üheks võtmeks kiire ja edukas veebirakenduste arendus. Samas, uudsed maailmas levinud nõuded eeldavad keerukat lähenemist juurdepääsukontrolli ja kasutajate rühmade koostöövõime määratlemisel. Tavapäraselt hõlmab tarkvara arenduse protsess erinevaid vastutavaid osalisi rakenduse hindamisel, plaanide koostamisel, arendusel, rakendamisel ja kasutajatoe tagamisel, mille tulemusena suureneb informatsiooni kadu ja keerukus sihtgruppide vahelises suhtluses. Arendusmeeskonnad peaksid sellise olukorra vältimiseks ja väärtõlgendustest ning turvalisuse nõuete rikkumisest tulenevate võimalike riskide leevendamiseks tarkvara arenduses kasutama vahendeid, mis võimaldavad kiiret ja täpset veebirakenduse interpreteerimist läbi mudeli. Modelleerimine aitab tunduvalt vähendada võimalikke probleeme ja tagab funktsionaalsuse vajadused arvestades soovitud rollipõhise juurdepääsukontrolli mudeliga. Antud töös pakutakse välja kontseptuaalne Eclipse IDE lisandmooduli realisatsioon, et toetada ja lihtsustada mudelil baseeruvat lähenemist veebirakenduste arendamisel kasutades Spring platvormi. Loodud lisandmoodul toetab Spring Security esitusviiside tuvastamist koos võimega visualiseerida nende üle rollipõhise juurdepääsukontrolli mudelit. Visuaalse mudeli genereerimine toimub kahe peamise astmena: Spring Security konfiguratsiooni tuvastamine ja esituse genereerimine kasutades SecureUML modelleerimise keelt. Loodud lisandmooduli kontseptsioon valideeriti juhtumiuuringutega, mis näitasid lisandmooduli sobivust tarkvara arendajate jaoks tänu integreeritud lahendusele, et tagada kiiremat arendust ja abi valitud veebirakenduse rollipõhise juurdepääsukontrolli mudelist arusaamisel.Nowadays fast and successful development of a web application is one of the keys to effective business. However, modern world requirements define the complex approach in definition of ac-cess control and user groups’ interoperability. The software development process typically in-volves different responsible members for the application assessment, planning, development, de-ployment and support, as a consequence, increasing the complexity and information losses be-tween target groups. In order to mitigate possible risks in software development misinterpretation and security violation, teams should use tools that allow fast and accurate interpretation of the web application through a model. Modelling will help with minimization of possible problems and ensure the functionality needs with respect to desired RBAC model. In order to support and simpli-fy the model-driven approach for a web application development with Spring platform, realization of a concept plugin for Eclipse IDE is proposed. This plugin supports the recognition of Spring Security notations with capability to visualize the RBAC model on top of them. The generation of visual model is achieved in two main steps: recognition of Spring Security configuration and gen-eration of representation with SecureUML modeling language. The concept of contributed plugin was validated within case studies that demonstrated the acceptance of this plugin by software de-velopers due to its integrated solution for faster development and help in understanding of RBAC model for the selected web application

Forum Session at the First International Conference on Service Oriented Computing (ICSOC03)

The First International Conference on Service Oriented Computing (ICSOC) was held in Trento, December 15-18, 2003. The focus of the conference ---Service Oriented Computing (SOC)--- is the new emerging paradigm for distributed computing and e-business processing that has evolved from object-oriented and component computing to enable building agile networks of collaborating business applications distributed within and across organizational boundaries. Of the 181 papers submitted to the ICSOC conference, 10 were selected for the forum session which took place on December the 16th, 2003. The papers were chosen based on their technical quality, originality, relevance to SOC and for their nature of being best suited for a poster presentation or a demonstration. This technical report contains the 10 papers presented during the forum session at the ICSOC conference. In particular, the last two papers in the report ere submitted as industrial papers

SAVCBS 2004 Specification and Verification of Component-Based Systems: Workshop Proceedings

This is the proceedings of the 2004 SAVCBS workshop. The workshop is concerned with how formal (i.e., mathematical) techniques can be or should be used to establish a suitable foundation for the specification and verification of component-based systems. Component-based systems are a growing concern for the software engineering community. Specification and reasoning techniques are urgently needed to permit composition of systems from components. Component-based specification and verification is also vital for scaling advanced verification techniques such as extended static analysis and model checking to the size of real systems. The workshop considers formalization of both functional and non-functional behavior, such as performance or reliability

Access Control from an Intrusion Detection Perspective

Access control and intrusion detection are essential components for securing an organization's information assets. In practice, these components are used in isolation, while their fusion would contribute to increase the range and accuracy of both. One approach to accomplish this fusion is the combination of their security policies. This report pursues this approach by defining a comparison framework for policy specification languages and using this to survey the languages Ponder, LGI, SPL and PDL from the perspective of intrusion detection. We identified that, even if an access control language has the necessary ingredients for merging policies, it might not be appropriate due to mismatches in overlapping concepts