23,213 research outputs found
An integrated approach to high integrity software verification.
Computer software is developed through software engineering. At its most precise, software
engineering involves mathematical rigour as formal methods. High integrity software
is associated with safety critical and security critical applications, where failure
would bring significant costs. The development of high integrity software is subject to
stringent standards, prescribing best practises to increase quality. Typically, these standards
will strongly encourage or enforce the application of formal methods.
The application of formal methods can entail a significant amount of mathematical
reasoning. Thus, the development of automated techniques is an active area of research.
The trend is to deliver increased automation through two complementary approaches.
Firstly, lightweight formal methods are adopted, sacrificing expressive power, breadth of
coverage, or both in favour of tractability. Secondly, integrated solutions are sought,
exploiting the strengths of different technologies to increase automation.
The objective of this thesis is to support the production of high integrity software by
automating an aspect of formal methods. To develop tractable techniques we focus on
the niche activity of verifying exception freedom. To increase effectiveness, we integrate
the complementary technologies of proof planning and program analysis. Our approach
is investigated by enhancing the SPARK Approach, as developed by Altran Praxis Limited.
Our approach is implemented and evaluated as the SPADEase system. The key
contributions of the thesis are summarised below:
• Configurable and Sound - Present a configurable and justifiably sound approach
to software verification.
• Cooperative Integration - Demonstrate that more targeted and effective automation
can be achieved through the cooperative integration of distinct technologies.
• Proof Discovery - Present proof plans that support the verification of exception
freedom.
• Invariant Discovery - Present invariant discovery heuristics that support the verification
of exception freedom.
• Implementation as SPADEase - Implement our approach as SPADEase.
• Industrial Evaluation - Evaluate SPADEase against both textbook and industrial
subprograms
Early evaluation of security functionality in software projects - some experience on using the common criteria in a quality management process
This paper documents the experiences of assurance evaluation during the early stage of a large software development project. This project researches, contracts and integrates privacy-respecting software to business environments. While assurance evaluation with ISO 15408 Common Criteria (CC) within the certification schemes is done after a system has been completed, our approach executes evaluation during the early phases of the software life cycle. The promise is to increase quality and to reduce testing and fault removal costs for later phases of the development process. First results from the still-ongoing project suggests that the Common Criteria can define a framework for assurance evaluation in ongoing development projects.Dieses Papier dokumentiert den Versuch, mittels der Common Criteria nach ISO 15408 bereits während der Erstellung eines Softwaresystems dessen Sicherheitseigenschaften zu überprüfen. Dies geschieht im Gegensatz zur üblichen Post-Entwicklungs-Evaluation
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Systematic Review on Security and Privacy Requirements in Edge Computing: State of the Art and Future Research Opportunities
Edge computing is a promising paradigm that enhances the capabilities of cloud computing. In order to continue patronizing the computing services, it is essential to conserve a good atmosphere free from all kinds of security and privacy breaches. The security and privacy issues associated with the edge computing environment have narrowed the overall acceptance of the technology as a reliable paradigm. Many researchers have reviewed security and privacy issues in edge computing, but not all have fully investigated the security and privacy requirements. Security and privacy requirements are the objectives that indicate the capabilities as well as functions a system performs in eliminating certain security and privacy vulnerabilities. The paper aims to substantially review the security and privacy requirements of the edge computing and the various technological methods employed by the techniques used in curbing the threats, with the aim of helping future researchers in identifying research opportunities. This paper investigate the current studies and highlights the following: (1) the classification of security and privacy requirements in edge computing, (2) the state of the art techniques deployed in curbing the security and privacy threats, (3) the trends of technological methods employed by the techniques, (4) the metrics used for evaluating the performance of the techniques, (5) the taxonomy of attacks affecting the edge network, and the corresponding technological trend employed in mitigating the attacks, and, (6) research opportunities for future researchers in the area of edge computing security and privacy
- …