Towards scaling up DynAlloy analysis using predicate abstraction

DynAlloy is an extension to the Alloy specifi cation language suitable for modeling properties of executions of software systems. DynAlloy provides fully automated support for verifying properties of programs, in the style of the Alloy Analyzer, i.e., by exhaustively searching for counterexamples of properties in bounded scenarios (bounded domains and iterations of programs). But, as for other automated analysis techniques, the so called state explotion problem makes the analysis feasible only for small bounds. In this paper, we take advantage of an abstraction technique known as predicate abstraction, for scaling up the analysis of DynAlloy specifi cations. The implementation of predicate abstraction we present enables us to substantially increase the domain and iteration bounds in some case studies, and its use is fully automated. Our implementation is relatively e cient, exploiting the reuse of already calculated abstractions when these are available, and an "on the fly" check of traces when looking for counterexamples. We introduce the implementation of the technique, and some preliminary experimental results with case studies, to illustrate the benefi ts of the technique.VI Workshop Ingeniería de Software (WIS)Red de Universidades con Carreras en Informática (RedUNCI

Search for a New Conceptual Bookkeeping Model: Different Levels of Abstraction

Nowadays, every bookkeeping system used in practice is automated. Most bookkeeping software and integrated information systems are based on databases. In this paper, we develop a new conceptual bookkeeping model which is not based on manual techniques, but which is applicable in a database environment. The model is designed as a composition of equations. The startingpoint of these equations is the well-known accounting equation. In the development of the model, several levels of abstraction are distinguished: from an abstract level to a more concrete level. Every level of abstraction is described by one equation. This equation has both an input-function and an output-function. With the development of this model, the gap between the bookkeeping literature and bookkeeping practice has been reduced.bookkeeping;accounting information systems;conceptual modeling

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

Software in the Manufacturing Industry: A Review of Security Challenges and Implications

Software defines digital infrastructures in the manufacturing industry, connecting services and computation resources to machines and devices. These infrastructures aim at increased flexibility, scalability, and a wider application portfolio for automated manufacturing processes. At the same time, the complexity of securing software increases dramatically. Threats to confidentiality, integrity, and availability of software can result in critical losses for automated industrial production and impact manufacturing companies. In order to map existing and emerging security challenges, we present the results of a hermeneutic literature review structured along abstraction levels and vertical integration of software. Based on this structure, we derive implications for academia and practice focused on operators, developers, and security auditors of digital infrastructures. Thereby, we discuss courses of action mapped to software security black boxes, infrastructure heterogeneity, and the adaptation of security for operational usage

Abstraction and Assume-Guarantee Reasoning for Automated Software Verification

Compositional verification and abstraction are the key techniques to address the state explosion problem associated with model checking of concurrent software. A promising compositional approach is to prove properties of a system by checking properties of its components in an assume-guarantee style. This article proposes a framework for performing abstraction and assume-guarantee reasoning of concurrent C code in an incremental and fully automated fashion. The framework uses predicate abstraction to extract and refine finite state models of software and it uses an automata learning algorithm to incrementally construct assumptions for the compositional verification of the abstract models. The framework can be instantiated with different assume-guarantee rules. We have implemented our approach in the COMFORT reasoning framework and we show how COMFORT out-performs several previous software model checking approaches when checking safety properties of non-trivial concurrent programs

Model checking user interfaces

User interfaces are crucial for the success of most software projects. As software grows in complexity there is a similar growth in the user interface com- plexity which leads to bugs which may be difficult to find by means of testing. In this paper we use the method of automated model checking to verify user interfaces with respect to a formal specification. We present an algorithm for the automated abstraction of the user interface model of a given system, which uses asynchronous and interleaving composition of a number of programs. This technique was successful at verifying the user interface of case study and brings us one step forward towards push button verification.peer-reviewe

An Ameliorated Methodology for the Abstraction of Object Oriented Features from Software Requirements Specification

AbstractThe Business Process (BP) requirements is specified in the form of software requirements specification (SRS). This SRS serves as a base for software development. The software needs to be developed in a syllogized software development life cycle (SDLC) stages. The SRS which denote the requirements of BP is used as input to the analysis stage from which the paradigm dependent components are to be abstracted. Hither to the components are abstracted manually with the exception of hiatuses of semi-automated methods for few of the components. The SRS is construed with reference to the specific paradigm through which the design is to be developed. Unfortunately, no complete automated methodology exists for the abstraction of all paradigm dependent components. The automated methodology eliminates the possible human errors which would have ripple effect to damage the entire software. This paper develops an innovative, unique methodology to resurrect the SRS statements as modular statements. Further develops an automated methodology for abstraction of control and data flow graphs. Further it develops an automated methodology for abstraction of useful components required for the class diagram. The class diagram emphasizes both structural and behavioral aspects. This facility is effectively used to abstract object class attributes, object methods, visibility, signature, return type etc.Information systems are developed through software projects which use the specific software requirements specification (SRS) provided for them as the base. The SRS contains details of the information system through which appropriate software can be developed. The information systems are also viewed perceptively with different pragmatics like work, work process or usecase. The usecase is one of the prime perspective views whose sum forms the information system. In this paper, an attempt is made to abstract object class, object class attributes, object methods, interrelationships between object classes and starting with/ending with actor from unformatted, unstructured SRS text. This is achieved through our own developed classing and slicing techniques to identify respectively the class structure & object methods. Then usecase is developed through the interrelationships between object methods of different classes and start with or end with the actor. The stages involve moulding the SRS, designing control flow graph for the SRS & data flow table for the SRS statements, developing appropriate classing and slicing criteria, creating actor & actors’ interface attributes table, create slicing criteria for each usecase and then slice relevant statements for each usecase. Here, we have attempted to use Weiser modified algorithm1 to abstract exact usecase. The slicing criterion is obtained through the intersection of actor's interface attributes and the referenced/defined attributes present between two consecutive actors. Attempts have been made to resolve synonyms & heteronyms present in the SRS. The correctness & completeness of the proposed methodology depends on the realization of actor & actors’ interface attributes

DATA-DRIVEN CHARACTERIZATION OF TECHNICAL DEBT IN A COMPLEX INFORMATION SYSTEM

Presented herein are techniques that provide a holistic and integrated abstraction among different categories of technical debt (TD) in a complex software system, as well as among different TD-related data sources such as logs, traces, telemetry, and metrics. The techniques presented herein allow for accelerated, automated, and evolutionary TD management in a complex software development life cycle (SDLC). The techniques learn the context throughout the SDLC pipeline and turn this context into actionable insights for use in repaying the technical debt at the earliest stages of the development process. The techniques presented herein provide an automated and low cost mechanism that may reduce debt within a company

Towards the verification of RAISE specifications through Model Checking

Ensuring the correctness of a given software component has become a crucial aspect in Software Engineering and the Model Checking technique provides a fully automated way to achieve this goal. In particular, the usage of Model Checking in formal languages has been reinforced in the last decades because the specifications themselves provide an abstraction of the problem under study (whether created by abstraction from the software or by hand) and the properties validated at the specification level can be warrantied to be preserved until implementation. In this paper we focus on the main issues for adding Model Checking functionalities to the RAISE specification language and present the most important characteristics of our current approach for doing so. An outline of the main issues and problems faced in the process and possible ways to solve them are also presented.Eje: Ingeniería de software y base de datosRed de Universidades con Carreras en Informática (RedUNCI