5 research outputs found
Proof Automation in the Theory of Finite Sets and Finite Set Relation Algebra
{log} ('setlog') is a satisfiability solver for formulas of the theory of
finite sets and finite set relation algebra (FSTRA). As such, it can be used as
an automated theorem prover (ATP) for this theory. {log} is able to
automatically prove a number of FSTRA theorems, but not all of them.
Nevertheless, we have observed that many theorems that {log} cannot
automatically prove can be divided into a few subgoals automatically
dischargeable by {log}. The purpose of this work is to present a prototype
interactive theorem prover (ITP), called {log}-ITP, providing evidence that a
proper integration of {log} into world-class ITP's can deliver a great deal of
proof automation concerning FSTRA. An empirical evaluation based on 210
theorems from the TPTP and Coq's SSReflect libraries shows a noticeable
reduction in the size and complexity of the proofs with respect to Coq
An Automatically Verified Prototype of the Tokeneer ID Station Specification
The Tokeneer project was an initiative set forth by the National Security
Agency (NSA, USA) to be used as a demonstration that developing highly secure
systems can be made by applying rigorous methods in a cost effective manner.
Altran Praxis (UK) was selected by NSA to carry out the development of the
Tokeneer ID Station. The company wrote a Z specification later implemented in
the SPARK Ada programming language, which was verified using the SPARK Examiner
toolset. In this paper, we show that the Z specification can be easily and
naturally encoded in the {log} set constraint language, thus generating a
functional prototype. Furthermore, we show that {log}'s automated proving
capabilities can discharge all the proof obligations concerning state
invariants as well as important security properties. As a consequence, the
prototype can be regarded as correct with respect to the verified properties.
This provides empirical evidence that Z users can use {log} to generate correct
prototypes from their Z specifications. In turn, these prototypes enable or
simplify some verificatio activities discussed in the paper
Combining Type Checking and Set Constraint Solving to Improve Automated Software Verification
In this paper we show how prescritive type checking and constraint solving
can be combined to increase automation during software verification. We do so
by defining a type system and implementing a typechecker for {log} (read
`setlog'), a Constraint Logic Programming (CLP) language and satisfiability
solver based on set theory. Hence, we proceed as follows: a) a type system for
{log} is defined; b) the constraint solver is proved to be safe w.r.t. the type
system; c) the implementation of a concrete typechecker is presented; d) the
integration of type checking and set constraint solving to increase automation
during software verification is discussed; and f) two industrial-strength case
studies are presented where this combination is used with very good results
Brewer-Nash Scrutinised: Mechanised Checking of Policies featuring Write Revocation
peer reviewed9. Industry, innovation and infrastructur
Automated Proof of Bell–LaPadula Security Properties
Almost 50 years ago, D. E. Bell and L. LaPadula published the first formal model of a secure system, known today as the Bell–LaPadula (BLP) model. BLP is described as a state machine by means of first-order logic and set theory. The authors also formalize two state invariants known as security condition and *-property. Bell and LaPadula prove that all the state transitions preserve these invariants. In this paper we present a fully automated proof of the security condition and the *-property for all the model operations. The model and the proofs are coded in the { log} tool. As far as we know this is the first time such proofs are automated. Besides, we show that the { log} model is also an executable prototype. Therefore we are providing an automatically verified executable prototype of BLP