UML 2.0 interactions with OCL/RT constraints

The use of formal methods at early stages of software development contributes to the reliability and robustness of the system to be constructed. Int his context, real-time system development benefits from the construction of behavioral models in order to verify the correct satisfaction of time constraints. The Unified Modeling Language (UML) is a software specification language widely used by the industry and the academia. Nevertheless, its version 2.0 lacks a formal semantics for the development of provably-correct models. In addition, its constraint specification language, Object Constraint Language (OCL), has limitations for its use in behavioral models of real-time systems. This work concerns the inter-component behavioral specification of real-time systems. Such behavior is described using the UML 2.0 Interactions language extended for the inclusion of time constraints using the OCL for Real Time (OCL/RT) language. The main problem addressed in this work is the definition of a formal semantics for the fusion of both languages. The semantics allows recognizing valid and invalid behaviors of a system with time constraints. Intended for formal verification, an analysis of the properties derived from the semantics is also done. In particular, the notions of refinement of interactions and refinement of constraints are explored. Finally, the proposal is compared with related works and its practical application is studied in order to analyze its benefits and weaknesses. This work contributes to the formalization of concepts widely used in practice and, inconsequence, to its inclusion in modeling and formal reasoning tools. More-over, the expressivity of the UML 2.0 Interactions language is augmented in order to support complex real-time constraints, not expressable until this moment

Verification and validation of UML and SysML based systems engineering design models

In this thesis, we address the issue of model-based verification and validation of systems engineering design models expressed using UML/SysML. The main objectives are to assess the design from its structural and behavioral perspectives and to enable a qualitative as well as a quantitative appraisal of its conformance with respect to its requirements and a set of desired properties. To this end, we elaborate a heretofore unattempted unified approach composed of three well-established techniques that are model-checking, static analysis, and software engineering metrics. These techniques are synergistically combined so that they yield a comprehensive and enhanced assessment. Furthermore, we propose to extend this approach with performance analysis and probabilistic assessment of SysML activity diagrams. Thus, we devise an algorithm that systematically maps these diagrams into their corresponding probabilistic models encoded using the specification language of the probabilistic symbolic model-checker PRISM. Moreover, we define a first of its kind probabilistic calculus, namely activity calculus, dedicated to capture the essence of SysML activity diagrams and its underlying operational semantics in terms of Markov decision processes. Furthermore, we propose a formal syntax and operational semantics for the input language of PRISM. Finally, we mathematically prove the soundness of our translation algorithm with respect to the devised operational semantics using a simulation preorder defined upon Markov decision processes

An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment

Most current anti-worm systems and intrusion-detection systems use signature-based technology instead of anomaly-based technology. Signature-based technology can only detect known attacks with identified signatures. Existing anti-worm systems cannot detect unknown Internet scanning worms automatically because these systems do not depend upon worm behaviour but upon the worm’s signature. Most detection algorithms used in current detection systems target only monomorphic worm payloads and offer no defence against polymorphic worms, which changes the payload dynamically. Anomaly detection systems can detect unknown worms but usually suffer from a high false alarm rate. Detecting unknown worms is challenging, and the worm defence must be automated because worms spread quickly and can flood the Internet in a short time. This research proposes an accurate, robust and fast technique to detect and contain Internet worms (monomorphic and polymorphic). The detection technique uses specific failure connection statuses on specific protocols such as UDP, TCP, ICMP, TCP slow scanning and stealth scanning as characteristics of the worms. Whereas the containment utilizes flags and labels of the segment header and the source and destination ports to generate the traffic signature of the worms. Experiments using eight different worms (monomorphic and polymorphic) in a testbed environment were conducted to verify the performance of the proposed technique. The experiment results showed that the proposed technique could detect stealth scanning up to 30 times faster than the technique proposed by another researcher and had no false-positive alarms for all scanning detection cases. The experiments showed the proposed technique was capable of containing the worm because of the traffic signature’s uniqueness