394 research outputs found
Analysis and Verification of Service Interaction Protocols - A Brief Survey
Modeling and analysis of interactions among services is a crucial issue in
Service-Oriented Computing. Composing Web services is a complicated task which
requires techniques and tools to verify that the new system will behave
correctly. In this paper, we first overview some formal models proposed in the
literature to describe services. Second, we give a brief survey of verification
techniques that can be used to analyse services and their interaction. Last, we
focus on the realizability and conformance of choreographies.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
A mechanized proof of loop freedom of the (untimed) AODV routing protocol
The Ad hoc On-demand Distance Vector (AODV) routing protocol allows the nodes
in a Mobile Ad hoc Network (MANET) or a Wireless Mesh Network (WMN) to know
where to forward data packets. Such a protocol is 'loop free' if it never leads
to routing decisions that forward packets in circles. This paper describes the
mechanization of an existing pen-and-paper proof of loop freedom of AODV in the
interactive theorem prover Isabelle/HOL. The mechanization relies on a novel
compositional approach for lifting invariants to networks of nodes. We exploit
the mechanization to analyse several improvements of AODV and show that
Isabelle/HOL can re-establish most proof obligations automatically and identify
exactly the steps that are no longer valid.Comment: The Isabelle/HOL source files, and a full proof document, are
available in the Archive of Formal Proofs, at
http://afp.sourceforge.net/entries/AODV.shtm
Set Partition and Trace Based Verification of Web Service Composition
AbstractDe*signing and running Web services compositions are error-prone as it is difficult to determine the behavior of web services during execution and their conformance to functional requirements. Interaction among composite Web services may cause concurrency related issues. In this paper, we present a formal model for reasoning and verifying Web services composition at design level. We partition the candidate services being considered for composition into several subsets on the basis of their service invocation order. We arrange these subsets to form a Web services set partition graph and transform to a set of interacting traces. Then, we propose a novel methodology for service interaction verification that uses service description (from WSDL file) to extract the necessary information and facilitates the process of modeling, analyzing, and reasoning the composite services. As a part of verification technique, we use two levels of modeling. This includes abstract modeling that further leads to detailed modeling if required, thereby reducing the computation time and modeling complexity
Formally designing and implementing cyber security mechanisms in industrial control networks.
This dissertation describes progress in the state-of-the-art for developing and deploying formally verified cyber security devices in industrial control networks. It begins by detailing the unique struggles that are faced in industrial control networks and why concepts and technologies developed for securing traditional networks might not be appropriate. It uses these unique struggles and examples of contemporary cyber-attacks targeting control systems to argue that progress in securing control systems is best met with formal verification of systems, their specifications, and their security properties. This dissertation then presents a development process and identifies two technologies, TLA+ and seL4, that can be leveraged to produce a high-assurance embedded security device. The method presented in this dissertation takes an informal design of an embedded device that might be found in a control system and 1) formalizes the design within TLA+, 2) creates and mechanically checks a model built from the formal design, and 3) translates the TLA+ design into a component-based architecture of a native seL4 application. The later chapters of this dissertation describe an application of the process to a security preprocessor embedded device that was designed to add security mechanisms to the network communication of an existing control system. The device and its security properties are formally specified in TLA+ in chapter 4, mechanically checked in chapter 5, and finally its native seL4 architecture is implemented in chapter 6. Finally, the conclusions derived from the research are laid out, as well as some possibilities for expanding the presented method in the future
Components, contracts, and connectors for the Unified Modelling Language UML
The lack of a component concept for the UML is widely ac-\ud
knowledged. Contracts between components can be the starting point for introducing components and component interconnections. Contracts between service providers and service users are formulated based on abstractions of action and operation behaviour using the pre- and postcon-\ud
dition technique. A valid contract allows to establish an interconnection- a connector - between the provider and the user. The contract concept supports the re-use of components by providing means to establish and modify component interconnections. A flexible contract concept shall be based on a renement relation for operations and classes, derived from operation abstractions. Abstract behaviour, expressed by pre- and post-conditions, and renement are the key elements in the denition of a formal and flexible component and component interconnection approach
Automated Validation of State-Based Client-Centric Isolation with TLA <sup>+</sup>
Clear consistency guarantees on data are paramount for the design and implementation of distributed systems. When implementing distributed applications, developers require approaches to verify the data consistency guarantees of an implementation choice. Crooks et al. define a state-based and client-centric model of database isolation. This paper formalizes this state-based model in, reproduces their examples and shows how to model check runtime traces and algorithms with this formalization. The formalized model in enables semi-automatic model checking for different implementation alternatives for transactional operations and allows checking of conformance to isolation levels. We reproduce examples of the original paper and confirm the isolation guarantees of the combination of the well-known 2-phase locking and 2-phase commit algorithms. Using model checking this formalization can also help finding bugs in incorrect specifications. This improves feasibility of automated checking of isolation guarantees in synthesized synchronization implementations and it provides an environment for experimenting with new designs.</p
Correctness of model-based software composition (CMC). Proceedings. ECOOP 2003 Workshop #11 in association with the 17th European Conference on Object-Oriented Programming, Darmstadt, Germany, July 22, 2003
This proceedings contains the contributions to the Workshop on
Correctness of Model-based Software Composition, held in
conjunction with the 17th European Conference on Object-Oriented
Programming (ECOOP), Darmstadt, Germany on July 22, 2003.
While most events concentrate on realisations of composition on
the technological level this workshop aims at closing the gap of
ensuring the intended composition result supported by the usage
of models.
Two important problems in composition are first how to model the
different assets (such as components, features or aspects) and
second the composition of assets such that consistency and
correctness is guaranteed. The first problem has been addressed
in the Workshop on Model-based Software Reuse (ECOOP 2002). The
latter problem occurs when dealing with, e.g., component
interoperability, aspect weaving, feature interaction and (on a
more abstract level) traceability between different views or
models.
One approach to deal with the composition problem is to use
models allowing to model the composition. This allows checking
the interoperability of the different assets to compose, the
correctness of the configuration of assets and predicting
properties of the assembled system (especially compliance with
user requirements). In case of problem detection suitable
resolution algorithms can be applied.
10 reviewed contributions give an overview about current
research directions in correctness of model-based software
compositions.
Results from the discussions during the workshop may be found in
the ECOOP 2003 workshop reader to be published by Springer LNCS.
The web page of the workshop as well as the contributions of
this proceedings may be found at URL:
http://ssel.vub.ac.be/workshops/ECOOP2003/
Affiliated to previous ECOOP conferences a related workshop
about feature interaction (ECOOP 2001) and an additional about
model-based software reuse (ECOOP 2002) have been held. Their
contributions are published as technical report No. 2001-14 and
as technical report No. 2002-4, respectively, at the
Universitaet Karlsruhe, Fakultaet fuer Informatik.
URLs:
http://www.info.uni-karlsruhe.de/~pulvermu/workshops/ecoop2001/
http://www.ubka.uni-karlsruhe.de/cgi-bin/psview?document=/ira/2001/14
http://www.info.uni-karlsruhe.de/~pulvermu/workshops/ECOOP2002/
http://www.ubka.uni-karlsruhe.de/cgi-bin/psview?document=/ira/2002/4
We would like to thank the program committee for their support
as well as the authors and participants for their engaged
contributions.
The Workshop Organisers
Ragnhild Van Der Straeten, Andreas Speck, Elke Pulvermueller,
Matthias Clauss, Andreas Pleus
Verifying Strong Eventual Consistency in Distributed Systems
Data replication is used in distributed systems to maintain up-to-date copies of shared data across multiple
computers in a network. However, despite decades of research, algorithms for achieving consistency in
replicated systems are still poorly understood. Indeed, many published algorithms have later been shown to
be incorrect, even some that were accompanied by supposed mechanised proofs of correctness. In this work,
we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides
strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework
in the Isabelle/HOL interactive proof assistant for verifying the correctness of CRDT algorithms. We avoid
correctness issues that have dogged previous mechanised proofs in this area by including a network model
in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic
network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks.
Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal
definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for
three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement
Counter. We find that our framework is highly reusable, developing proofs of correctness for the latter two
CRDTs in a few hours and with relatively little CRDT-specific code
- …