5,009 research outputs found
Model checking usage policies
We study usage automata, a formal model for specifying policies on the usage of resources. Usage automata extend finite state automata with some additional features, parameters and guards, that improve their expressivity. We show that usage automata are expressive enough to model policies of real-world applications. We discuss their expressive power, and we prove that the problem of telling whether a computation complies with a usage policy is decidable. The main contribution of this paper is a model checking technique for usage automata. The model is that of usages, i.e. basic processes that describe the possible patterns of resource access and creation. In spite of the model having infinite states, because of recursion and resource creation, we devise a polynomial-time model checking technique for deciding when a usage complies with a usage policy
SMT-based Verification of LTL Specifications with Integer Constraints and its Application to Runtime Checking of Service Substitutability
An important problem that arises during the execution of service-based
applications concerns the ability to determine whether a running service can be
substituted with one with a different interface, for example if the former is
no longer available. Standard Bounded Model Checking techniques can be used to
perform this check, but they must be able to provide answers very quickly, lest
the check hampers the operativeness of the application, instead of aiding it.
The problem becomes even more complex when conversational services are
considered, i.e., services that expose operations that have Input/Output data
dependencies among them. In this paper we introduce a formal verification
technique for an extension of Linear Temporal Logic that allows users to
include in formulae constraints on integer variables. This technique applied to
the substitutability problem for conversational services is shown to be
considerably faster and with smaller memory footprint than existing ones
Modelling, reduction and analysis of Markov automata (extended version)
Markov automata (MA) constitute an expressive continuous-time compositional modelling formalism. They appear as semantic backbones for engineering frameworks including dynamic fault trees, Generalised Stochastic Petri Nets, and AADL. Their expressive power has thus far precluded them from effective analysis by probabilistic (and statistical) model checkers, stochastic game solvers, or analysis tools for Petri net-like formalisms. This paper presents the foundations and underlying algorithms for efficient MA modelling, reduction using static analysis, and most importantly, quantitative analysis. We also discuss implementation pragmatics of supporting tools and present several case studies demonstrating feasibility and usability of MA in practice
Timed Analysis of Security Protocols
We propose a method for engineering security protocols that are aware of
timing aspects. We study a simplified version of the well-known Needham
Schroeder protocol and the complete Yahalom protocol, where timing information
allows the study of different attack scenarios. We model check the protocols
using UPPAAL. Further, a taxonomy is obtained by studying and categorising
protocols from the well known Clark Jacob library and the Security Protocol
Open Repository (SPORE) library. Finally, we present some new challenges and
threats that arise when considering time in the analysis, by providing a novel
protocol that uses time challenges and exposing a timing attack over an
implementation of an existing security protocol
Modelling and Simulation of Asynchronous Real-Time Systems using Timed Rebeca
In this paper we propose an extension of the Rebeca language that can be used
to model distributed and asynchronous systems with timing constraints. We
provide the formal semantics of the language using Structural Operational
Semantics, and show its expressiveness by means of examples. We developed a
tool for automated translation from timed Rebeca to the Erlang language, which
provides a first implementation of timed Rebeca. We can use the tool to set the
parameters of timed Rebeca models, which represent the environment and
component variables, and use McErlang to run multiple simulations for different
settings. Timed Rebeca restricts the modeller to a pure asynchronous
actor-based paradigm, where the structure of the model represents the service
oriented architecture, while the computational model matches the network
infrastructure. Simulation is shown to be an effective analysis support,
specially where model checking faces almost immediate state explosion in an
asynchronous setting.Comment: In Proceedings FOCLASA 2011, arXiv:1107.584
Expressive Equivalence and Succinctness of Parametrized Automata with respect to Finite Memory Automata
International audienceWe compare parametrized automata, a class of automata recently introduced by the authors, against finite memory automata with non-deterministic assignment, an existing class of automata used to model services. We prove that both classes have the same expressive power, while parametrized automata can be exponentially succinct in some cases. We then prove that deciding simulation preorder for parametrized automata is EXPTIME-complete, extending an earlier result showing it in EXPTIME
Connectors meet Choreographies
We present Cho-Reo-graphies (CR), a new language model that unites two
powerful programming paradigms for concurrent software based on communicating
processes: Choreographic Programming and Exogenous Coordination. In CR,
programmers specify the desired communications among processes using a
choreography, and define how communications should be concretely animated by
connectors given as constraint automata (e.g., synchronous barriers and
asynchronous multi-casts). CR is the first choreography calculus where
different communication semantics (determined by connectors) can be freely
mixed; since connectors are user-defined, CR also supports many communication
semantics that were previously unavailable for choreographies. We develop a
static analysis that guarantees that a choreography in CR and its user-defined
connectors are compatible, define a compiler from choreographies to a process
calculus based on connectors, and prove that compatibility guarantees
deadlock-freedom of the compiled process implementations
Refinement for Probabilistic Systems with Nondeterminism
Before we combine actions and probabilities two very obvious questions should
be asked. Firstly, what does "the probability of an action" mean? Secondly, how
does probability interact with nondeterminism? Neither question has a single
universally agreed upon answer but by considering these questions at the outset
we build a novel and hopefully intuitive probabilistic event-based formalism.
In previous work we have characterised refinement via the notion of testing.
Basically, if one system passes all the tests that another system passes (and
maybe more) we say the first system is a refinement of the second. This is, in
our view, an important way of characterising refinement, via the question "what
sort of refinement should I be using?"
We use testing in this paper as the basis for our refinement. We develop
tests for probabilistic systems by analogy with the tests developed for
non-probabilistic systems. We make sure that our probabilistic tests, when
performed on non-probabilistic automata, give us refinement relations which
agree with for those non-probabilistic automata. We formalise this property as
a vertical refinement.Comment: In Proceedings Refine 2011, arXiv:1106.348
- âŠ