4,220 research outputs found
Procedure-modular specification and verification of temporal safety properties
This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application
Applying constraint solving to the management of distributed applications
Submitted to DOA08We present our approach for deploying and managing distributed component-based applications. A Desired State Description (DSD), written in a high-level declarative language, specifies requirements for a distributed application. Our infrastructure accepts a DSD as input, and from it automatically configures and deploys the distributed application. Subsequent violations of the original requirements are detected and, where possible, automatically rectified by reconfiguration and redeployment of the necessary application components. A constraint solving tool is used to plan deployments that meet the application requirements.Postprin
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
The Belgian Electronic Identity Card: a Verification Case Study
In the field of annotation-based source code level program verification for Java-like languages, separation-logic based verifiers offer a promising alternative to classic JML based verifiers such as ESC/Java2, the Mobius tool or Spec#. Researchers have demonstrated the advantages of separation logic based verification by showing that it is feasible to verify very challenging (though very small) sample code, such as design patterns, or highly concurrent code. However, there is little experience in using this new breed of verifiers on real code. In this paper we report on our experience of verifying several thousands of lines of Java Card code using VeriFast, one of the state-of-the-art separation logic based verifiers. We quantify annotation overhead, verification performance, and impact on code quality (number of bugs found). Finally, our experiments suggest a number of potential improvements to the VeriFast tool
Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study
Cloud computing has emerged as a popular paradigm and an attractive model for
providing a reliable distributed computing model.it is increasing attracting
huge attention both in academic research and industrial initiatives. Cloud
deployments are paramount for institution and organizations of all scales. The
availability of a flexible, free open source cloud platform designed with no
propriety software and the ability of its integration with legacy systems and
third-party applications are fundamental. Open stack is a free and opensource
software released under the terms of Apache license with a fragmented and
distributed architecture making it highly flexible. This project was initiated
and aimed at designing a secured cloud infrastructure called BradStack, which
is built on OpenStack in the Computing Laboratory at the University of
Bradford. In this report, we present and discuss the steps required in
deploying a secured BradStack Multi-node cloud infrastructure and conducting
Penetration testing on OpenStack Services to validate the effectiveness of the
security controls on the BradStack platform. This report serves as a practical
guideline, focusing on security and practical infrastructure related issues. It
also serves as a reference for institutions looking at the possibilities of
implementing a secured cloud solution.Comment: 38 pages, 19 figures
Implementing a Loyalty Card for smartphones using a Bitcoin Like Approach
Cryptographic currencies have been thriving in the last 5 years, specially since the appearance
of Bitcoin in 2009. Factors, as the particular advantages of this type of currency, the current
economy conjecture and the evolution of technology are fuelling their popularity. In some countries,
cryptographic currency systems are considered to be feasible alternatives to real money
by the government and Bitcoin is actually being used in transactions worldwide. The success
of Bitcoin is mostly due to its elegant mathematical description, proven security under its assumptions,
its decentralized character and anonymity assurance. Apart from the initial effort
to securely and correctly implement the system and of the maintenance of the applications,
Bitcoin works automatically with the contribution of the nodes of a fully decentralized infrastructure.
The full specification of the protocol is readily available, e.g., in the Internet, and it
can be used by anyone. This masters programme explored the possibility to use it, with modifications,
as a means to implement a system for electronic loyalty cards. In order to do so,
the aforementioned cryptographic currency was studied in detail, a set of requirements for the
new system and modifications to the original protocol were specified, and a software system
was engineered and implemented in the Java programming language. The specification of the
modifications was performed while taking the particular application scenario into account. The
restrictions deriving from the application scenario were mostly dominated by the fact that the
underlying Peer-to-Peer (P2P) infrastructure was to be constituted by smartphones only.
The most visible outcome of this masters programme is the fully working prototype of the loyalty
card system, comprised by an application for mobile devices and by a server side application.
This prototype implements part of the Bitcoin from scratch, starting from the seminal work that
defines it, along with the modifications that introduce a central agent for better controlling the
quantity of currency per client and aid in the establishment of the P2P connections between
two mobile applications. The modified version of the system is herein called Bitpoints, and
the currency is instead constituted by points. The implemented loyalty card system benefits
of some of the advantages of the popular cryptographic currency, namely the public access to
the ledger for isolated verification of all transactions. The loyalty card permits the exchange
of points between users and mining new points, which is fundamentally different than currently
available loyalty cards.
Within the context of this masters programme, a survey was delivery to a population constituted
of 34 individuals, who answered a set of questions concerning the handling of the aforementioned
prototype. The analysis of the obtained results allows to induce that people would feel
comfortable with this application and accept the concept on which is based on, probably preferring
a system similar to the proposed one.As moedas criptográficas têm vindo a prosperar nos últimos cinco anos, especialmente desde o
aparecimento da Bitcoin em 2009. Fatores como as vantagens específicas deste tipo de moedas,
a atual conjetura económica e a evolução tecnológica, estão a estimular a sua popularidade.
Em alguns países, os sistemas monetários criptográficos são considerados pelo governo, alternativas
viáveis ao dinheiro real e a Bitcoin está efetivamente a ser utilizada em transações
por todo o mundo. O sucesso da Bitcoin é essencialmente baseado na sua elegante descrição
matemática, segurança comprovada pelos seus princípios, pelo seu carácter descentralizado e
pela garantia de anonimato. Para além do esforço inicial para implementar corretamente e de
forma segura o sistema, e da manutenção das aplicações, a Bitcoin funciona automaticamente
com a contribuição dos nós de uma infraestrutura descentralizada. A especificação completa do
protocolo está facilmente disponível, por exemplo na Internet, e pode ser utilizada por qualquer
pessoa. Este programa de mestrado explorou a possibilidade de usá-lo, com modificações, como
uma forma de implementar um sistema de cartões de fidelização eletrónicos. De forma a fazer
isso, a moeda criptográfica acima mencionada, foi estudada em detalhe, foram especificados um
conjunto de requisitos para o novo sistema e modificações ao protocolo original, e um sistema
em software foi projetado e implementado na linguagem de programação Java. A especificação
das modificações foi realizada, tendo em conta o cenário desta aplicação em particular. As restrições
resultantes do cenário da aplicação foram maioritariamente dominadas pelo fato de
que a infraestrutura Peer-to-Peer (P2P) subjacente era constituída apenas por smartphones.
O resultado mais visível deste programa de mestrado é o protótipo completamente funcional de
um sistema de cartões de fidelização, composto por uma aplicação para dispositivos móveis, e
outra para ser executada do lado do servidor. Este protótipo implementa de raiz, a parte do Bitcoin,
a partir do trabalho seminal que o define, juntamente com as alterações que introduzem
um agente central para controlar melhor a quantidade de moedas por cliente, e auxiliar no
estabelecimento de ligações P2P entre duas aplicações móveis. A versão modificada do sistema
é aqui chamada de Bitpoints e a moeda é em vez disso, constituída por pontos. Os benefícios
da implementação deste sistema de cartões de fidelização, e de algumas das vantagens
da popular moeda criptográfica são, nomeadamente o acesso público à cadeia de blocos para
verificação isolada de todas as transações. O cartão de fidelização permite a troca de pontos
entre utilizadores e novos pontos de mineração, que é fundamentalmente diferente dos cartões
de fidelização atualmente disponíveis.
Dentro do contexto deste programa de mestrado, foi distribuído um inquérito por uma população
de 34 indivíduos, que responderam a um conjunto de questões relativas ao manuseamento
do protótipo referido anteriormente. A análise dos resultados obtidos permitiu induzir que as
pessoas se sentem confortáveis com a aplicação, e que aceitaram o conceito na qual esta é baseada, preferindo provavelmente um sistema semelhante ao proposto
- …