A Supervisory Control Algorithm Based on Property-Directed Reachability

We present an algorithm for synthesising a controller (supervisor) for a discrete event system (DES) based on the property-directed reachability (PDR) model checking algorithm. The discrete event systems framework is useful in both software, automation and manufacturing, as problems from those domains can be modelled as discrete supervisory control problems. As a formal framework, DES is also similar to domains for which the field of formal methods for computer science has developed techniques and tools. In this paper, we attempt to marry the two by adapting PDR to the problem of controller synthesis. The resulting algorithm takes as input a transition system with forbidden states and uncontrollable transitions, and synthesises a safe and minimally-restrictive controller, correct-by-design. We also present an implementation along with experimental results, showing that the algorithm has potential as a part of the solution to the greater effort of formal supervisory controller synthesis and verification.Comment: 16 pages; presented at Haifa Verification Conference 2017, the final publication is available at Springer via https://doi.org/10.1007/978-3-319-70389-3_

Intelligent building systems: Security and facility professionals’ understanding of system threats,vulnerabilities and mitigation practice

Intelligent Buildings or Building Automation and Control Systems (BACS) are becoming common in buildings, driven by the commercial need for functionality, sharing of information, reduced costs and sustainable buildings. The facility manager often has BACS responsibility; however, their focus is generally not on BACS security. Nevertheless, if a BACS-manifested threat is realised, the impact to a building can be significant, through denial, loss or manipulation of the building and its services, resulting in loss of information or occupancy. Therefore, this study garnered a descriptive understanding of security and facility professionals’ knowledge of BACS, including vulnerabilities and mitigation practices. Results indicate that the majority of security and facility professionals hold a general awareness of BACS security issues, although they lacked a robust understanding to meet necessary protection. For instance, understanding of 23 BACS vulnerabilities were found to be equally critical with limited variance. Mitigation strategies were no better, with respondents indicating poor threat diagnosis. In contrast, cybersecurity and technical security professionals such as integrators or security engineering design professionals displayed a robust understanding of BACS vulnerabilities and resulting mitigation strategies. Findings support the need for greater awareness for both security management and facility professionals of BACS vulnerabilities and mitigation strategies

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Compositional circuit design with asynchronous concepts

PhD ThesisSynchronous circuits are pervasive in modern digital systems, such as smart-phones, wearable devices and computers. Synchronous circuits are controlled by a global clock signal, which greatly simplifies their design but is also a limitation in some applications. Asynchronous circuits are a logical alternative: they do not use a global clock to synchronise their components. Instead, every component reacts to input events at the rate they occur. Asynchronous circuits are not widely adopted by industry, because they are often harder to design and require more sophisticated tools and formal models. Signal Transition Graphs (STGs) is a well-studied formal model for the specification, verification and synthesis of asynchronous circuits with state-of-the-art tool support. STGs use a graphical notation where vertices and arcs specify the operation of an asynchronous circuit. These graphical specifications can be difficult to describe compositionally, and provide little reusability of useful sections of a graph. In this thesis we present Asynchronous Concepts, a new design methodology for asynchronous circuit design. A concept is a self-contained description of a circuit requirement, which is composable with any other concept, allowing compositional specification of large asynchronous circuits. Concepts can be shared, reused and extended by users, promoting the reuse of behaviours within single or multiple specifications. Asynchronous Concepts can be translated to STGs to benefit from the existing theory and tools developed by the asynchronous circuits community. Plato is a software tool developed for Asynchronous Concepts that supports the presented design methodology, and provides automated methods for translation to STGs. The design flow which utilises Asynchronous Concepts is automated using Plato and the open-source toolsuite Workcraft, which can use the translated STGs in verification and synthesis using integrated tools. The proposed language, the design flow, and the supporting tools are evaluated on real-world case studies