180,245 research outputs found
A Case Study on Formal Verification of Self-Adaptive Behaviors in a Decentralized System
Self-adaptation is a promising approach to manage the complexity of modern
software systems. A self-adaptive system is able to adapt autonomously to
internal dynamics and changing conditions in the environment to achieve
particular quality goals. Our particular interest is in decentralized
self-adaptive systems, in which central control of adaptation is not an option.
One important challenge in self-adaptive systems, in particular those with
decentralized control of adaptation, is to provide guarantees about the
intended runtime qualities. In this paper, we present a case study in which we
use model checking to verify behavioral properties of a decentralized
self-adaptive system. Concretely, we contribute with a formalized architecture
model of a decentralized traffic monitoring system and prove a number of
self-adaptation properties for flexibility and robustness. To model the main
processes in the system we use timed automata, and for the specification of the
required properties we use timed computation tree logic. We use the Uppaal tool
to specify the system and verify the flexibility and robustness properties.Comment: In Proceedings FOCLASA 2012, arXiv:1208.432
Trust Evaluation for Embedded Systems Security research challenges identified from an incident network scenario
This paper is about trust establishment and trust
evaluations techniques. A short background about trust, trusted
computing and security in embedded systems is given. An analysis
has been done of an incident network scenario with roaming
users and a set of basic security needs has been identified.
These needs have been used to derive security requirements for devices and systems, supporting the considered scenario. Using the requirements, a list of major security challenges for future research regarding trust establishment in dynamic networks have been collected and elaboration on some different approaches for future research has been done.This work was supported by the Knowledge foundation and RISE within the ARIES project
Requirements modelling and formal analysis using graph operations
The increasing complexity of enterprise systems requires a more advanced
analysis of the representation of services expected than is currently possible.
Consequently, the specification stage, which could be facilitated by formal
verification, becomes very important to the system life-cycle. This paper presents
a formal modelling approach, which may be used in order to better represent
the reality of the system and to verify the awaited or existing system’s properties,
taking into account the environmental characteristics. For that, we firstly propose
a formalization process based upon properties specification, and secondly we
use Conceptual Graphs operations to develop reasoning mechanisms of verifying
requirements statements. The graphic visualization of these reasoning enables us
to correctly capture the system specifications by making it easier to determine if
desired properties hold. It is applied to the field of Enterprise modelling
A Spatial-Epistemic Logic for Reasoning about Security Protocols
Reasoning about security properties involves reasoning about where the
information of a system is located, and how it evolves over time. While most
security analysis techniques need to cope with some notions of information
locality and knowledge propagation, usually they do not provide a general
language for expressing arbitrary properties involving local knowledge and
knowledge transfer. Building on this observation, we introduce a framework for
security protocol analysis based on dynamic spatial logic specifications. Our
computational model is a variant of existing pi-calculi, while specifications
are expressed in a dynamic spatial logic extended with an epistemic operator.
We present the syntax and semantics of the model and logic, and discuss the
expressiveness of the approach, showing it complete for passive attackers. We
also prove that generic Dolev-Yao attackers may be mechanically determined for
any deterministic finite protocol, and discuss how this result may be used to
reason about security properties of open systems. We also present a
model-checking algorithm for our logic, which has been implemented as an
extension to the SLMC system.Comment: In Proceedings SecCo 2010, arXiv:1102.516
ADsafety: Type-Based Verification of JavaScript Sandboxing
Web sites routinely incorporate JavaScript programs from several sources into
a single page. These sources must be protected from one another, which requires
robust sandboxing. The many entry-points of sandboxes and the subtleties of
JavaScript demand robust verification of the actual sandbox source. We use a
novel type system for JavaScript to encode and verify sandboxing properties.
The resulting verifier is lightweight and efficient, and operates on actual
source. We demonstrate the effectiveness of our technique by applying it to
ADsafe, which revealed several bugs and other weaknesses.Comment: in Proceedings of the USENIX Security Symposium (2011
- …