Using Ontologies in Formal Developments Targeting Certification

This is the author accepted manuscript. The final version is available from Springer Verlag via the DOI in this recordIFM 2019: 15th International Conference on integrated Formal Methods, 4-6 December 2019, Bergen, NorwayA common problem in the certification of highly safety or security critical systems is the consistency of the certification documentation in general and, in particular, the linking between semi-formal and formal content of the certification documentation. We address this problem by using an existing framework, Isabelle/DOF, that allows writing certification documents with consistency guarantees, in both, the semi-formal and formal parts. Isabelle/DOF supports the modeling of document ontologies using a strongly typed ontology definition language. An ontology is then enforced inside documents including formal parts, e.g., system models, verification proofs, code, tests and validations of corner-cases. The entire set of documents is checked within Isabelle/HOL, which includes the definition of ontologies and the editing of integrated documents based on them. This process is supported by an IDE that provides continuous checking of the document consistency. In this paper, we present how a specific software-engineering certification standard, namely CENELEC 50128, can be modeled inside Isabelle/DOF. Based on an ontology covering a substantial part of this standard, we present how Isabelle/DOF can be applied to a certification case-study in the railway domain.IRT System

Using the isabelle ontology framework: Linking the formal with the informal

This is the author accepted manuscript. The final version is available from the publisher via the DOI in this recordWhile Isabelle is mostly known as part of Isabelle/HOL (an interactive theorem prover), it actually provides a framework for developing a wide spectrum of applications. A particular strength of the Isabelle framework is the combination of text editing, formal verification, and code generation. Up to now, Isabelle’s document preparation system lacks a mechanism for ensuring the structure of different document types (as, e.g., required in certification processes) in general and, in particular, mechanism for linking informal and formal parts of a document. In this paper, we present Isabelle/DOF, a novel Document Ontology Framework on top of Isabelle. Isabelle/DOF allows for conventional typesetting as well as formal development. We show how to model document ontologies inside Isabelle/DOF, how to use the resulting meta-information for enforcing a certain document structure, and discuss ontology-specific IDE support

Isabelle/DOF: Design and Implementation

This is the author accepted manuscript. The final version is available from Springer Verlag via the DOI in this record17th International Conference, SEFM 2019 Oslo, Norway, September 18–20, 2019DOF is a novel framework for defining ontologies and enforcing them during document development and evolution. A major goal of DOF is the integrated development of formal certification documents (e. g., for Common Criteria or CENELEC 50128) that require consistency across both formal and informal arguments. To support a consistent development of formal and informal parts of a document, we provide Isabelle/DOF, an implementation of DOF on top of the formal methods framework Isabelle/HOL. A particular emphasis is put on a deep integration into Isabelleâs IDE, which allows for smooth ontology development as well as immediate ontological feedback during the editing of a document. In this paper, we give an in-depth presentation of the design concepts of DOFâs Ontology Definition Language (ODL) and key aspects of the technology of its implementation. Isabelle/DOF is the first ontology language supporting machine-checked links between the formal and informal parts in an LCF-style interactive theorem proving environment. Sufficiently annotated, large documents can easily be developed collabo- ratively, while ensuring their consistency, and the impact of changes (in the formal and the semi-formal content) is tracked automatically.IRT SystemX, Paris-Saclay, Franc

Isabelle/DOF. User and Implementation Manual

The software for which this is the manual is available via the DOI in this recordIsabelle/DOF provides an implementation of DOF on top of Isabelle/HOL. DOF itself is a novel framework for defining ontologies and enforcing them during document development and document evolution. Isabelle/DOF targets use-cases such as mathematical texts referring to a theory development or technical reports requiring a particular structure. A major application of DOF is the integrated development of formal certification documents (e.g., for Common Criteria or CENELEC 50128) that require consistency across both formal and informal arguments. Isabelle/DOF is integrated into Isabelle’s IDE, which allows for smooth ontology development as well as immediate ontological feedback during the editing of a document. Its checking facilities leverage the collaborative development of documents required to be consistent with an underlying ontological structure. In this user-manual, we give an in-depth presentation of the design concepts of DOF’s Ontology Definition Language (ODL) and describe comprehensively its major commands. Many examples show typical best-practice applications of the system. Isabelle/DOF is the first ontology language supporting machine-checked links between the formal and informal parts in an LCF-style interactive theorem proving environment.IRT System

Integration of Formal Proof into Unified Assurance Cases with Isabelle/SACM

Assurance cases are often required to certify critical systems. The use of formal methods in assurance can improve automation, increase confidence, and overcome errant reasoning. However, assurance cases can never be fully formalised, as the use of formal methods is contingent on models that are validated by informal processes. Consequently, assurance techniques should support both formal and informal artifacts, with explicated inferential links between them. In this paper, we contribute a formal machine-checked interactive language, called Isabelle/SACM, supporting the computer-assisted construction of assurance cases compliant with the OMG Structured Assurance Case Meta-Model. The use of Isabelle/SACM guarantees well-formedness, consistency, and traceability of assurance cases, and allows a tight integration of formal and informal evidence of various provenance. In particular, Isabelle brings a diverse range of automated verification techniques that can provide evidence. To validate our approach, we present a substantial case study based on the Tokeneer secure entry system benchmark. We embed its functional specification into Isabelle, verify its security requirements, and form a modular security case in Isabelle/SACM that combines the heterogeneous artifacts. We thus show that Isabelle is a suitable platform for critical systems assurance

Formal Model-Based Assurance Cases in Isabelle/SACM : An Autonomous Underwater Vehicle Case Study

Isabelle/SACM is a tool for automated construction of model-based assurance cases with integrated formal methods, based on the Isabelle proof assistant. Assurance cases show how a system is safe to operate, through a human comprehensible argument demonstrating that the requirements are satisfied, using evidence of various provenances. They are usually required for certification of critical systems, often with evidence that originates from formal methods. Automating assurance cases increases rigour, and helps with maintenance and evolution. In this paper we apply Isabelle/SACM to a fragment of the assurance case for an autonomous underwater vehicle demonstrator. We encode the metric unit system (SI) in Isabelle, to allow modelling requirements and state spaces using physical units. We develop a behavioural model in the graphical RoboChart state machine language, embed the artifacts into Isabelle/SACM, and use it to demonstrate satisfaction of the requirements

Modelling and Proving Safety in Autonomous Cars Scenarios in HOL-CSP

We present an approach to model scenarios of autonomous cars in HOL-CSP [10] and prove particular safety properties via interactive proofs in the Isabelle/HOL system (https: //en.wikipedia.org/wiki/Isabelle_(proof_assistant)).The basis of this work is an ontology for Autonomous Car Scenarios given in MOSAR (https://www.mosar.io) that describes a collection of actors (e.g. cars, trucks, bicycles), equipments (e.g. signals, vehicle lights, etc.), infrastructures (e.g. expressways, intersec- tions, etc.) and their dynamic interactions throughout driving scenarios.We represent the behaviour of actors and (rudimentarily) equipments as processes, i.e. infinite sets of traces denoting classes of scenarios. In particular, actors were represented as HOL-CSP processes. Due to the non-determinism and event-polymorphism of HOL-CSP, actor descriptions can be partially defined wrt. to data and arbitrarily ”chaotic” in their behaviour. A translation scheme of MOSAR-ontologies into actor processes in HOL-CSP is sketched.For a particular scenario described in [9] (two cars in a linear line, no backwards driving) we specialize our framework and demonstrate a machine-checked safety proof: If all the actors apply a particular driving strategy taking into account position, speed and acceleration as well as distance to the car in front, there will be no situation with a collision. This strategy — called Responsibility-Sensitive Safety — is formulated as a function and the resulting invariant formally proven in Isabelle/HOL, while overcoming a number of short-comings in both the original modeling and the original paper-and-pencil proof

Using Deep Ontologies in Formal Software Engineering

This is the author accepted manuscript. The final version is available from Springer via the DOI on this recordIsabelle/DOF is an ontology framework on top of Isabelle. It allows for the formal development of ontologies as well as continuous conformity-checking of integrated documents annotated by ontological data. An integrated document may contain text, code, definitions, proofs, and user-programmed constructs supporting a wide range of formal methods. Isabelle/DOF is designed to leverage traceability in inte- grated documents by supporting navigation in Isabelle’s IDE as well as the document generation process. In this paper, we extend Isabelle/DOF with annotations of λ-terms, a pervasive data-structure underlying Isabelle used to syntactically represent expressions and formulas. Rather than introducing an own pro- gramming language for meta-data, we use Higher-order Logic (HOL) for expressions, data-constraints, ontological invariants, and queries via code-generation and reflection. This allows both for powerful query languages and logical reasoning over ontologies in, for example, ontological mappings. Our application examples cover documents targeting formal certifications such as CENELEC 50128 or Common Criteria