The Best a Monitor Can Do

Existing notions of monitorability for branching-time properties are fairly restrictive. This, in turn, impacts the ability to incorporate prior knowledge about the system under scrutiny - which corresponds to a branching-time property - into the runtime analysis. We propose a definition of optimal monitors that verify the best monitorable under- or over-approximation of a specification, regardless of its monitorability status. Optimal monitors can be obtained for arbitrary branching-time properties by synthesising a sound and complete monitor for their strongest monitorable consequence. We show that the strongest monitorable consequence of specifications expressed in Hennessy-Milner logic with recursion is itself expressible in this logic, and present a procedure to find it. Our procedure enables prior knowledge to be optimally incorporated into runtime monitors

A behavioral analysis tool for models of software systems

Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia InformáticaProcess calculi are simple languages which permit modeling of concurrent systems so that they can be verified for correctness. We can analyze concurrent systems based on process calculi by either comparing a representation of the actual implementation with a simpler specification for equivalence, or by verifying whether desired properties described in an adequate logic hold. Strong bisimulation equivalence is one of many equivalence relations defined on process calculi to aid in the verification of concurrent software. This equivalence relation relates processes which exhibit the same behavior, i.e. perform the same transitions, as equivalent regardless of internal implementation details. Logics to reason about processes range from those which describe temporal properties – how properties evolve during the course of a process’ life – behavioral properties – which actions a process is capable of performing – and spatial properties – what components compose a process and how are they connected. Model checking consists of verifying if a model, in our case a process, satisfies a given property. Model checking techniques are quite popular in conjunction with process calculi to aid in the verification of the correctness of concurrent systems. In this thesis we address the problems of checking bisimilarity between processess using characteristic formulae, which are formulae used to fully describe a process’ behavior. We implement some facilities to allow bisimilarity verification in the Spatial Logic Model Checker tool. As a result of adding these facilities we also extend the SLMC tool with an extra modality in the logic it uses to reason about processes. We have also added the possibility to define mutually recursive properties in the tool and enhanced the model checking algorithm with a cache to prevent redundant, time-consuming checks to be performed

Requirements, specifications, and minimal refinement

Refinement is usually employed to produce more concrete versions of a specification, or to add new requirements to it. However, during specification revision one may over-refine, thus incorporating unnecessary requirements. In this paper, we argue that this process can be formalised by the notion of minimal refinements, hence avoiding over-refinement, and prove that this definition is well-behaved theoretically as well as computationall

If At First You Don't Succeed: Extended Monitorability through Multiple Executions

This paper investigates the observational capabilities of monitors that can observe a system over multiple runs. We study how the augmented monitoring setup affect the class of properties that can be verified at runtime, focussing on branching-time properties expressed in the modal mu-calculus. Our results show that the setup can be used to systematically extend previously established monitorability limits. We also prove bounds that capture the correspondence between the syntactic structure of a branching-time property and the number of system runs required to conduct the verification

Formell Modellering och Verifiering av EAP-NOOB Protokollet

The expansion of the Internet of Things (IoT) has resulted in an increasing number of new devices communicating independently over the network with each other and with servers. This has created a need for protocols to manage the swiftly growing network. Consequently, formal verification methods have become an important part of the development process of network systems and protocols. Before implementation, the specification itself has to be shown to be reliable and secure. Nimble out-of-band authentication for EAP (EAP-NOOB) is a protocol for bootstrapping IoT devices with a minimal user interface and no pre-configured credentials. In this thesis, we create a symbolic model of the EAP-NOOB protocol with the mCRL2 modelling language and verify both its correct operation and its liveness properties with exhaustive state space exploration and model checking. Major findings relate to the recovery of the protocol after lost or corrupted messages, which could be exploited for denial-of-service attacks. We contribute to the standardisation process of the protocol by model checking the current draft specification and by suggesting improvements and clarifications to the next version. Finally, we verify the changes made to the protocol and show that they improve the overall reliability and fix the detected issues. Moreover, while modelling the protocol, we found various underspecified features and ambiguities that needed to be clarified. Furthermore, we create a test suite for testing the cryptographic implementation. By comparing message logs from the implementation with output generated by our test script, we find that incompatibilities between cryptographic libraries sometimes resulted in protocol failures.Utvidgandet av sakernas internet (IoT) har resulterat i en ökning av nya fristående apparater som kommunicerar med varandra och med servrar. Detta har skapat ett behov av protokoll för att upprätthålla det växande nätverket. Följaktligen har användning av formell verifiering blivit en viktig del av utvecklingsprocessen av nätverkssystem och protokoll. Innan ett protokoll implementeras, måste själva specifikationen bevisas vara pålitlig och säker. Nimble out-of-band authentication for EAP (EAP-NOOB) är ett protokoll för koppling av IoT-apparater med ett minimalt användargränssnitt och inga förhandskonfigurerade kreditiv. I detta examensarbete skapar vi en symbolisk modell av EAP-NOOB-protokollet med mCRL2 språket och verifierar diverse egenskaper genom tillståndsutforskning. Vi bidrar till protokollets standardiseringsprocess med förändringsförslag, visar att de förbättrar protokollets tillförlitlighet och korrigerar de upptäckta problemen. I samband med verifieringsprocessen hittade vi diverse tvetydigheter i specifikationen som korrigerades. Ytterligare presenterar vi ett testprogram för kryptografisk verifiering och datagenerering. Genom att jämföra loggfiler från implementeringen med våra genererade data visar vi att det existerar inkompatibiliteter mellan kryptografiska programbibliotek