Using BIP to reinforce correctness of resource-constrained IoT applications

International audienceIoT applications have either a sense-only or a sense-compute-actuate goal and they implement a capability to process and respond to multiple (external) events while performing computations. Existing IoT operating systems provide a versatile execution environment that adheres to the limitations of the interconnected resource-constrained devices. To reduce the development effort, applications are often built on top of RESTful web services, which can be shared and reused. However, the asynchronous communication between remote nodes is prone to event scheduling delays, which cannot be predicted and taken into account while programming the application. Moreover, to avoid long delays in message processing and communication due to packet collisions, the data transmission frequencies between the system's nodes have to carefully chosen. In general, even when appropriate debugging tools and simulators are available, it is still a hard challenge to guarantee the required functional and non-functional properties at the application and system levels. To this end, we focus on IoT applications for the Contiki OS and we introduce a model-based rigorous analysis approach using the BIP component framework. At the application level, we verify qualitative properties regarding service responsiveness, whereas at the system level we can validate qualitative and quantitative properties using statistical model checking. We present results for an application scenario running on a distributed system infrastructure with nodes executing the Contiki OS

Architectures in parametric component-based systems: Qualitative and quantitative modelling

One of the key aspects in component-based design is specifying the software architecture that characterizes the topology and the permissible interactions of the components of a system. To achieve well-founded design there is need to address both the qualitative and non-functional aspects of architectures. In this paper we study the qualitative and quantitative formal modelling of architectures applied on parametric component-based systems, that consist of an unknown number of instances of each component. Specifically, we introduce an extended propositional interaction logic and investigate its first-order level which serves as a formal language for the interactions of parametric systems. Our logics achieve to encode the execution order of interactions, which is a main feature in several important architectures, as well as to model recursive interactions. Moreover, we prove the decidability of equivalence, satisfiability, and validity of first-order extended interaction logic formulas, and provide several examples of formulas describing well-known architectures. We show the robustness of our theory by effectively extending our results for parametric weighted architectures. For this, we study the weighted counterparts of our logics over a commutative semiring, and we apply them for modelling the quantitative aspects of concrete architectures. Finally, we prove that the equivalence problem of weighted first-order extended interaction logic formulas is decidable in a large class of semirings, namely the class (of subsemirings) of skew fields.Comment: 53 pages, 11 figure

Security and privacy requirements engineering for human centric IoT systems using eFRIEND and Isabelle

In this paper, we combine a framework for ethical requirement elicitation eFRIEND with automated reasoning. To provide trustworthy and secure IoT for vulnerable users in healthcare scenarios, we need to apply ethics to arrive at suitable system requirements. In order to map those to technical system requirements, we employ high level logical modeling using dedicated Isabelle frameworks for (1) infrastructures with human actors and security policies, (2) attack tree analysis, and (3) security protocol analysis. Following this outline, we apply these frameworks to a case study for supporting Security and Privacy when diagnosing Alzheimer’s patients with smartphone and sensor technolog

Human centric security and privacy for the IoT using formal techniques

In this paper, we summarize a new approach to make security and privacy issues in the Internet of Things (IoT) more transparent for vulnerable users. As a pilot project, we investigate monitoring of Alzheimer’s patients for a low-cost early warning system based on bio-markers supported with smart technologies. To provide trustworthy and secure IoT infrastructures, we employ formal methods and techniques that allow specification of IoT scenarios with human actors, refinement and analysis of attacks and generation of certified code for IoT component architectures

Security and privacy requirements engineering for human centric IoT systems using eFRIEND and Isabelle

In this paper, we combine a framework for ethical requirement elicitation eFRIEND with automated reasoning. To provide trustworthy and secure IoT for vulnerable users in healthcare scenarios, we need to apply ethics to arrive at suitable system requirements. In order to map those to technical system requirements, we employ high level logical modeling using dedicated Isabelle frameworks for (1) infrastructures with human actors and security policies, (2) attack tree analysis, and (3) security protocol analysis. Following this outline, we apply these frameworks to a case study for supporting Security and Privacy when diagnosing Alzheimer’s patients with smartphone and sensor technolog

Formal Verification of Functional Requirements for Smart Contract Compositions in Supply Chain Management Systems

The smart contract technology has increasingly attracted the attention of different industries. However, a significant number of smart contracts deployed in practice suffer from several bugs, which enable malicious users to cause damage. The research community has shifted their focus to verifying the correctness of smart contracts using model checkers and formal verification methods. The majority of the research investigates the correctness of systems built on one smart contract. This paper proposes a verification approach for systems composed of interacting smart contracts developed and controlled by different entities. We use the NuSMV model checker and the Behavioral Interaction Priority tool to model the behaviors of smart contracts and their interactions with the aim of verifying their compliance with the systems’ functional requirements. These requirements are formalized by Linear Temporal Logic propositions. The applicability of our approach is illustrated using a case study from The American Petroleum Institute and implemented using Hyperledger Fabric