CoFI: The Common Framework Initiative for Algebraic Specification and Development

An open collaborative effort has been initiated: to design acommon framework for algebraic specification and development of software. The rationale behind this initiative is that the lack of such a common framework greatly hinders the dissemination and application of researchresults in algebraic specification. In particular, the proliferationof specification languages, some differing in only quite minor ways from each other, is a considerable obstacle for the use of algebraic methods in industrial contexts, making it difficult to exploit standard examples, case studies and training material. A common framework with widespread acceptancethroughout the research community is urgently needed.The aim is to base the common framework as much as possible on a critical selection of features that have already been explored in various contexts. The common framework will provide a family of specificationlanguages at different levels: a central, reasonably expressive language, called CASL, for specifying (requirements, design, and architecture of) conventional software; restrictions of CASL to simpler languages, for use primarily in connection with prototyping and verification tools; and extensionsof CASL, oriented towards particular programming paradigms,such as reactive systems and object-based systems. It should also be possibleto embed many existing algebraic specification languages in members of the CASL family. A tentative design for CASL has already been proposed. Task groupsare studying its formal semantics, tool support, methodology, and other aspects, in preparation for the finalization of the design

Arguing satisfaction of security requirements

This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements

A Unified Approach for Representing Structurally-Complex Models in SBML Level 3

The aim of this document is to explore a unified approach to handling several of the proposed extensions to the SBML Level 3 Core specification. The approach is illustrated with reference to Simile, a modelling environment which appears to have most of the capabilities of the various SBML Level 3 package proposals which deal with model structure. Simile (http://www.simulistics.com) is a visual modelling environment for continuous systems modelling which includes the ability to handle complex disaggregation of model structure, by allowing the modeller to specify classes of object and the relationships between them.

The note is organised around the 6 packages listed on the SBML Level 3 Proposals web page (http://sbml.org/Community/Wiki/SBML_Level_3_Proposals) which deal with model structure, namely comp, arrays, spatial, geom, dyn and multi. For each one, I consider how the requirements which motivated the package can be handled using Simile's unified approach. Although Simile has a declarative model-representation language (in both Prolog and XML syntax), I use Simile diagrams and equation syntax throughout, since this is more compact and readable than large chunks of XML.

The conclusion is that Simile can indeed meet most of the requirements of these various packages, using a generic set of constructs - basically, the multiple-instance submodel, the concept of a relationship (association) between submodels, and array variables. This suggests the possibility of having a single SBML Level 3 extension package similar to the Simile data model, rather than a series of separate packages. Such an approach has a number of potential advantages and disadvantages compared with having the current set of discrete packages: these are discussed in this paper

Arguing security: validating security requirements using structured argumentation

This paper proposes using both formal and structured informal arguments to show that an eventual realized system can satisfy its security requirements. These arguments, called 'satisfaction arguments', consist of two parts: a formal argument based upon claims about domain properties, and a set of informal arguments that justify the claims. Building on our earlier work on trust assumptions and security requirements, we show how using satisfaction arguments assists in clarifying how a system satisfies its security requirements, in the process identifying those properties of domains that are critical to the requirements

Linking Quality Attributes and Constraints with Architectural Decisions

Quality attributes and constraints are among the main drivers of architectural decision making. The quality attributes are improved or damaged by the architectural decisions, while restrictions directly include or exclude parts of the architecture (for example, the logical components or technologies). We can determine the impact of a decision of architecture in software quality, or which parts of the architecture are affected by a constraint, but the difficult problem is whether we are respecting the quality requirements (requirements on quality attributes) and constraints with all the architectural decisions made. Currently, the common practice is that architects use their own experience to design architectures that meet the quality requirements and restrictions, but at the end, especially for the crucial decisions, the architect has to deal with complex trade-offs between quality attributes and juggle possible incompatibilities raised by the constraints. In this paper we present Quark, a computer-aided method to support architects in software architecture decision making

The Effects of Monetary Policy in the Czech Republic: An Empirical Study

within VAR, structural VAR, and the Factor-Augmented VAR framework. We document a well-functioning transmission mechanism similar to the euro area countries, especially in terms of persistence of monetary policy shocks. Subject to various sensitivity tests, we find that contractionary monetary policy shock has a negative effect on the degree of economic activity and price level, both with a peak response after one year or so. Regarding the prices at the sectoral level, tradables adjust faster than non-tradables, which is in line with microeconomic evidence on price stickiness. There is no price puzzle, as our data come from single monetary policy regime. There is a rationale in using the real-time output gap instead of current GDP growth as using the former results in much more precise estimates. The results indicate a rather persistent appreciation of domestic currency after monetary tightening with a gradual depreciation afterwards.http://deepblue.lib.umich.edu/bitstream/2027.42/64350/1/wp922.pd

A Model-based transformation process to validate and implement high-integrity systems

Despite numerous advances, building High-Integrity Embedded systems remains a complex task. They come with strong requirements to ensure safety, schedulability or security properties; one needs to combine multiple analysis to validate each of them. Model-Based Engineering is an accepted solution to address such complexity: analytical models are derived from an abstraction of the system to be built. Yet, ensuring that all abstractions are semantically consistent, remains an issue, e.g. when performing model checking for assessing safety, and then for schedulability using timed automata, and then when generating code. Complexity stems from the high-level view of the model compared to the low-level mechanisms used. In this paper, we present our approach based on AADL and its behavioral annex to refine iteratively an architecture description. Both application and runtime components are transformed into basic AADL constructs which have a strict counterpart in classical programming languages or patterns for verification. We detail the benefits of this process to enhance analysis and code generation. This work has been integrated to the AADL-tool support OSATE2