11,919 research outputs found
Formal Model Engineering for Embedded Systems Using Real-Time Maude
This paper motivates why Real-Time Maude should be well suited to provide a
formal semantics and formal analysis capabilities to modeling languages for
embedded systems. One can then use the code generation facilities of the tools
for the modeling languages to automatically synthesize Real-Time Maude
verification models from design models, enabling a formal model engineering
process that combines the convenience of modeling using an informal but
intuitive modeling language with formal verification. We give a brief overview
six fairly different modeling formalisms for which Real-Time Maude has provided
the formal semantics and (possibly) formal analysis. These models include
behavioral subsets of the avionics modeling standard AADL, Ptolemy II
discrete-event models, two EMF-based timed model transformation systems, and a
modeling language for handset software.Comment: In Proceedings AMMSE 2011, arXiv:1106.596
Self-Adaptation and Secure Information Flow in Multiparty Structured Communications: A Unified Perspective
We present initial results on a comprehensive model of structured
communications, in which self- adaptation and security concerns are jointly
addressed. More specifically, we propose a model of self-adaptive, multiparty
communications with secure information flow guarantees. In this model, security
violations occur when processes attempt to read or write messages of
inappropriate security levels within directed exchanges. Such violations
trigger adaptation mechanisms that prevent the violations to occur and/or to
propagate their effect in the choreography. Our model is equipped with local
and global mechanisms for reacting to security violations; type soundness
results ensure that global protocols are still correctly executed, while the
system adapts itself to preserve security.Comment: In Proceedings BEAT 2014, arXiv:1408.556
Probabilistic Model Checking for Energy Analysis in Software Product Lines
In a software product line (SPL), a collection of software products is
defined by their commonalities in terms of features rather than explicitly
specifying all products one-by-one. Several verification techniques were
adapted to establish temporal properties of SPLs. Symbolic and family-based
model checking have been proven to be successful for tackling the combinatorial
blow-up arising when reasoning about several feature combinations. However,
most formal verification approaches for SPLs presented in the literature focus
on the static SPLs, where the features of a product are fixed and cannot be
changed during runtime. This is in contrast to dynamic SPLs, allowing to adapt
feature combinations of a product dynamically after deployment. The main
contribution of the paper is a compositional modeling framework for dynamic
SPLs, which supports probabilistic and nondeterministic choices and allows for
quantitative analysis. We specify the feature changes during runtime within an
automata-based coordination component, enabling to reason over strategies how
to trigger dynamic feature changes for optimizing various quantitative
objectives, e.g., energy or monetary costs and reliability. For our framework
there is a natural and conceptually simple translation into the input language
of the prominent probabilistic model checker PRISM. This facilitates the
application of PRISM's powerful symbolic engine to the operational behavior of
dynamic SPLs and their family-based analysis against various quantitative
queries. We demonstrate feasibility of our approach by a case study issuing an
energy-aware bonding network device.Comment: 14 pages, 11 figure
Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation
Compartmentalization is good security-engineering practice. By breaking a
large software system into mutually distrustful components that run with
minimal privileges, restricting their interactions to conform to well-defined
interfaces, we can limit the damage caused by low-level attacks such as
control-flow hijacking. When used to defend against such attacks,
compartmentalization is often implemented cooperatively by a compiler and a
low-level compartmentalization mechanism. However, the formal guarantees
provided by such compartmentalizing compilation have seen surprisingly little
investigation.
We propose a new security property, secure compartmentalizing compilation
(SCC), that formally characterizes the guarantees provided by
compartmentalizing compilation and clarifies its attacker model. We reconstruct
our property by starting from the well-established notion of fully abstract
compilation, then identifying and lifting three important limitations that make
standard full abstraction unsuitable for compartmentalization. The connection
to full abstraction allows us to prove SCC by adapting established proof
techniques; we illustrate this with a compiler from a simple unsafe imperative
language with procedures to a compartmentalized abstract machine.Comment: Nit
Enforcing Behavioral Constraints in Evolving Aspect-Oriented Programs
Reasoning, specification, and verification of Aspect-Oriented (AO) programs presents unique challenges especially as such programs evolve over time. Components, base-code and aspects alike, may be easily added, removed, interchanged, or presently unavailable at unpredictable frequencies. Consequently, modular reasoning of such programs is highly attractive as it enables tractable evolution, otherwise necessitating that the entire program be reexamined each time a component is changed. It is well known, however, that modular reasoning about AO programs is difficult. In this paper, we present our ongoing work in constructing a rely-guarantee style reasoning system for the Aspect-Oriented Programming (AOP) paradigm, adopting a trace-based approach to deal with the plug-n-play nature inherent to these programs, thus easing AOP evolution
Context-aware Authorization in Highly Dynamic Environments
Highly dynamic computing environments, like ubiquitous and pervasive computing environments, require frequent adaptation of applications. Context is a key to adapt suiting user needs. On the other hand, standard access control trusts users once they have authenticated, despite the fact that they may reach unauthorized contexts. We analyse how taking into account dynamic information like context in the authorization subsystem can improve security, and how this new access control applies to interaction patterns, like messaging or eventing. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS), in smart home security
Infinite/infinite analysis as a tool for an early oriented synthesis of a reactive pressure swing distillation
The study contributes to the characterization of an original reactive pressure swing distillation system. The methyl acetate (MeAc) transesterification with ethanol (EtOH) to produce methanol (MeOH) and ethyl acetate (EtAc) is shown as illustrative example. The streams outside the units are evaluated by the ∞/∞ analysis to provide insights on the process behavior. Two simpler systems with recycling stream are also presented.The ∞/∞ analysis allows checking the interrelation of the system streams without any column design consideration. Unfeasible regions, low limit values, multiplicity regions, discontinuities, control difficulties, recommendable operation conditions and column profile combinations are predicted and discussed. All these information are useful to establish an early and suitable system design strategy
- …