Automating GDPR compliance verification for cloud-hosted services

Cloud-hosted business processes require access to customer data to complete a transaction, to improve a customer’s on-line experience or provide useful product recommendations. However, privacy concerns associated with the use of this data have led to legal regulations that impose restrictions on how such data is requested or processed by an on-line service, with large penalties for violating these restrictions, e.g. the European General Data Protection Regulation (GDPR). We propose a framework for helping cloud-hosted services automate GDPR compliance checking. The framework comprises three steps: represent data flow in business processes with an appropriate abstraction (timed transition systems), formalise GDPR rules and obligations and incorporate them into the same abstraction, and implement the abstraction in a model checking tool (Uppaal) in order to automatically verify compliance of business process activities with GDPR. We demonstrate the approach using a cloud-based purchase order system

Formal QoS Validation Approach on a Real-Time MAC Protocol for Wireless Sensor Networks

Several wireless sensor network applications are currently popping up, in various domains. Their goal is often to monitor a geographic area. When a sensor detects a monitored event, it informs a sink node using alarm messages. The area surveillance application needs to react to such an event with a finite, bounded and known delay: these are real-time constraints. The network being linear, routing becomes unnecessary. This work proposes a new real-time MAC protocol with realistic assumptions on sensor networks. We present a formal validation of this protocol, and explicit the worst case times for the services offered by the protocol (initialization and alarm transmission using different modes)

A formal framework for specification-based embedded real-time system engineering

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Aeronautics and Astronautics, 2008.Includes bibliographical references (v. 2, p. 517-545).The increasing size and complexity of modern software-intensive systems present novel challenges when engineering high-integrity artifacts within aggressive budgetary constraints. Among these challenges, ensuring confidence in the engineered system, through validation and verification activities, represents the high cost item on many projects. The expensive nature of engineering high-integrity systems using traditional approaches can be partly attributed to the lack of analysis facilities during the early phases of the lifecycle, causing the validation and verification activities to begin too late in the engineering lifecycle. Other challenges include the management of complexity, opportunities for reuse without compromising confidence, and the ability to trace system features across lifecycle phases. The use of models as a specification mechanism provides an approach to mitigate complexity through abstraction. Furthermore, if the specification approach has formal underpinnings, the use of models can be leveraged to automate engineering activities such as formal analysis and test case generation. The research presented in this thesis proposes an engineering framework which addresses the high cost of validation and verification activities through specification-based system engineering. More specifically, the framework provides an integrated approach to embedded real-time system engineering which incorporates specification, simulation, formal verification, and test-case generation. The framework aggregates the state-of-the-art in individual software engineering disciplines to provide an end-to-end approach to embedded real-time system engineering. The key aspects of the framework include: * A novel specification language, the Timed Abstract State Machine (TASM) language, which extends the theory of Abstract State Machines (ASM).(cont.) The TASM language is a literate formal specification language which can be applied and multiple levels of abstraction and which can express the three key aspects of embedded real-time systems - function, time, and resources. * Automated verification capabilities achieved through the integration of mature analysis engines, namely the UPPAAL tool suite and the SAT4J SAT solver. The verification capabilities provided by the framework include completeness and consistency verification, model checking, execution time analysis, and resource consumption analysis. * Bi-directional traceability of model features across levels of abstraction and lifecycle phases. Traceability is achieved syntactically through archetypical refinement types; each refinement type provides correctness criteria, which, if met, guarantee semantic integrity through the refinement. * Automated test case generation capabilities for unit testing, integration testing, and regression testing. Unit test cases are generated to achieve TASM specification coverage through the rule coverage criterion. Integration test case generation is achieved through the hierarchical composition of unit test cases. Regression test case generation is achieved by leveraging the bi-directional traceability of model features. The framework is implemented into an integrated tool suite, the TASM toolset, which incorporates the UPPAAL tool suite and the SAT4J SAT solver. The toolset and framework are evaluated through experimentation on three industrial case studies - an automated manufacturing system, a "drive-by-wire" system used at a major automotive manufacturer, and a scripting environment used on the International Space Station.by Martin Ouimet.Ph.D

Model-Based Scenario Testing and Model Checking with Applications in the Railway Domain

This thesis introduces Timed Moore Automata, a specification formalism, which extends the classical Moore Automata by adding the concept of abstract timers without concrete delay time values, which can be started and reset, and which can change their state from running to elapsed. The formalism is used in real-world railway domain applications, and algorithms for the automated test data generation and explicit model checking of Timed Moore Automata models are presented. In addition, this thesis deals with test data generation for larger scale test models using standardized modeling formalisms. An existing framework for the automated test data generation is presented, and its underlying work-flow is extended and modified in order to allow user interaction and guidance within the generation process. As opposed to specifying generation constraints for entire test scenarios, the modified work flow then allows for an iterative approach to elaborating and formalizing test generation goals

Simulation combined model-based testing method for train control systems

A Train Control System (TCS) is utilised to guard the operational safety of the trains in railway systems. Therefore, functional testing is applied to verify consistency between the TCS and specification requirements. Traditional functional testing in TCSs is mainly based on manually designed test cases, which is becoming unsuitable for testing increasingly complex TCSs. Therefore, Model-Based Testing (MBT) methods have been introduced into TCS functional testing, to improve the efficiency and coverage of TCS testing, with application difficulties. To overcome the difficulties of applying MBT methods to test TCSs, the author introduces simulation combined MBT which combines an MBT method with simulation. Modelling method and implementation method for the proposed approach were explained in detail. Two case studies were undertaken to explore the effectiveness of the testing platform developed. The testing results obtained prove that the testing platform can be utilised to implement the functional testing of TCSs. To prove that the MBT platform is effective in detecting errors in the SUT, validation and verification was undertaken, which include validation of specification requirements and verification of the MBT platform. The testing performance is proven to be better than existing MBT methods in terms of coverage and efficiency

Foundations of Multi-Paradigm Modelling for Cyber-Physical Systems

This open access book coherently gathers well-founded information on the fundamentals of and formalisms for modelling cyber-physical systems (CPS). Highlighting the cross-disciplinary nature of CPS modelling, it also serves as a bridge for anyone entering CPS from related areas of computer science or engineering. Truly complex, engineered systems—known as cyber-physical systems—that integrate physical, software, and network aspects are now on the rise. However, there is no unifying theory nor systematic design methods, techniques or tools for these systems. Individual (mechanical, electrical, network or software) engineering disciplines only offer partial solutions. A technique known as Multi-Paradigm Modelling has recently emerged suggesting to model every part and aspect of a system explicitly, at the most appropriate level(s) of abstraction, using the most appropriate modelling formalism(s), and then weaving the results together to form a representation of the system. If properly applied, it enables, among other global aspects, performance analysis, exhaustive simulation, and verification. This book is the first systematic attempt to bring together these formalisms for anyone starting in the field of CPS who seeks solid modelling foundations and a comprehensive introduction to the distinct existing techniques that are multi-paradigmatic. Though chiefly intended for master and post-graduate level students in computer science and engineering, it can also be used as a reference text for practitioners

Tool-Supported Formal Analysis of Real-Time Systems

In dieser Arbeit werden Verfahren zur effizienten, benutzerfreundlichen Analyse von Echtzeitsystemen entwickelt. Ziel ist die Verbesserung der Entwurfsqualität hinsichtlich von dynamischen/zeitlichen Programmabläufen möglichst ohne zusätzlichen Aufwand seitens des Entwicklers. Dieses erfordert ein Aufsetzen auf Spezifikationen, die bei der Entwicklung ohnehin anfallen. Konkret wird daher untersucht, wie sich Modelle der Unified Modeling Language mit formalen Methoden analysieren lassen und wie diese Analyse automatisiert werden kann. Es wird geklärt, welche Teilmenge von Modellen als Ausgangspunkt für eine dynamische Analyse geeignet ist. Dabei werden in dieser Arbeit drei Analyseziele definiert, die jeweils eine eigene Sprachdefinition erfordern. Wichtiger Bestandteil der Arbeit ist die Realisierung einer automatisierten Analyse. Dabei wird auf formale Techniken wie Model-Checking und auf algorithmische Lösungen der Scheduling-Theorie zurückgegriffen. Es wird nachgewiesen, dass sich verschiedene theoretische Lösungsansätze unter dem Dach einer einheitlichen Notation für den Anwender transparent anwenden lassen und in der Summe zu einer deutlichen Verbesserung der Software- Qualität in einem besonders komplexen Anwendungsgebiet beitragen können.In this work, methods for an efficient and user friendly analysis of real-time systems are developed. The intention is an improvement of the quality of the software design regarding the dynamic/temporal execution runs without additional efforts of the developer. This requires the use of specification models, which are common in the developing process, as basis for the analysis. Therefore, formal analysis of the Unified Modeling Language (UML) is investigated and how this analysis can be automated. As precondition, it is investigated, which subset of UML models is well suited for a dynamic analysis. Three domains of an analysis are defined, which requires their own input language definition. An important part of this work is the development of an automated analysis. Therefore, formal methods like model checking and algorithms of the scheduling theory are used. It is shown, that different solution approaches can be hidden behind a well-known notation for improving the quality of software design in a complex application domain

Abstractions and Static Analysis for Verifying Reactive Systems

Fokkink, W.J. [Promotor]Sidorova, N. [Copromotor

QUALITY IMPROVEMENT AND VALIDATION TECHNIQUES ON SOFTWARE SPECIFICATION AND DESIGN

Ph.DDOCTOR OF PHILOSOPH