9,894 research outputs found
Sound and Complete Runtime Security Monitor for Application Software
Conventional approaches for ensuring the security of application software at
run-time, through monitoring, either produce (high rates of) false alarms (e.g.
intrusion detection systems) or limit application performance (e.g. run-time
verification). We present a runtime security monitor that detects both known
and unknown cyber attacks by checking that the run-time behavior of the
application is consistent with the expected behavior modeled in application
specification. This is crucial because, even if the implementation is
consistent with its specification, the application may still be vulnerable due
to flaws in the supporting infrastructure (e.g. the language runtime system,
libraries and operating system). This runtime security monitor is sound and
complete, eliminating false alarms, as well as efficient, so that it does not
limit runtime application performance and so that it supports real-time
systems. The security monitor takes as input the application specification and
the application implementation, which may be expressed in different languages.
The specification language of the application software is formalized based on
monadic second order logic and event calculus interpreted over algebraic data
structures. This language allows us to express behavior of an application at
any desired (and practical) level of abstraction as well as with high degree of
modularity. The security monitor detects every attack by systematically
comparing the application execution and specification behaviors at runtime,
even though they operate at two different levels of abstraction. We define the
denotational semantics of the specification language and prove that the monitor
is sound and complete. Furthermore, the monitor is efficient because of the
modular application specification at appropriate level(s) of abstraction
PDDL2.1: An extension of PDDL for expressing temporal planning domains
In recent years research in the planning community has moved increasingly towards application of planners to realistic problems involving both time and many types of resources. For example, interest in planning demonstrated by the space research community has inspired work in observation scheduling, planetary rover ex ploration and spacecraft control domains. Other temporal and resource-intensive domains including logistics planning, plant control and manufacturing have also helped to focus the community on the modelling and reasoning issues that must be confronted to make planning technology meet the challenges of application. The International Planning Competitions have acted as an important motivating force behind the progress that has been made in planning since 1998. The third competition (held in 2002) set the planning community the challenge of handling time and numeric resources. This necessitated the development of a modelling language capable of expressing temporal and numeric properties of planning domains. In this paper we describe the language, PDDL2.1, that was used in the competition. We describe the syntax of the language, its formal semantics and the validation of concurrent plans. We observe that PDDL2.1 has considerable modelling power --- exceeding the capabilities of current planning technology --- and presents a number of important challenges to the research community
Issues about the Adoption of Formal Methods for Dependable Composition of Web Services
Web Services provide interoperable mechanisms for describing, locating and
invoking services over the Internet; composition further enables to build
complex services out of simpler ones for complex B2B applications. While
current studies on these topics are mostly focused - from the technical
viewpoint - on standards and protocols, this paper investigates the adoption of
formal methods, especially for composition. We logically classify and analyze
three different (but interconnected) kinds of important issues towards this
goal, namely foundations, verification and extensions. The aim of this work is
to individuate the proper questions on the adoption of formal methods for
dependable composition of Web Services, not necessarily to find the optimal
answers. Nevertheless, we still try to propose some tentative answers based on
our proposal for a composition calculus, which we hope can animate a proper
discussion
Automating the transformation-based analysis of visual languages
The final publication is available at Springer via http://dx.doi.org/10.1007/s00165-009-0114-yWe present a novel approach for the automatic generation of model-to-model transformations given a description of the operational semantics of the source language in the form of graph transformation rules. The approach is geared to the generation of transformations from Domain-Specific Visual Languages (DSVLs) into semantic domains with an explicit notion of transition, like for example Petri nets. The generated transformation is expressed in the form of operational triple graph grammar rules that transform the static information (initial model) and the dynamics (source rules and their execution control structure). We illustrate these techniques with a DSVL in the domain of production systems, for which we generate a transformation into Petri nets. We also tackle the description of timing aspects in graph transformation rules, and its analysis through their automatic translation into Time Petri netsWork sponsored by the Spanish Ministry of Science and Innovation, project METEORIC (TIN2008-02081/TIN) and by the Canadian Natural Sciences and Engineering Research Council (NSERC)
- ā¦