Verifying Fault-Tolerance of Sensor Network Applications Using Auto-generated Fault Injection Mechanisms

The deployment scenarios for sensor networks are often hostile. These networks also have to operate unattended for long periods. Therefore, fault-tolerance mechanisms are needed to protect these networks from various faults such as node failure due to loss of power, compromise, etc and link failure due to network intrusion, etc. A number of fault-tolerance techniques have been developed specifically for wireless sensor networks. Verifying these fault-tolerant techniques is necessary for reliability and dependability checks. Formal methods such as model checking have been used for verification of such fault-tolerance mechanisms; however, building the models is a tedious job which makes model checking a hard task to accomplish. Techniques that allow model checking source code ease this task. These approaches automate the process of verification model construction. There are two aspects of automated verification model construction. First, a model of the application needs to be built. Second, a model of faults has to be created to expose problems with the application. In a previous work, we developed a framework, which we called Slede, to automatically extract PROMELA models from sensor network applications written in the nesC language. The contribution of this work is the design and implementation of a mechanism for automatically generating fault models from a partial specification of the application. By automatically generating fault models, our approach eases the verification of fault-tolerance for sensor network applications

Using Failure Detection and Consensus in the General Omission Failure Model to Solve Security Problems

It has recently been shown that fair exchange, a security problem in distributed systems, can be reduced to a fault tolerance problem, namely a special form of distributed consensus. The reduction uses the concept of security modules which reduce the type and nature of adversarial behavior to two standard fault-assumptions: message omission and process crash. In this paper, we investigate the feasibility of solving consensus in asynchronous systems in which crash and message omission faults may occur. Due to the impossibility result of consensus in such systems, following the lines of unreliable failure detectors of Chandra and Toueg, we add to the system a distributed device that gives information about the failure of other processes. Then we give an algorithm using this device to solve the consensus problem. Finally, we show how to implement such a device in a asynchronous untrusted environment using security modules and some weak timing assumptions

Automating the Addition of Fail-Safe Fault-Tolerance: Beyond Fusion-Closed Specifications

The tolerance theory by Arora and Kulkarni views a fault-tolerant program as the composition of a fault-intolerant program and fault tolerance components called detectors and correctors.At its core, the theory assumes that the correctness specifications under consideration are fusion closed.In general, fusion closure of specifications can be achieved by adding history variables to the program. However, addition of history variables causes an exponential growth of the state space of the program.To redress this problem, we present a method which can be used to add history information to a program in a way that (in a certain sense) minimizes the additional states. Hence, automated methods that add fault tolerance can now be efficiently applied to environments with not fusion closed specifications

Encapsulating deontic and branching time specifications

In this paper, we investigate formal mechanisms to enable designers to decompose specifications (stated in a given logic) into several interacting components in such a way that the composition of these components preserves their encapsulation and internal non-determinism. The preservation of encapsulation (or locality) enables a modular form of reasoning over specifications, while the conservation of the internal non-determinism is important to guarantee that the branching time properties of components are not lost when the entire system is obtained. The basic ideas come from the work of Fiadeiro and Maibaum where notions from category theory are used to structure logical specifications. As the work of Fiadeiro and Maibaum is stated in a linear temporal logic, here we investigate how to extend these notions to a branching time logic, which can be used to reason about systems where non-determinism is present. To illustrate the practical applications of these ideas, we introduce deontic operators in our logic and we show that the modularization of specifications also allows designers to maintain the encapsulation of deontic prescriptions; this is in particular useful to reason about fault-tolerant systems, as we demonstrate with a small example.Fil: Castro, Pablo Francisco. Universidad Nacional de Río Cuarto; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Córdoba; ArgentinaFil: Maibaum, Thomas S. E.. Mc Master University; Canad

Fault-tolerant supervisory control of discrete-event systems

In this dissertation, I introduce my study on fault-tolerant supervisory control of discrete event systems. Given a plant, possessing both faulty and nonfaulty behavior, and a submodel for just the nonfaulty part, the goal of fault-tolerant supervisory control is to enforce a certain specifcation for the nonfaulty plant and another (perhaps more liberal) specifcation for the overall plant, and further to ensure that the plant recovers from any fault within a bounded delay so that following the recovery the system state is equivalent to a nonfaulty state (as if no fault ever happened). My research includes the formulation of the notations and the problem, existence conditions, synthesizing algorithms, and applications

A Theory of Interface Modeling of Component-Based Software

Abstract, rCOS Automata-based Model of Components, Trace-based Model of Components Coordination, Conclusion and Futur Wor

Extensión de lógicas temporales con nociones deónticas para la especificación y análisis de sistemas tolerantes a fallas

Tesis (Doctor en Ciencias de la Computación)--Universidad Nacional de Córdoba, Facultad de Matemática, Astronomía, Física y Computación, 2020.En la actualidad la tolerancia a fallas cada vez adquiere mayor importancia, debido a que cada día hay más sistemas críticos en donde es necesario garantizar cierto comportamiento deseado aún ante la ocurrencia ocasional de fallas. En este trabajo presentamos algunos formalismos lógicos que resultan adecuados para la especificación, y luego la verificación, de propiedades de sistemas tolerantes a fallas. En particular, nos enfocamos en el uso de aquellos que si bien, tradicionalmente fueron utilizados para representar y analizar la estructura lógica de normas o leyes (conocidos con el nombre de lógicas deónticas), nos posibilitan, a diferencia de otros enfoques, distinguir entre los comportamientos normal y anormal de un sistema. Hacia el final de esta tesis, además, se presentan algunas incursiones en el área de sistemas probabilistas, ya que cuando se piensa en sistemas tolerantes a fallas surge naturalmente pensar en un grado de tolerancia/robustez deseado o esperado; y es justamente este tipo de noción cuantificable la que conduce a la idea de utilizar las probabilidades para capturar este concepto. En particular se presentan algunos ejemplos para ilustrar la capacidad de dichos formalismos para capturar nociones relacionadas con tolerancia a fallas.At present, fault tolerance is becoming more and more important, because every day there are more critical systems where it's necessary to guarantee a certain desired behavior even in the event of occasional failure. In this work we present some logical formalisms suitable for the specification, and later verification, of properties for fault tolerant systems. In particular, we focus on the use of those formalisms traditionally used to represent and analyze the logical structure of norms or laws (known as deontic logics), that allow us to distinguish between normal and abnormal behaviors of a system. Towards the end of this thesis, some forays made into the area of probabilistic systems are also presented, due that when thinking about fault tolerant systems it naturally arises the notion of a desired or expected degree of tolerance / robustness; and it's precisely this kind of quantifiable notion that leads us to think about using probabilities to capture this concept. In particular we show some examples to illustrate the ability of such formalisms to capture notions related to fault tolerance.Fil: Kilmurray, Cecilia Noelia. Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía, Física y Computación; Argentina

Incorporating faults and fault-tolerance into real-time networks: a graph-transformational approach

PhD ThesisThe introduction of fault tolerance into real-time systems presents particular challenges because of the price of redundancy and the added complexity of verification and validation on these redundant structures. This thesis brings structural and formal design techniques to bear on this problem. Verification of fault tolerance properties in such systems has only received limited attention. in particular the design methodologies are in their infancy. We propose a transformational design methodology, specific to a real-time systems architecture. We then reason about the compositional addition of fault tolerant components and templates of the derived designs. This requires that we show the existing axiomatic semantics for our chosen architecture sound with respect to a more constructive semantic model. The issues of presenting an operational model for a real-time architecture are discussed and a model is proposed. The extension of the existing semantics, to allow for faulty behaviour, is shown to preserve the existing semantic properties and the application of our methodology shown to be usable by a sizeable study. The contribution of this thesis is to define a transformational design methodology in which components can be extracted from a design and replaced by another component preserving functionality while providing fault tolerance. This approach requires the precise modelling of the faults we consider. the transformational method and verification of the transformed design with respect to faults.BAE Systems: EPSRC

Modeling and checking Real-Time system designs

Real-time systems are found in an increasing variety of application fields. Usually, they are embedded systems controlling devices that may risk lives or damage properties: they are safety critical systems. Hard Real-Time requirements (late means wrong) make the development of such kind of systems a formidable and daunting task. The need to predict temporal behavior of critical real-time systems has encouraged the development of an useful collection of models, results and tools for analyzing schedulability of applications (e.g., [log]). However, there is no general analytical support for verifying other kind of high level timing requirements on complex software architectures. On the other hand, the verification of specifications and designs of real-time systems has been considered an interesting application field for automatic analysis techniques such as model-checking. Unfortunately, there is a natural trade-off between sophistication of supported features and the practicality of formal analysis. To cope with the challenges of formal analysis real-time system designs we focus on three aspects that, we believe, are fundamental to get practical tools: model-generation, modelreduction and model-checking. Then, firstly, we extend our ideas presented in [30] and develop an automatic approach to model and verify designs of real-time systems for complex timing requirements based on scheduling theory and timed automata theory [7] (a wellknown and studied formalism to model and verify timed systems). That is, to enhance practicality of formal analysis, we focus our analysis on designs adhering to Fixed-Priority scheduling. In essence, we exploit known scheduling theory to automatically derive simple and compositional formal models. To the best of our knowledge, this is the first proposal to integrate scheduling theory into the framework of automatic formal verification. To model such systems, we present I/O Timed Components, a notion and discipline to build non-blocking live timed systems. I/O Timed Components, which are build on top of Timed Automata, provide other important methodological advantages like influence detection or compositional reasoning. Secondly, we provide a battery of automatic and rather generic abstraction techniques that, given a requirement to be analyzed, reduces the model while preserving the relevant behaviors to check it. Thus, we do not feed the verification tools with the whole model as previous formal approaches. To provide arguments about the correctness of those abstractions, we present a notion of Continuous Observational Bismulation that is weaker than strong timed bisimulation yet preserving many well-known logics for timed systems like TCTL [3]. Finally, since we choose timed automata as formal kernel, we adapt and apply their deeply studied and developed analysis theory, as well as their practical tools. Moreover, we also describe from scratch an algorithm to model-check duration properties, a feature that is not addressed by available tools. That algorithm extends the one presented in [28].Fil:Braberman, Víctor Adrián. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales; Argentina