22 research outputs found

    Retrenching the Purse: Finite Exception Logs, and Validating the Small

    No full text
    The Mondex Electronic Purse is an outstanding example of industrial scale formal refinement, and was the first verification to achieve ITSEC level E6 certification. A formal abstract model and a formal concrete model were developed, and a formal refinement was hand-proved between them. Nevertheless, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. The retrenchment Tower Pattern is used to address one such issue in detail: the finiteness of the purse log (which records unsuccessful transactions). A retrenchment is constructed from the lowest level model of the purse system to a model in which logs are finite, and is then lifted to create two refinement developments of the purse, working at different levels of detail, and connected via retrenchments, forming the tower. The tower development is appropriately validated, vindicating the design used

    ASM refinement preserving invariants

    Get PDF

    Verifying the Mondex Case Study - The KeY Approach

    Get PDF
    The Mondex Case study is still the most substantial contribution to the Grand Challenge repository. It has been the target of a number of formal verification efforts. Those efforts concentrated on correctness proofs for refinement steps of the specification in various specification formalisms using different verification tools. Here, the results of full functional verification of a Javacard implementation of the case study is reported. The functional behavior of the application as well as the security properties to be proven were formalized in JML and verified using the KeY tool, a verification tool for deductive verifying Javacard code. The implementation developed followed, as closely as possible, the concrete layer of the case study\u27s original Z specification. The result demonstrates that, with an appropriate specification language and verification tool, it is possible to bridge the gap between specification and implementation ensuring a fully verified result. The complete material - source code, proofs and binaries of the verification system - is available at http://www.key-project.org/case_studies/mondex.htm

    Event analytics

    Get PDF
    The process analysis toolkit (PAT) integrates the expressiveness of state, event, time, and probability-based languages with the power of model checking. PAT is a self-contained reasoning system for system specification, simulation, and verification. PAT currently supports a wide range of 12 different expressive modeling languages with many application domains and has attracted thousands of registered users from hundreds of organizations. In this invited talk, we will present the PAT system and its vision on ā€œEvent Analyticsā€ (EA) which is beyond ā€œData Analyticsā€. The EA research is based on applying model checking to event planning, scheduling, prediction, strategy analysis and decision making. Various new EA research directions will be discussed.No Full Tex

    A Survey of Practical Formal Methods for Security

    Get PDF
    In today's world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking, and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared, and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety-critical systems, and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends, and directions of research within this field

    Software & system verification with KIV

    Get PDF

    Formal Verification of an Electronic Voting System

    Get PDF
    Electronic voting (e-voting) systems that are used in public elections need to fulfil a broad range of strong requirements concerning both safety and security. Among these requirements are reliability, robustness, privacy of votes, coercion resistance and universal verifiability. Bugs in or manipulations of an e-voting system may have considerable influence on the life of the humans living in a country where such a system is used. Hence, e-voting systems are an obvious target for software verification. In this paper, we report on an implementation of such a system in Java and the formal verification of functional properties thereof in the KeY verification system. Even though the actual components are clearly modularized, the challenge lies in the fact that we need to prove a highly nonlocal property: After all voters have cast their votes, the server calculates the correct votes for each candidate w.r.t. the original ballots. This kind of trace property is dificult to prove with static techniques like verification and typically yields a large specification overhead

    Phatic systems in digital society

    Get PDF
    In our contemporary society, phatic technologies routinely establish, develop and maintain personal and emotional relationships across time and space. This phenomenon is reminiscent of Giddensā€™ 1990 concept of abstract systems made of symbolic tokens and expert systems that dis-embed and re-embed public and professional life. In this paper, we develop social theory that aims to provide a better understanding of the prominent role of phatic technologies in society. We proceed in three stages: first, we critique and revise Giddensā€™ vague concept of symbolic tokens and its implications for time space distanciation by introducing novel concepts from measurement science. This focuses on forms of information that are relatively precise and communal. Secondly, building on our new formulation of abstract systems, we propose new sociological concepts, phatic systems and symbolic indicators, to enable social theory to explore and analyse the rise of phatic technologies. The concepts focus on the personal and emotional. Thirdly, reflecting on the fact that our digital society is held together by software, we introduce concepts from theoretical computer science to relate the abstract sociological idea of phatic systems and symbolic indicators to the concrete nature of digital data
    corecore