22 research outputs found
Retrenching the Purse: Finite Exception Logs, and Validating the Small
The Mondex Electronic Purse is an outstanding example of industrial scale formal refinement, and was the first verification to achieve ITSEC level E6 certification. A formal abstract model and a formal concrete model were developed, and a formal refinement was hand-proved between them. Nevertheless, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. The retrenchment Tower Pattern is used to address one such issue in detail: the finiteness of the purse log (which records unsuccessful transactions). A retrenchment is constructed from the lowest level model of the purse system to a model in which logs are finite, and is then lifted to create two refinement developments of the purse, working at different levels of detail, and connected via retrenchments, forming the tower. The tower development is appropriately validated, vindicating the design used
Verifying the Mondex Case Study - The KeY Approach
The Mondex Case study is still the most substantial contribution
to the Grand Challenge repository. It has been the target of a
number of formal verification efforts. Those efforts
concentrated on correctness proofs for refinement steps of the
specification in various specification formalisms using
different verification tools. Here, the results of full
functional verification of a Javacard implementation of the case
study is reported. The functional behavior of the application
as well as the security properties to be proven were formalized
in JML and verified using the KeY tool, a
verification tool for deductive verifying Javacard code. The
implementation developed followed, as closely as possible, the
concrete layer of the case study\u27s original Z specification.
The result demonstrates that, with an appropriate specification
language and verification tool, it is possible to bridge the gap
between specification and implementation ensuring a fully
verified result. The complete material - source code, proofs
and binaries of the verification system - is available at
http://www.key-project.org/case_studies/mondex.htm
Event analytics
The process analysis toolkit (PAT) integrates the expressiveness of state, event, time, and probability-based languages with the power of model checking. PAT is a self-contained reasoning system for system specification, simulation, and verification. PAT currently supports a wide range of 12 different expressive modeling languages with many application domains and has attracted thousands of registered users from hundreds of organizations. In this invited talk, we will present the PAT system and its vision on āEvent Analyticsā (EA) which is beyond āData Analyticsā. The EA research is based on applying model checking to event planning, scheduling, prediction, strategy analysis and decision making. Various new EA research directions will be discussed.No Full Tex
A Survey of Practical Formal Methods for Security
In today's world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking, and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared, and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety-critical systems, and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends, and directions of research within this field
Formal Verification of an Electronic Voting System
Electronic voting (e-voting) systems that are used in public elections need to fulfil a broad range of strong requirements concerning both safety and security. Among these requirements are reliability, robustness, privacy of votes, coercion resistance and universal verifiability. Bugs in or manipulations of an e-voting system may have considerable influence on the life of the humans living in a country where such a system is used. Hence, e-voting systems are an obvious target for software verification.
In this paper, we report on an implementation of such a system in Java and the formal verification of functional properties thereof in the KeY verification system. Even though the actual components are clearly modularized, the challenge lies in the fact that we need to prove a highly nonlocal property: After all voters have cast their votes, the server calculates the correct votes for each candidate w.r.t. the original ballots. This kind of trace property is dificult to prove with static techniques like verification and typically yields a large specification overhead
Phatic systems in digital society
In our contemporary society, phatic technologies routinely establish, develop and maintain personal and emotional relationships across time and space. This phenomenon is reminiscent of Giddensā 1990 concept of abstract systems made of symbolic tokens and expert systems that dis-embed and re-embed public and professional life. In this paper, we develop social theory that aims to provide a better understanding of the prominent role of phatic technologies in society. We proceed in three stages: first, we critique and revise Giddensā vague concept of symbolic tokens and its implications for time space distanciation by introducing novel concepts from measurement science. This focuses on forms of information that are relatively precise and communal. Secondly, building on our new formulation of abstract systems, we propose new sociological concepts, phatic systems and symbolic indicators, to enable social theory to explore and analyse the rise of phatic technologies. The concepts focus on the personal and emotional. Thirdly, reflecting on the fact that our digital society is held together by software, we introduce concepts from theoretical computer science to relate the abstract sociological idea of phatic systems and symbolic indicators to the concrete nature of digital data
Recommended from our members
Topics in electronic money
There has been an increased interest on the electronification of payments systems in the last two decades in general and on electronic money (e-money) on particular in the last decade with increased computing power and decreased cost of communication. E-money did not only attract attention from the academicians but also from central bankers, financial supervisory authorities, treasuries, finance ministries and innovators and operators all around the world. The purpose of this thesis is fourfold. Firstly, it seeks to define and critically assess e-money including the expected functions, necessary features, its potentials and major implications for different sides of financial system. Secondly, it tries to present empirical evidence on the current stage of e-money technology with two case studies, namely Mondei and Digicash. Thirdly, it investigates the perception of e-money innovators and operators with an assumption that they have the power and influence on the future shape of e-money. This section includes the analysis of two European surveys and one additional comparative survey conducted in Miami, the US. Lastly, it studies the free banking implications of e-money covering the impact on monetary policy framework and monetary policy instruments including whether e-money should be regulated or not. The research finds that the current definitions given to the e-money phenomenon is incomplete and defines the necessary functions and features for the future success of e-money applications. It describes e-money trends in Europe and compares it to the US perception finding no serious differences although the FED and the ECB have different approaches to money. Another conclusion the thesis reached is that e-money may result in a new approach to central banking with a contestable framework through the synergies with free banking. Finally, e-money is not seen as a danger for the successful conduct of monetary policy and the thesis underlines that when it is `representative', regulation is possible whereas `independent'money issuance may manage to stay out of the coverage of conventional regulatory
frameworks