28,019 research outputs found
Automatic Verification of Message-Based Device Drivers
We develop a practical solution to the problem of automatic verification of
the interface between device drivers and the OS. Our solution relies on a
combination of improved driver architecture and verification tools. It supports
drivers written in C and can be implemented in any existing OS, which sets it
apart from previous proposals for verification-friendly drivers. Our
Linux-based evaluation shows that this methodology amplifies the power of
existing verification tools in detecting driver bugs, making it possible to
verify properties beyond the reach of traditional techniques.Comment: In Proceedings SSV 2012, arXiv:1211.587
A formal verification framework and associated tools for enterprise modeling : application to UEML
The aim of this paper is to propose and apply a verification and validation approach to Enterprise Modeling that enables the user to improve the relevance and correctness, the suitability and coherence of a model by using properties specification and formal proof of properties
A novel workflow management system for handling dynamic process adaptation and compliance
Modern enterprise organisations rely on dynamic processes. Generally these processes cannot be modelled once and executed repeatedly without change. Enterprise processes may evolve unpredictably according to situations that cannot always be prescribed. However, no mechanism exists to ensure an updated process does not violate any compliance requirements.
Typical workflow processes may follow a process definition and execute several thousand instances using a workflow engine without any changes. This is suitable for routine business processes. However, when business processes need flexibility, adaptive features are needed. Updating processes may violate compliance requirements so automatic verification of compliance checking is necessary. The research work presented in this Thesis investigates the problem of current workflow technology in defining, managing and ensuring the specification and execution of business processes that are dynamic in nature, combined with policy standards throughout the process lifycle.
The findings from the literature review and the system requirements are used to design the proposed system architecture. Since a two-tier reference process model is not sufficient as a basis for the reference model for an adaptive and compliance workflow management system, a three-tier process model is proposed. The major components of the architecture consist of process models, business rules and plugin modules. This architecture exhibits the concept of user adaptation with structural checks and dynamic adaptation with data-driven checks.
A research prototype - Adaptive and Compliance Workflow Management System (ACWfMS) - was developed based on the proposed system architecture to implement core services of the system for testing and evaluation purposes. The ACWfMS enables the development of a workflow management tool to create or update the process models. It automatically validates compliance requirements and, in the case of violations, visual feedback is presented to the user. In addition, the architecture facilitates process migration to manage specific instances with modified definitions. A case study based on the postgraduate research process domain is discussed
Static Enforcement of Role-Based Access Control
We propose a new static approach to Role-Based Access Control (RBAC) policy
enforcement. The static approach we advocate includes a new design methodology,
for applications involving RBAC, which integrates the security requirements
into the system's architecture. We apply this new approach to policies
restricting calls to methods in Java applications. We present a language to
express RBAC policies on calls to methods in Java, a set of design patterns
which Java programs must adhere to for the policy to be enforced statically,
and a description of the checks made by our static verifier for static
enforcement.Comment: In Proceedings WWV 2014, arXiv:1409.229
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
- ā¦