270,293 research outputs found
Portunes: analyzing multi-domain insider threats
The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties
Observation and abstract behaviour in specification and implementation of state-based systems
Classical algebraic specification is an accepted framework for specification. A criticism which applies is the
fact that it is functional, not based on a notion of state as most software development and implementation languages
are. We formalise the idea of a state-based object or abstract machine using algebraic means. In contrast to similar approaches we consider dynamic logic instead of equational logic as the framework for specification and implementation. The advantage is a more expressive language allowing us to specify safety and liveness conditions. It also allows a clearer distinction of functional and state-based parts which require different treatment in order to achieve behavioural abstraction when necessary. We shall in particular focus on abstract behaviour and observation. A behavioural notion of satisfaction for state-elements is needed in order to abstract from irrelevant details of the state realisation
A Case for Custom, Composable Composition Operators
Programming languages typically support a fixed set of com- position operators, with fixed semantics. This may impose limits on software designers, in case a desired operator or semantics are not supported by a language, resulting in suboptimal quality characteristics of the designed software system. We demonstrate this using the well-known State design pattern, and propose the use of a composition infrastructure that allows the designer to define custom, composable composition operators. We demonstrate how this approach improves several quality factors of the State design pattern, such as reusability and modularity, while taking a reason- able amount of effort to define the necessary pattern-related code
A Survey of Languages for Specifying Dynamics: A Knowledge Engineering Perspective
A number of formal specification languages for knowledge-based systems has been developed. Characteristics for knowledge-based systems are a complex knowledge base and an inference engine which uses this knowledge to solve a given problem. Specification languages for knowledge-based systems have to cover both aspects. They have to provide the means to specify a complex and large amount of knowledge and they have to provide the means to specify the dynamic reasoning behavior of a knowledge-based system. We focus on the second aspect. For this purpose, we survey existing approaches for specifying dynamic behavior in related areas of research. In fact, we have taken approaches for the specification of information systems (Language for Conceptual Modeling and TROLL), approaches for the specification of database updates and logic programming (Transaction Logic and Dynamic Database Logic) and the generic specification framework of abstract state machine
Provably correct Java implementations of Spi Calculus security protocols specifications
Spi Calculus is an untyped high level modeling language for security protocols, used for formal protocols specification and verification. In this paper, a type system for the Spi Calculus and a translation function are formally defined, in order to formalize the refinement of a Spi Calculus specification into a Java implementation. The Java implementation generated by the translation function uses a custom Java library. Formal conditions on such library are stated, so that, if the library implementation code satisfies such conditions, then the generated Java implementation correctly simulates the Spi Calculus specification. A verified implementation of part of the custom library is further presente
An Institutional Framework for Heterogeneous Formal Development in UML
We present a framework for formal software development with UML. In contrast
to previous approaches that equip UML with a formal semantics, we follow an
institution based heterogeneous approach. This can express suitable formal
semantics of the different UML diagram types directly, without the need to map
everything to one specific formalism (let it be first-order logic or graph
grammars). We show how different aspects of the formal development process can
be coherently formalised, ranging from requirements over design and Hoare-style
conditions on code to the implementation itself. The framework can be used to
verify consistency of different UML diagrams both horizontally (e.g.,
consistency among various requirements) as well as vertically (e.g.,
correctness of design or implementation w.r.t. the requirements)
Recommended from our members
Using formal methods to support testing
Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent
years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing
Update Consistency for Wait-free Concurrent Objects
In large scale systems such as the Internet, replicating data is an essential
feature in order to provide availability and fault-tolerance. Attiya and Welch
proved that using strong consistency criteria such as atomicity is costly as
each operation may need an execution time linear with the latency of the
communication network. Weaker consistency criteria like causal consistency and
PRAM consistency do not ensure convergence. The different replicas are not
guaranteed to converge towards a unique state. Eventual consistency guarantees
that all replicas eventually converge when the participants stop updating.
However, it fails to fully specify the semantics of the operations on shared
objects and requires additional non-intuitive and error-prone distributed
specification techniques. This paper introduces and formalizes a new
consistency criterion, called update consistency, that requires the state of a
replicated object to be consistent with a linearization of all the updates. In
other words, whereas atomicity imposes a linearization of all of the
operations, this criterion imposes this only on updates. Consequently some read
operations may return out-dated values. Update consistency is stronger than
eventual consistency, so we can replace eventually consistent objects with
update consistent ones in any program. Finally, we prove that update
consistency is universal, in the sense that any object can be implemented under
this criterion in a distributed system where any number of nodes may crash.Comment: appears in International Parallel and Distributed Processing
Symposium, May 2015, Hyderabad, Indi
- …