26,668 research outputs found
Multilevel Contracts for Trusted Components
This article contributes to the design and the verification of trusted
components and services. The contracts are declined at several levels to cover
then different facets, such as component consistency, compatibility or
correctness. The article introduces multilevel contracts and a
design+verification process for handling and analysing these contracts in
component models. The approach is implemented with the COSTO platform that
supports the Kmelia component model. A case study illustrates the overall
approach.Comment: In Proceedings WCSI 2010, arXiv:1010.233
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Globally reasoning about localised security policies in distributed systems
In this report, we aim at establishing proper ways for model checking the
global security of distributed systems, which are designed consisting of set of
localised security policies that enforce specific issues about the security
expected.
The systems are formally specified following a syntax, defined in detail in
this report, and their behaviour is clearly established by the Semantics, also
defined in detail in this report. The systems include the formal attachment of
security policies into their locations, whose intended interactions are trapped
by the policies, aiming at taking access control decisions of the system, and
the Semantics also takes care of this.
Using the Semantics, a Labelled Transition System (LTS) can be induced for
every particular system, and over this LTS some model checking tasks could be
done. We identify how this LTS is indeed obtained, and propose an alternative
way of model checking the not-yet-induced LTS, by using the system design
directly. This may lead to over-approximation thereby producing imprecise,
though safe, results. We restrict ourselves to finite systems, in the sake of
being certain about the decidability of the proposed method.
To illustrate the usefulness and validity of our proposal, we present 2 small
case-study-like examples, where we show how the system can be specified, which
policies could be added to it, and how to decide if the desired global security
property is met.
Finally, an Appendix is given for digging deeply into how a tool for
automatically performing this task is being built, including some
implementation issues. The tool takes advantage of the proposed method, and
given some system and some desired global security property, it safely (i.e.
without false positives) ensures satisfaction of it
Finding The Lazy Programmer's Bugs
Traditionally developers and testers created huge numbers of explicit tests, enumerating interesting cases, perhaps
biased by what they believe to be the current boundary conditions of the function being tested. Or at
least, they were supposed to.
A major step forward was the development of property testing. Property testing requires the user to write a few
functional properties that are used to generate tests, and requires an external library or tool to create test data
for the tests. As such many thousands of tests can be created for a single property. For the purely functional
programming language Haskell there are several such libraries; for example QuickCheck [CH00], SmallCheck
and Lazy SmallCheck [RNL08].
Unfortunately, property testing still requires the user to write explicit tests. Fortunately, we note there are
already many implicit tests present in programs. Developers may throw assertion errors, or the compiler may
silently insert runtime exceptions for incomplete pattern matches.
We attempt to automate the testing process using these implicit tests. Our contributions are in four main
areas: (1) We have developed algorithms to automatically infer appropriate constructors and functions needed
to generate test data without requiring additional programmer work or annotations. (2) To combine the
constructors and functions into test expressions we take advantage of Haskell's lazy evaluation semantics by
applying the techniques of needed narrowing and lazy instantiation to guide generation. (3) We keep the type
of test data at its most general, in order to prevent committing too early to monomorphic types that cause
needless wasted tests. (4) We have developed novel ways of creating Haskell case expressions to inspect elements
inside returned data structures, in order to discover exceptions that may be hidden by laziness, and to make
our test data generation algorithm more expressive.
In order to validate our claims, we have implemented these techniques in Irulan, a fully automatic tool for
generating systematic black-box unit tests for Haskell library code. We have designed Irulan to generate high
coverage test suites and detect common programming errors in the process
- …