An IDE for the Design, Verification and Implementation of Security Protocols

Security protocols are critical components for the construction of secure and dependable distributed applications, but their implementation is challenging and error prone. Therefore, tools for formal modelling and analysis of security protocols can be potentially very useful to support software engineers. However, despite such tools having been available for a long time, their adoption outside the research community has been very limited. In fact, most practitioners find such applications too complex and hardly usable for their daily work. In this paper, we present an Integrated Development Environment for the design, verification and implementation of security protocols, aimed at lowering the adoption barrier of formal methods tools for security. In the spirit of Model Driven Development, the environment supports the user in the specification of the model using the simple and intuitive language AnB (and its extension AnBx). Moreover, it provides a push-button solution for the formal verification of the abstract and concrete models, and for the automatic generation of Java implementation. This Eclipse-based IDE leverages on existing languages and tools for the modelling and verification of security protocols, such as the AnBx Compiler and Code Generator, the model checker OFMC and the cryptographic protocol verifier ProVerif

Automated testing of Hypermedia REST applications

Testimine on oluline osa tarkvaraarenduse elutsüklis ja testidel põhinev arendamine on üks peamistest praktikatest Agile metoodikas. Tihti keskenduvad programmeerijad RESTful rakenduse loomise protsessis äriloogika testimisele ja unustavad kontrollida protokolli, mis teostab REST interaktsioone. Selles kontekstis pakutakse välja tööriist, mis automatiseerib testide genereerimist ja teostab interaktsioone RESTful rakendusega. Tööriist võtab sisendiks kasutuslood, mis on koostatud Gherkini kitsendatud versiooniga. See on domeenispetsiifiline keel käitumispõhiseks arenduseks. Kasutuslood, mis on kirjutatud selles Gherkini variandis, hõlmavad REST rakenduse poolt nõutud interaktsioone sellisel viisil, et neist on võimalik genereerida teste. Veelgi enam, tööriist genereerib samalt kasutusloolt täisfunktsionaalse pseudoteostuse.\n\rProgrammeerijad saavad kasutada neid pseudoteostusi kliendipoole arendamiseks, vajamata REST rakenduse tegelikku teostust. Käesolev töö tutvustab tööriista kasutust ja disainiprintsiipe ning esitab näite selle kasutamisest.Testing is one essential part of the software development lifecycle and Test Driven Development is one of the main practices in agile methodology. During the development of a RESTful web application, developers oftentimes focus only in testing the business logic and neglect testing the protocol implementing REST interactions. In this context, we propose a tool to automate the generation of test cases that exercise the interactions required by a RESTful application. The tool takes as input user stories written in restricted version of Gherkin, a widely use domain specific language for behaviour driven development. User stories written in this variant of Gherkin capture the essence of the interactions required by a REST application in a way that it is possible to derive test cases from them. Moreover, the tool derives fully functional mock implementations from the same input user story. Such mock implementations can be then used by programmers to develop the client side without requiring the actual implementation of the REST application. This document introduces the design principles and implementation of the tool and presents a study case showcasing its use

Quantitative Security Risk Modeling and Analysis with RisQFLan

Domain-specific quantitative modeling and analysis approaches are fundamental in scenarios in which qualitative approaches are inappropriate or unfeasible. In this paper, we present a tool-supported approach to quantitative graph-based security risk modeling and analysis based on attack-defense trees. Our approach is based on QFLan, a successful domain-specific approach to support quantitative modeling and analysis of highly configurable systems, whose domain-specific components have been decoupled to facilitate the instantiation of the QFLan approach in the domain of graph-based security risk modeling and analysis. Our approach incorporates distinctive features from three popular kinds of attack trees, namely enhanced attack trees, capabilities-based attack trees and attack countermeasure trees, into the domain-specific modeling language. The result is a new framework, called RisQFLan, to support quantitative security risk modeling and analysis based on attack-defense diagrams. By offering either exact or statistical verification of probabilistic attack scenarios, RisQFLan constitutes a significant novel contribution to the existing toolsets in that domain. We validate our approach by highlighting the additional features offered by RisQFLan in three illustrative case studies from seminal approaches to graph-based security risk modeling analysis based on attack trees

Domain-specific languages for modeling and simulation

Simulation models and simulation experiments are increasingly complex. One way to handle this complexity is developing software languages tailored to specific application domains, so-called domain-specific languages (DSLs). This thesis explores the potential of employing DSLs in modeling and simulation. We study different DSL design and implementation techniques and illustrate their benefits for expressing simulation models as well as simulation experiments with several examples.Simulationsmodelle und -experimente werden immer komplexer. Eine Möglichkeit, dieser Komplexität zu begegnen, ist, auf bestimmte Anwendungsgebiete spezialisierte Softwaresprachen, sogenannte domänenspezifische Sprachen (\emph{DSLs, domain-specific languages}), zu entwickeln. Die vorliegende Arbeit untersucht, wie DSLs in der Modellierung und Simulation eingesetzt werden können. Wir betrachten verschiedene Techniken für Entwicklung und Implementierung von DSLs und illustrieren ihren Nutzen für das Ausdrücken von Simulationsmodellen und -experimenten anhand einiger Beispiele

AMon: A domain-specific language and framework for adaptive monitoring of Cyber–Physical Systems

Cyber–Physical Systems (CPS) are increasingly used in safety–critical scenarios where ensuring their correct behavior at runtime becomes a crucial task. Therefore, the behavior of the CPS needs to be monitored at runtime so that violations of requirements can be detected. With the inception of edge devices that facilitate runtime analysis at the edge and the increasingly diverse environments that CPS operate in, flexible monitoring approaches are needed that consider the data that needs to be monitored and the analyses performed on that data. In this paper, we propose AMon, a flexible adaptive monitoring framework that supports the specification and validation of monitoring adaptation rules, using a domain-specific language. Based on these rules, AMon automatically generates code for direct deployment onto devices. We evaluated AMon by applying it to TurtleBot Robots and a fleet of Unmanned Aerial Vehicles. Furthermore, we conducted a user study assessing the understandability and ease of use of our language. Results show that creating multiple adaptation rules with our DSL is feasible with minimal effort, and that adaptive monitoring can reduce the amount of runtime data transmitted from the edge device according to the current state of the system and its monitoring needs

Symbolic Model-Checking using ITS-tools

International audienceWe present the symbolic model-checking toolset ITS-tools. The model-checking back-end engine is based on hierarchical set decision diagrams (SDD) and supports reachability, CTL and LTL model-checking, using both classical and original algorithms. As front-end input language, we promote a Guarded Action Language (GAL), a simple yet expressive language for concurrency. Transformations from popular formalisms into GAL are provided enabling fully symbolic model-checking of third party (Uppaal, Spin, Divine...) specifications. The tool design allows to easily build your own transformation, leveraging tools from the meta-modeling community. The ITS-tools additionally come with a user friendly GUI embedded in Eclipse