Object Oriented Concepts Identification from Formal B Specifications

AbstractThis paper addresses the graphical representation of static aspects of B specifications, using UML class diagrams. These diagrams can help understand the specification for stakeholders who are not familiar with the B method, such as customers or certification authorities. The paper first discusses some rules for a preliminary derivation of a class diagram. It then studies the consistency of the concepts preliminarily identified from an object oriented point of view. A formal concept analysis technique is used to distinguish between consistent classes, attributes, associations and operations. The proposed technique is to incrementally add operations to the formal specification which automatically result in evolution of the class diagram

Approche formelle pour une Ingénierie des Modèles sûre

International audienceAujourd'hui les outils IDM ont atteint un bon niveau de maturité et sont de plus en plus adoptés dans le cadre d'applications complexes et critiques. Toutefois, des questions liées à la sûreté des systèmes qui en découlent restent encore ouvertes. Pour répondre à ces questions, nous proposons de ramener l'IDM dans le monde rigoureux des méthodes formelles. Nos principaux objectifs sont : (1) garantir la cohérence des correspondances entre méta-modèles au moyen d'un outil de preuve, en l'occurrence le prouveur de l'atelier B ; (2) être capable de certifier qu'une transformation de modèles préserve la sémantique des modèles source et cible ; et (3) utiliser des outils d'animation de spécifications pour simuler le comportement des différents modèles mis en jeu dans un cadre IDM

Extraction of Insider Attack Scenarios from a Formal Information System Modeling

International audienceThe early detection of potential threats during the modelling phase of a Secure Information System is required because it favours the design of a robust access control policy and the prevention of malicious behaviours during the system execution. This paper deals with internal attacks which can be made by people inside the organization. Such at- tacks are difficult to find because insiders have authorized system access and also may be familiar with system policies and procedures. We are in- terested in finding attacks which conform to the access control policy, but lead to unwanted states. These attacks are favoured by policies involving authorization constraints, which grant or deny access depending on the evolution of the functional Information System state. In this context, we propose to model functional requirements and their Role Based Access Control (RBAC) policies using B machines and then to formally reason on both models. In order to extract insider attack scenarios from these B specifications our approach first investigates symbolic behaviours. The use of a model-checking tool allows to exhibit, from a symbolic behaviour, an observable concrete sequence of operations that can be followed by an attacker. In this paper, we show how this combination of symbolic execution and model-checking allows to find out such insider attack sce- narios

Modélisation et validation formelle des règles d'exploitation ferroviaires

Le système européen de surveillance du trafic ferroviaire (en anglais, European Rail Traffic Management System, ERTMS) est un système complexe de contrôle/commande et de signalisation ferroviaire mettant en ½uvre des règles européennes d'exploitation ferroviaires. Cet article propose une étude de cas basée sur deux scénarios extraits de ces règles, un scénario nominal d'autorisation de mouvement et un scénario exceptionnel de franchissement d'un arrêt. En effet, on trouve dans ces scénarios des aspects fonctionnels et de sécurité. Ces aspects nécessitent, d'une part, une modélisation fonctionnelle enrichie par des modèles décrivant la politique de sécurité et les autorisations données aux agents agissant sur le système, et d'autre part, une validation formelle. Pour ce faire, nous avons utilisé la plate-forme B4MSecure, fondée sur l'approche IDM (Ingénierie Dirigée par les Modèles), produisant à partir des modèles UML des spécifications formelles B. L'objectif de ces spécifications résultantes est de valider ces scénarios à l'aide d'outils d'animation et de preuve de spécifications B afin de garantir une analyse rigoureuse de la fonctionnalité et de la politique de sécurité

B Formal Validation of ERTMS/ETCS Railway Operating Rules

The B method is a formal specification method and a means of formal verification and validation of safety-critical systems such as railway systems. In this short paper, we use the B4MSecure tool to transform the UML models, fulfilling requirements of European Railway Traffic Management System (ERTMS) operating rules, into B specifications in order to formally validate them

Model driven secure web applications: The SeWAT platform

International audienceModel driven security (MDS) is a well known approach in the access control domain. It proposes a security-by-design approach intended to link the encoded policy to the security policy modeling. However, this technique does not tie in the specificity and heterogeneity of web applications and hence the proposed model-to-code transformation doesn't fit the needs of web architects. Consequently, web applications are mainly hand-coded, or correspond to legacy code developed before the implementation of security mechanisms. Security concerns are mixed with the application code and hence it is difficult to understand the policy in order to maintain, correct, or evolve it. This work deals with access control mechanisms following the RBAC pattern. Our work proposes a toolset dedicated to modeling and deployment of an acces control engine for a web application assuming that the functional part of the application is developed following a classical process. Our technique tries to reconcile modeling, validation and implementation of role-based security policies, and favours model driven security in the context of web applications. The toolset allows developers to graphically model an MVC web application by making links to its requirements and then generates a security filter from the web application's model. This technique guaranties that the deployed access control policy is conformant to its specification and associated validation activities

The B Method Meets MDE: Review, Progress and Future

International audienceExisting surveys about language workbenches (LWBs) ranging from 2006 to 2019 observe a poor usage of formal methods within domain-specific languages (DSLs) and call for identifying the reasons. We believe that the lack of automated formal reasoning in LWBs, and more generally in MDE, is not due to the complexity of formal methods and their mathematical background, but originates from the lack of initiatives that are dedicated to the integration of existing tools and techniques. To this aim we developed the Meeduse LWB and investigated the use of the B method to rigorously define the semantics of DSLs. The current applications of Meeduse show that the integration of DSLs together with theorem proving, animation and model-checking is viable and should be explored further. This technique is especially interesting for executable DSLs (xDSLs), which are DSLs with behavioural features. This paper is a review of our Formal MDE (FMDE) approach for xDSLs and a proposal for new avenues of investigation

UML models engineering from static and dynamic aspects of formal specifications

International audienceWhile formal methods are focused on some particular parts of software systems, especially secure ones, graphical techniques are the most useful techniques to specify in a comprehensible way large and complex systems. In this paper we deal with the B method which is a formal method used to model systems and prove their correctness by successive refinements. Our goal is to produce graphical UML views from existing formal B specifications in order to ease their readability and then help their external validation. In fact, such views can be useful for various stakeholders in a formal development process: they are intended to support the understanding of the formal specifications by the requirements holders and the certification authorities; they can also be used by the B developers to get an alternate view on their work. In this paper, we propose an MDE framework to support the derivation of UML class and state/transition diagrams from B specifications. Our transformation process is based on a reverse-engineering technique guided by a set of structural and semantic mappings specified on a meta-level

Ingénierie Formelle Dirigée par les Modèles

My research works are dedicated to the integration of two well known paradigms: Formal Methods (FM) and Model-Driven Engineering (MDE). This integration is called Formal MDE (FMDE) all along the current document. In fact, several works have been already done in order to strengthen the MDE paradigm with formal reasoning, and therefore make it more viable as far as safety and security concerns have to be addressed. When taken separately, these works provide a partial coverage of MDE, but when combined they can address a wide range of models and languages. During the last decade, I investigated two directions in which the FMDE paradigm proved its value: (\emph{i})~Model-Driven Security~(MDS), and (\emph{ii})~Domain-Specific Languages~(DSLs). Under the MDE umbrella, both the MDS and DSL communities advocate for the use of models throughout the development process, providing solutions to the validation problem (`\emph{do the right system}'). Nonetheless, the verification problem (`\emph{do the system right}') is still a major challenge, perhaps because formal reasoning (\emph{i.e.}~model-checking and/or theorem proving) was not apart of the MDE initiative. To be pragmatic my contributions build on well-established notations: mainly UML and B, and $-$ at a smaller scale $-$ BPMN, CSP, Z and Petri-Nets. Besides, the obtained results can be inspiring and, in my opinion, should be extended with other (semi-)formal languages, which would confer to FMDE a broader spectrum. This document summarizes for every research direction (respectively MDS and DSLs) the challenges that guided my works, and give an overview of my contributions and publications in the field

A Lightweight Development of Outbreak Prevention Strategies Built on Formal Methods and xDSLs

International audienc