Défis pour le Génie de la Programmation et du Logiciel GDR CNRS GPL

National audienceCe document a été élaboré dans le cadre du groupement de recherche CNRS " Génie de la Programmation et du Logiciel " (GDR GPL) sous la direction de Laurence Duchien et de Yves Ledru, avec la collaboration des groupes de travail du GDR. Après un résumé synthétique des différentes contributions, ce document présente des problématiques qui ont été identifiées comme particulièrement importantes dans les années qui viennent dans les domaines du génie logiciel et de la programmation. Sans faire un recensement exhaustif, le repérage effectué par les groupes de travail du GDR GPL contribue à une cartographie du positionnement français et suggère plusieurs thématiques stratégiques dans ces domaines

Object Oriented Concepts Identification from Formal B Specifications

AbstractThis paper addresses the graphical representation of static aspects of B specifications, using UML class diagrams. These diagrams can help understand the specification for stakeholders who are not familiar with the B method, such as customers or certification authorities. The paper first discusses some rules for a preliminary derivation of a class diagram. It then studies the consistency of the concepts preliminarily identified from an object oriented point of view. A formal concept analysis technique is used to distinguish between consistent classes, attributes, associations and operations. The proposed technique is to incrementally add operations to the formal specification which automatically result in evolution of the class diagram

Approche formelle pour une Ingénierie des Modèles sûre

International audienceAujourd'hui les outils IDM ont atteint un bon niveau de maturité et sont de plus en plus adoptés dans le cadre d'applications complexes et critiques. Toutefois, des questions liées à la sûreté des systèmes qui en découlent restent encore ouvertes. Pour répondre à ces questions, nous proposons de ramener l'IDM dans le monde rigoureux des méthodes formelles. Nos principaux objectifs sont : (1) garantir la cohérence des correspondances entre méta-modèles au moyen d'un outil de preuve, en l'occurrence le prouveur de l'atelier B ; (2) être capable de certifier qu'une transformation de modèles préserve la sémantique des modèles source et cible ; et (3) utiliser des outils d'animation de spécifications pour simuler le comportement des différents modèles mis en jeu dans un cadre IDM

Extraction of Insider Attack Scenarios from a Formal Information System Modeling

International audienceThe early detection of potential threats during the modelling phase of a Secure Information System is required because it favours the design of a robust access control policy and the prevention of malicious behaviours during the system execution. This paper deals with internal attacks which can be made by people inside the organization. Such at- tacks are difficult to find because insiders have authorized system access and also may be familiar with system policies and procedures. We are in- terested in finding attacks which conform to the access control policy, but lead to unwanted states. These attacks are favoured by policies involving authorization constraints, which grant or deny access depending on the evolution of the functional Information System state. In this context, we propose to model functional requirements and their Role Based Access Control (RBAC) policies using B machines and then to formally reason on both models. In order to extract insider attack scenarios from these B specifications our approach first investigates symbolic behaviours. The use of a model-checking tool allows to exhibit, from a symbolic behaviour, an observable concrete sequence of operations that can be followed by an attacker. In this paper, we show how this combination of symbolic execution and model-checking allows to find out such insider attack sce- narios

B Formal Validation of ERTMS/ETCS Railway Operating Rules

The B method is a formal specification method and a means of formal verification and validation of safety-critical systems such as railway systems. In this short paper, we use the B4MSecure tool to transform the UML models, fulfilling requirements of European Railway Traffic Management System (ERTMS) operating rules, into B specifications in order to formally validate them

Modélisation et validation formelle des règles d'exploitation ferroviaires

Le système européen de surveillance du trafic ferroviaire (en anglais, European Rail Traffic Management System, ERTMS) est un système complexe de contrôle/commande et de signalisation ferroviaire mettant en ½uvre des règles européennes d'exploitation ferroviaires. Cet article propose une étude de cas basée sur deux scénarios extraits de ces règles, un scénario nominal d'autorisation de mouvement et un scénario exceptionnel de franchissement d'un arrêt. En effet, on trouve dans ces scénarios des aspects fonctionnels et de sécurité. Ces aspects nécessitent, d'une part, une modélisation fonctionnelle enrichie par des modèles décrivant la politique de sécurité et les autorisations données aux agents agissant sur le système, et d'autre part, une validation formelle. Pour ce faire, nous avons utilisé la plate-forme B4MSecure, fondée sur l'approche IDM (Ingénierie Dirigée par les Modèles), produisant à partir des modèles UML des spécifications formelles B. L'objectif de ces spécifications résultantes est de valider ces scénarios à l'aide d'outils d'animation et de preuve de spécifications B afin de garantir une analyse rigoureuse de la fonctionnalité et de la politique de sécurité

Test Generation and Evaluation from High-Level Properties for Common Criteria Evaluations - The TASCCC Testing Tool

International audienceIn this paper, we present a model-based testing tool resulting from a research project, named TASCCC. This tool is a complete tool chain dedicated to property-based testing in UML/OCL, that integrates various technologies inside a dedicated Eclipse plug-in. The test properties are expressed in a dedicated language based on property patterns. These properties are then used for two purposes. First, they can be employed to evaluate the relevance of a test suite according to specific coverage criteria. Second, it is possible to generate test scenarios that will illustrate or exercise the property. These test scenarios are then unfolded and animated on the Smartesting's CertifyIt model animator, that is used to filter out infeasible sequences. This tool has been used in industrial partnership, aiming at providing an assistance for Common Criteria evaluations, especially by providing test generation reports used to show the link between the test cases and the Common Criteria artefacts

Assessing changes in global fire regimes

PAGES, Past Global Changes, is funded by the Swiss Academy of Sciences and the Chinese Academy of Sciences and supported in kind by the University of Bern, Switzerland. Financial support was provided by the U.S. National Science Foundation award numbers 1916565, EAR-2011439, and EAR-2012123. Additional support was provided by the Utah Department of Natural Resources Watershed Restoration Initiative. SSS was supported by Brigham Young University Graduate Studies. MS was supported by National Science Centre, Poland (grant no. 2018/31/B/ST10/02498 and 2021/41/B/ST10/00060). JCA was supported by the European Union’s Horizon 2020 research and innovation program under the Marie Skłodowska-Curie grant agreement No 101026211. PF contributed within the framework of the FCT-funded project no. UIDB/04033/2020. SGAF acknowledges support from Trond Mohn Stiftelse (TMS) and University of Bergen for the startup grant ‘TMS2022STG03’. JMP participation in this research was supported by the Forest Research Centre, a research unit funded by Fundação para a Ciência e a Tecnologia I.P. (FCT), Portugal (UIDB/00239/2020). A.-LD acknowledge PAGES, PICS CNRS 06484 project, CNRS-INSU, Région Nouvelle-Aquitaine, University of Bordeaux DRI and INQUA for workshop support.Background The global human footprint has fundamentally altered wildfire regimes, creating serious consequences for human health, biodiversity, and climate. However, it remains difficult to project how long-term interactions among land use, management, and climate change will affect fire behavior, representing a key knowledge gap for sustainable management. We used expert assessment to combine opinions about past and future fire regimes from 99 wildfire researchers. We asked for quantitative and qualitative assessments of the frequency, type, and implications of fire regime change from the beginning of the Holocene through the year 2300. Results Respondents indicated some direct human influence on wildfire since at least ~ 12,000 years BP, though natural climate variability remained the dominant driver of fire regime change until around 5,000 years BP, for most study regions. Responses suggested a ten-fold increase in the frequency of fire regime change during the last 250 years compared with the rest of the Holocene, corresponding first with the intensification and extensification of land use and later with anthropogenic climate change. Looking to the future, fire regimes were predicted to intensify, with increases in frequency, severity, and size in all biomes except grassland ecosystems. Fire regimes showed different climate sensitivities across biomes, but the likelihood of fire regime change increased with higher warming scenarios for all biomes. Biodiversity, carbon storage, and other ecosystem services were predicted to decrease for most biomes under higher emission scenarios. We present recommendations for adaptation and mitigation under emerging fire regimes, while recognizing that management options are constrained under higher emission scenarios. Conclusion The influence of humans on wildfire regimes has increased over the last two centuries. The perspective gained from past fires should be considered in land and fire management strategies, but novel fire behavior is likely given the unprecedented human disruption of plant communities, climate, and other factors. Future fire regimes are likely to degrade key ecosystem services, unless climate change is aggressively mitigated. Expert assessment complements empirical data and modeling, providing a broader perspective of fire science to inform decision making and future research priorities.Peer reviewe

Identifying pre-conditions with the Z/EVES theorem prover

Starting from a graphical data model (a subset of the OMT object model), a skeleton of formal specification can be generated and completed to express several constraints and provide a precise formal data description. Then standard operations to modify instances of this data model can be systematically specified. Since these operations may invalidate the constraints, it is interesting to identify their preconditions. In this paper, the Z-EVES theorem prover is used to calculate and try to simplify the preconditions of these operations. Then, the developer may identify a set of conditions and use the prover to verify that they logically imply the pre-condition. Y. Ledru. Identifying pre-conditions with the Z/EVES theorem prover. In Proceedings of th

Towards the formal development of terminating reactive systems

Doctorat en sciences appliquées -- UCL, 199