Proving Reachability in B using Substitution Refinement

AbstractThis paper proposes an approach to prove reachability properties of the form AG(ψ⇒EFϕ) using substitution refinement in classical B. Such properties denote that there exists an execution path for each state satisfying ψ to a state satisfying ϕ. These properties frequently occur in security policies and information systems. We show how to use Morganʼs specification statement to represent a property and refinement laws to prove it. The idea is to construct by stepwise refinement a program whose elementary statements are operation calls. Thus, the execution of such a program provides an execution satisfying AG(ψ⇒EFϕ). Proof obligations are represented using assertions (ASSERTIONS clause of B) and can be discharged using Atelier B

Preuve de propriétés dynamiques en B

Les propriétés que l on souhaite exprimer sur les applications système d information ne peuvent se restreindre aux propriétés statiques, dites propriétés d invariance, qui portent sur des états du système pris au même moment. En effet, certaines propriétés, dites propriétés dynamiques, peuvent faire référence à l état passé ou futur du système. Les travaux existants sur la vérification de telles propriétés utilisent généralement le model checking dont l efficacité pour le domaine des systèmes d information est plutôt réduite à cause de l explosion combinatoire de l espace des états. Aussi, les techniques, fondées sur la preuve, requièrent des connaissances assez avancées en termes de raisonnement mathématique et sont donc difficiles à mettre en œuvre d autant plus que ces dernières ne sont pas outillées. Pour palier ces limites, nous proposons dans cette thèse des méthodes de vérification de propriétés dynamiques basées sur la preuve en utilisant la méthode formelle B. Nous nous intéressons principalement aux propriétés d atteignabilité et de précédence pour lesquelles nous avons défini des méthodes de génération d obligations de preuve permettant de les prouver. Une propriété d atteignabilité permet d exprimer qu il existe au moins une exécution du système qui permet d atteindre un état cible à partir d un état initial donné. Par contre, la propriété de précédence permet de s assurer qu un état donné du système est toujours précédé par un autre état. Afin de rendre ces différentes approches opérationnelles, nous avons développé un outil support qui permet de décharger l utilisateur de la tâche de génération d obligations de preuve qui peut être longue et fastidieuseThe properties that we would like to express on data-intensive applications cannot be limited to static properties, called invariance properties, which depend on states taken at the same time. Indeed, some properties, called dynamic properties, may refer to the past or the future states of the system. Existing work on the verification of such properties typically use model checking whose effectiveness for data-intensive applications is rather limited due to the combinatorial explosion of the state space. In addition, the techniques, based on the proof, require fairly advanced knowledge and mathematical reasoning especially that they are not always supported by tools. To overcome these limitations, we propose in this thesis proof-based verification approaches that use the B formal method. We are mainly interested in reachability and precedence properties for which we defined formal rules to generate proof obligations that permit to discharge them. A reachability property expresses that there is at least one execution scenario that permits to reach a target state from a given initial state while a precedence property ensures that a given system state is always preceded by another state. To make these different approaches workable, we have developed a support tool that permits to discharge the users from tedious and error-prone tasksEVRY-INT (912282302) / SudocSudocFranceF

A systematic approach to generate B preconditions : application to the database domain

International audienceMaintaining integrity constraints in information systems is a real issue. In our previous work, we have defined a formal approach that derives B formal specifications from a UML description of the system. Basically, the generated B specification is composed of a set of variables modeling data and a set of operations representing transactions. The integrity constraints are directly specified as B invariant properties. So far, the operations we generate establish only a reduced class of constraints. In this paper, we describe a systematic approach to identify preconditions that take a larger class of invariants into account. The key idea is the definition of rewriting and simplification rules that we apply to the B invariants

An overview of a proof-based approach to detecting C vulnerabilities

International audienceThis paper gives an overview of a formal approach for detecting vulnerabilities in C programs using the B formal method. Vulnerabilities denote faults that may be introduced unintentionally into programs making them behave incorrectly. Such faults (or programing errors) may lead to unpredictable behavior and even worse well-motivated attackers may exploit them later to cause real damages. Basically, the proposed approach consists in translating the vulnerable aspects of a C program into a B specification. On this B specification proof and model checking activities are performed in order to detect the presence or absence of vulnerabilities. Compared to the existing vulnerability detection techniques, a proof-based approach permits to eliminate false alarms and denial of service attack

Génération de code à partir d'une spécification B: application aux bases de données

International audienc