113 research outputs found
Proving Reachability in B using Substitution Refinement
AbstractThis paper proposes an approach to prove reachability properties of the form AG(ψ⇒EFϕ) using substitution refinement in classical B. Such properties denote that there exists an execution path for each state satisfying ψ to a state satisfying ϕ. These properties frequently occur in security policies and information systems. We show how to use Morganʼs specification statement to represent a property and refinement laws to prove it. The idea is to construct by stepwise refinement a program whose elementary statements are operation calls. Thus, the execution of such a program provides an execution satisfying AG(ψ⇒EFϕ). Proof obligations are represented using assertions (ASSERTIONS clause of B) and can be discharged using Atelier B
Model-Based Robustness Testing in Event-B Using Mutation
International audienceRobustness testing aims at finding errors in a system under invalid conditions, such as unexpected inputs. We propose a robust-ness testing approach for Event-B based on specification mutation and model-based testing. We assume that a specification describes the valid inputs of a system. By applying negation rules, we mutate the precondition of events to explore invalid behaviour. Tests are generated from the mutated specification using ProB. ProB has been adapted to efficiently process mutated events. Mutated events are statically checked for satisfiability and enability using constraint satisfaction, to prune the transition search space. This has dramatically improve the performance of test generation. The approach is applied to the Java Card bytecode verifier. Large mutated specifications (containing 921 mutated events) can be easily tackled to ensure a good coverage of the robustness test space
Development of monitoring systems for anomaly detection using ASTD specifications
Anomaly-based intrusion detection systems are essential defenses against
cybersecurity threats because they can identify anomalies in current
activities. However, these systems have difficulties providing entity
processing independence through a programming language. In addition, a
degradation of the detection process is caused by the complexity of scheduling
the training and detection processes, which are required to keep the anomaly
detection system continuously updated. This paper shows how to use the
algebraic state-transition diagram (ASTD) language to develop flexible anomaly
detection systems. This paper provides a model for detecting point anomalies
using the unsupervised non-parametric technique Kernel Density Estimation to
estimate the probability density of event occurrence. The proposed model caters
for both the training and the detection phase continuously. The ASTD language
streamlines the modeling of detection systems thanks to its process algebraic
operators that provide a solution to overcome these challenges. By delegating
the combination of anomaly-based detection processes to the ASTD language, the
effort and complexity are reduced during detection models development. Finally,
using a qualitative evaluation, this study demonstrates that the algebraic
operators in the ASTD specification language overcome these challenges
Preuve de propriétés dynamiques en B
Les propriétés que l on souhaite exprimer sur les applications système d information ne peuvent se restreindre aux propriétés statiques, dites propriétés d invariance, qui portent sur des états du système pris au même moment. En effet, certaines propriétés, dites propriétés dynamiques, peuvent faire référence à l état passé ou futur du système. Les travaux existants sur la vérification de telles propriétés utilisent généralement le model checking dont l efficacité pour le domaine des systèmes d information est plutôt réduite à cause de l explosion combinatoire de l espace des états. Aussi, les techniques, fondées sur la preuve, requièrent des connaissances assez avancées en termes de raisonnement mathématique et sont donc difficiles à mettre en œuvre d autant plus que ces dernières ne sont pas outillées. Pour palier ces limites, nous proposons dans cette thèse des méthodes de vérification de propriétés dynamiques basées sur la preuve en utilisant la méthode formelle B. Nous nous intéressons principalement aux propriétés d atteignabilité et de précédence pour lesquelles nous avons défini des méthodes de génération d obligations de preuve permettant de les prouver. Une propriété d atteignabilité permet d exprimer qu il existe au moins une exécution du système qui permet d atteindre un état cible à partir d un état initial donné. Par contre, la propriété de précédence permet de s assurer qu un état donné du système est toujours précédé par un autre état. Afin de rendre ces différentes approches opérationnelles, nous avons développé un outil support qui permet de décharger l utilisateur de la tâche de génération d obligations de preuve qui peut être longue et fastidieuseThe properties that we would like to express on data-intensive applications cannot be limited to static properties, called invariance properties, which depend on states taken at the same time. Indeed, some properties, called dynamic properties, may refer to the past or the future states of the system. Existing work on the verification of such properties typically use model checking whose effectiveness for data-intensive applications is rather limited due to the combinatorial explosion of the state space. In addition, the techniques, based on the proof, require fairly advanced knowledge and mathematical reasoning especially that they are not always supported by tools. To overcome these limitations, we propose in this thesis proof-based verification approaches that use the B formal method. We are mainly interested in reachability and precedence properties for which we defined formal rules to generate proof obligations that permit to discharge them. A reachability property expresses that there is at least one execution scenario that permits to reach a target state from a given initial state while a precedence property ensures that a given system state is always preceded by another state. To make these different approaches workable, we have developed a support tool that permits to discharge the users from tedious and error-prone tasksEVRY-INT (912282302) / SudocSudocFranceF
- …