Verifying safety properties of a nonlinear control by interactive theorem proving with the Prototype Verification System

Interactive, or computer-assisted, theorem proving is the verification of statements in a formal system, where the proof is developed by a logician who chooses the appropriate inference steps, in turn executed by an automatic theorem prover. In this paper, interactive theorem proving is used to verify safety properties of a nonlinear (hybrid) control system

Formal Verification in the Loop to Enhance Verification of Safety-Critical Cyber-physical Systems

Formal verification may play a central role in the development of safecontrollers, such as those found in electric drives or (semi-)autonomousvehicles, whose complexity arises from the coexistence ofmechanical and electrical subsystems with sophisticated electronic controllersthat must implement high-level control policies according to different drivingmodes, while optimizing several objectives, such as safety first and foremost,efficiency, and performance among others.  Model-driven development resorts tosimulation to assess how well the various requirements and constraints aresatisfied, but there is a growing awareness that more rigorous methods areneeded to achieve the required levels of safety.  This paper proposes aconceptual framework for the development of complex systems based on (i)higher-order logic specification, (ii) verification by theorem proving, and(iii) tight integration of verification with model-driven development andsimulation.  This framework addresses both digital and analog systems, asillustrated with some examples in different fields including implantablebiomedical systems, autonomous vehicles, and electric valve actuation

Towards a Formalization of System Requirements for an Integrated Clinical Environment

Interoperability of medical devices, and their interface to clinicians and patients, are critical issues for the safety and effectiveness of patient care. Ongoing efforts strive at establishing standards for integrated clinical environments, which may connect and co-ordinate several medical devices and interface them to patients, clinicians, and hospital information systems. In this paper, an approach to the formalization of system requirements for an integrated clinical environment is presented. The formalization relies on the higher-order logic language of the Prototype Verification System

A PVS-Simulink Integrated Environment for Model-Based Analysis of Cyber-Physical Systems

This paper presents a methodology, with supporting tool, for formal modeling and analysis of software components in cyber-physical systems. Using our approach, developers can integrate a simulation of logic-based specifications of software components and Simulink models of continuous processes. The integrated simulation is useful to validate the characteristics of discrete system components early in the development process. The same logic-based specifications can also be formally verified using the Prototype Verification System (PVS), to gain additional confidence that the software design complies with specific safety requirements. Modeling patterns are defined for generating the logic-based specifications from the more familiar automata-based formalism. The ultimate aim of this work is to facilitate the introduction of formal verification technologies in the software development process of cyber-physical systems, which typically requires the integrated use of different formalisms and tools. A case study from the medical domain is used to illustrate the approach. A PVS model of a pacemaker is interfaced with a Simulink model of the human heart. The overall cyber-physical system is co-simulated to validate design requirements through exploration of relevant test scenarios. Formal verification with the PVS theorem prover is demonstrated for the pacemaker model for specific safety aspects of the pacemaker design

Modeling communication network requirements for an integrated clinical environment in the Prototype Verification System

Health care practices increasingly rely on complex technological infrastructure, and new approaches to the integration of information and communication technology in those practices lead to the development of such concepts as integrated clinical environments and smart intensive care units. These concepts refer to hospital settings where therapy relies heavily on inter-operating medical devices, supervised by clinicians assisted by advanced monitoring and co-ordinating software. In order to ensure safety and effectiveness of patient care, it is necessary to specify the requirements of such socio-technical systems in the most rigorous and precise way. This paper presents an approach to the formalization of system requirements for communication networks deployed in integrated clinical environment, based on the higher-order logic language of a theorem-proving environment, the Prototype Verification System

Extending a user interface prototyping tool with automatic MISRA~C code generation

We are concerned with systems, particularly safety-critical systems, that involve interaction between users and devices, such as the user interface of medical devices. We therefore developed a MISRA~C code generator for formal models expressed in the PVSio-web prototyping toolkit. PVSio-web allows developers to rapidly generate realistic interactive prototypes for verifying usability and safety requirements in human-machine interfaces. The visual appearance of the prototypes is based on a picture of a physical device, and the behaviour of the prototype is defined by an executable formal model. Our approach transforms the PVSio-web prototyping tool into a model-based engineering toolkit that, starting from a formally verified user interface design model, will produce MISRA~C code that can be compiled and executed for a final product. An initial validation of our tool is presented for the data entry system of an actual medical device

A framework for formal analysis and simulative evaluation of security attacks in wireless sensor networks

AbstractWhen designing Wireless Sensor Networks it is important to analyze their security risks and provide adequate solutions for protecting them from malicious attacks. Unfortunately, perfect security cannot be achieved, for performance reasons. Therefore, designers have to devise security priorities, and select security mechanisms accordingly. However, in the early stages of the design process, the concrete effects of security attacks on the system may not be clearly identified. In this paper, we propose a framework that integrates formal verification and network simulation for enabling designers to evaluate the effects of attacks, identify possible security mechanisms, and evaluate their effectiveness, since design time. Formal methods are used to build the abstract model of the application, together with a set of attacks, and to state properties of general validity. The simulator measures the impact of the attacks in terms of common network parameters, like energy consumption or computational effort. Such information can be used to select adequate security mechanisms, then the initial abstract model can be refined to adopt them, and finally prove that former system properties are still verified. The framework relies on UPPAAL for formal modeling and verification and uses the Attack Simulation Framework on top of Castalia as a network simulator. As proof of concept, a case study is shown

Exploiting Model Checking for Mobile Botnet Detection

Android malware is increasing from the point of view of the complexity and the harmful actions. As a matter fact, malware writers are developing sophisticated techniques to infect mobile devices very closed to their counterpart for personal computers. One of these threats is represented by the possibility to control the infected devices from the attacker i.e., the so-called botnet. In this paper a method able to identify botnet in Android environment through model checking is proposed. Starting from the malicious payload definition, the proposed method is able to detect and to localize the code related to the malicious botnet. We experiment real-world botnet based Android malware, obtaining encouraging results

Block-Based Models and Theorem Proving in Model-Based Development

This paper presents a methodology to integrate computer-assisted theorem proving into a standard workflow for model-based development that uses a block-based language as a modeling and simulation tool. The theorem prover provides confidence in the results of the analysis as it guides the developers towards a correct formalization of the system under developmen

Verifying Data Secure Flow in AUTOSAR Models by Static Analysis

This paper presents a method to check data secure flow in security annotated AUTOSAR models. The approach is based on information flow analysis and abstract interpretation. The analysis computes the lowest security level of data sent on a communication, according to the annotations in the model and the code of runnables. An abstract interpreter executes runnables on abstract domains that abstract from real values and consider only data dependency levels. Data secure flow is verified if data sent on a communication always satisfy the security annotation in the model. The work has been developed in the EU project Safure, where modeling extensions to AUTOSAR have been proposed to improve security in automotive communications