Mechanical verification of concurrency control and recovery protocols

The thesis concerns the formal specification and mechanized verification of concurrency control and recovery protocols for distributed databases. Such protocols are needed for many modern application such as banking and are often used in safety-critical applications. Therefore it is very important to guarantee their correctness. One method to increase the confidence in the correctness of a protocol is its formal verification. In this thesis a number of important concurrency control and recovery protocolshave been specified in the language of the verification system PVS. The interactive theorem prover of PVS has been used to verify their correctness. In the first part of the thesis, the notions of conflict and view serializability have been formalized. A method to verify conflict serializability has been formulated in PVS and proved to be sound and complete with the proof checker of PVS. The method has been used to verify a few basic protocols. Next we present a systematic way to extend these protocols with new actions and control information. We show that if such an extension satisfies a few simple correctness conditions, the new protocol is serializable by construction. In the existing literature, the protocols for concurrency control, single-site recovery and distributed recovery are often studied in isolation, making strong assumptions about each other. The problem of combining them in a formal way is largely ignored. To study the formal verification of combined protocols, we specify in the second part of the thesis a transaction processing system, integrating strict two-phase locking, undo/redo recovery and two-phase commit. In our method, the locking and undo/redo mechanism at distributed sites is defined by state machines, whereas the interaction between sites according to the two-phase commit protocol is specified by assertions. We proved with PVS that our system satisfies atomicity, durability and serializability properties. The final part of the thesis presents the formal verification of atomic commitment protocols for distributed recovery. In particular, we consider the non-blocking protocol of Babaoglu and Toueg, combined with our own termination protocol for recovered participants. A new method to specify such protocols has been developed. In this method, timed state machines are used to specify the processes, whereas the communication mechanism between processes is defined using assertions. All safety and liveness properties, including a new improved termination property, have been proved with the interactive proof checker of PVS.We also show that the original termination protocol of Babaoglu and Toueg has an error

Compensation methods to support cooperative applications: A case study in automated verification of schema requirements for an advanced transaction model

Compensation plays an important role in advanced transaction models, cooperative work and workflow systems. A schema designer is typically required to supply for each transaction another transaction to semantically undo the effects of . Little attention has been paid to the verification of the desirable properties of such operations, however. This paper demonstrates the use of a higher-order logic theorem prover for verifying that compensating transactions return a database to its original state. It is shown how an OODB schema is translated to the language of the theorem prover so that proofs can be performed on the compensating transactions

Дедуктивная верификация протокола скользящего окна

We consider the well-known Sliding Window Protocol which provides reliable and efficient transmission of data over unreliable channels. A formal proof of correctness for this protocol faces substantial difficulties caused by a high degree of parallelism which creates a significant potential for errors. Here we consider a version of the protocol that is based on selective repeat of frames. The specification of the protocol by a state machine and its safety property are represented in the language of the verification system PVS. Using the PVS system, we give an interactive proof of this property of the Sliding Window Protocol.Рассматривается известный протокол скользящего окна, который обеспечивает надёжную и эффективную передачу данных по ненадёжным каналам. Формальное доказательство корректности этого протокола требует преодоления существенных трудностей, связанных с высокой степенью параллелизма, которая создаёт значительные возможности для ошибок. Здесь рассматривается версия данного протокола, основанная на выборочном повторе кадров. На языке системы верификации PVS описаны спецификация этого протокола с помощью машины состояний и его свойство безопасности. С помощью системы PVS проведено в интерактивном режиме доказательство этого свойства протокола скользящего окна

RITA: RIsk-aware Trust-based Architecture for collaborative multi-hop vehicular communications

This is the pre-peer reviewed version of the following article: Kerrache, C. A., Calafate, C. T., Lagraa, N., Cano, J. C., & Manzoni, P. (2016). RITA: RIsk‐aware Trust‐based Architecture for collaborative multi‐hop vehicular communications. Security and Communication Networks, 9(17), 4428-4442, which has been published in final form at http://onlinelibrary.wiley.com/doi/10.1002/sec.1618/abstractTrust establishment over vehicular networks can enhance the security against probable insider attackers. Regrettably, existing solutions assume that the attackers have always a dishonest behavior that remains stable over time. This assumption may be misleading, as the attacker can behave intelligently to avoid being detected. In this paper, we propose a novel solution that combines trust establishment and a risk estimation concerning behavior changes. Our proposal, called risk-aware trust-based architecture, evaluates the trust among vehicles for independent time periods, while the risk estimation computes the behavior variation between smaller, consecutive time periods in order to prevent risks like an intelligent attacker attempting to bypass the security measures deployed. In addition, our proposal works over a collaborative multi-hop broadcast communication technique for both vehicle-to-vehicle and vehicle-to-roadside unit messages in order to ensure an efficient dissemination of both safety and infotainment messages. Simulation results evidence the high efficiency of risk-aware trust-based architecture at enhancing the detection ratios by more than 7% compared with existing solutions, such as T-CLAIDS and AECFV, even in the presence of high ratios of attackers, while offering short end-to-end delays and low packet loss ratios.This work was partially supported by both the Ministerio de Economia y Competitividad, Programa Estatal de Investigacion, Desarrollo e Innovacion Orientada a los Retos de la Sociedad, Proyectos I+D+I 2014, Spain, under Grant TEC2014-52690-R, and the Ministere de l'enseignement superieur et de la recherche scientifique, Programme National Exceptionnel P.N.E 2015/2016, Algeria.Kerrache, CA.; Tavares De Araujo Cesariny Calafate, CM.; Lagraa, N.; Cano Escribá, JC.; Manzoni, P. (2016). RITA: RIsk-aware Trust-based Architecture for collaborative multi-hop vehicular communications. Security and Communication Networks. 9(17):4428-4442. https://doi.org/10.1002/sec.1618S4428444291

Forgetting the Time in Timed Process Algebra

In this paper, we propose the notion of partial time abstraction for timed process algebras, which introduces the possibility to abstract away parts of the timing of system behaviour. Adding this notion leads to so-called partially timed process algebras and partially timed labelled transition systems. We describe these notions, and generalise timed branching bisimilarity to partially timed branching bisimilarity, allowing the comparison of systems with partial timing. Finally, with several examples and a case study, we demonstrate how partial time abstraction can be a useful modelling technique for timed models, which can lead to rigorous minimisations of state spaces

Mechanical verification of concurrency control and recovery protocols

X+152hlm.;24c

Deductive Verification of the Sliding Window Protocol

We consider the well-known Sliding Window Protocol which provides reliable and efficient transmission of data over unreliable channels. A formal proof of correctness for this protocol faces substantial difficulties caused by a high degree of parallelism which creates a significant potential for errors. Here we consider a version of the protocol that is based on selective repeat of frames. The specification of the protocol by a state machine and its safety property are represented in the language of the verification system PVS. Using the PVS system, we give an interactive proof of this property of the Sliding Window Protocol

PROCEEDINGS OF THE 3D PROGRESS WORKSHOP ON EMBEDDED SYSTEMS Formal Verification of an Improved Sliding Window Protocol

Abstract — The well-known Sliding Window protocol caters for the reliable and efficient transmission of data over unreliable channels that can lose, reorder and duplicate messages. Despite the practical importance of the protocol and its high potential for errors, it has never been formally verified for the general setting. We try to fill this gap by giving a fully formal specification and verification of an improved version of the protocol. The protocol is specified by a timed state machine in the language of the verification system PVS. This allows a mechanical check of the proof by the interactive proof checker of PVS. Our modelling is very general and includes such important features of the protocol as sending and receiving windows of arbitrary size, bounded sequence numbers and the three types of channel faults mentioned above

Formal Verification of an Improved Sliding Window Protocol

The well-known Sliding Window protocol caters for the reliable and efficient transmission of data over unreliable channels that can lose, reorder and duplicate messages. Despite the practical importance of the protocol and its high potential for errors, it has never been formally verified for the general setting. We try to fill this gap by giving a fully formal specification and verification of an improved version of the protocol. The protocol is specified by a timed state machine in the language of the verification system PVS. This allows a mechanical check of the proof by the interactive proof checker of PVS. Our modelling is very general and includes such important features of the protocol as sending and receiving windows of arbitrary size, bounded sequence numbers and the three types of channel faults mentioned above