78 research outputs found
Formal Verification of Security Pattern Composition: Application to SCADA
Information security was initially required in specific applications, however, nowadays, most companies and even individuals are interested in securing their information assets. The new requirement can be costly, especially with the high demand on security solutions and security experts. Security patterns are reusable security solutions that prove to be efficient and can help developers achieve some security goals without the need for expertise in the security domain. Some security pattern combinations can be beneficial while others are inconsistent. Model checking can be used to verify the production of combining multiple security patterns with an architecture. Supervisory control and data acquisition (SCADA) systems control many of our critical industrial infrastructures. Due to their limitations, and their augmented connectivity, SCADA systems have many unresolved security issues. In this paper, we demonstrate how we can automatically generate a secure SCADA model based on an insecure one and how to verify the generated model
USER CONTEXT MODELS : A FRAMEWORK TO EASE SOFTWARE FORMAL VERIFICATIONS
This article is accepted to appear in ICEIS 2010 proceedingsInternational audienceSeveral works emphasize the difficulties of software verification applied to embedded systems. In past years, formal verification techniques and tools were widely developed and used by the research community. However, the use of formal verification at industrial scale remains difficult, expensive and requires lot of time. This is due to the size and the complexity of manipulated models, but also, to the important gap between requirement models manipulated by different stackholders and formal models required by existing verification tools. In this paper, we fill this gap by providing the UCM framework to automatically generate formal models used by formal verification tools. At this stage of our work, we generate behavior models of environment actors interacting with the system directly from an extended form of use cases. These behavioral models can be composed directly with the system automata to be verified using existing model checking tools
Context Aware Model-Checking for Embedded Software
Reactive systems are becoming extremely complex with the huge increase in high technologies. Despite technical improvements, the increasing size of the systems makes the introduction of a wide range of potential errors easier. Among reactive systems, the asynchronous systems communicating by exchanging messages via buffer queues are often characterized by a vast number of possible behaviors. To cope with this difïŹculty, manufacturers of industrial systems make signiïŹcant efforts in testing and simulation to successfully pass the certiïŹcation process. Nevertheless revealing errors and bugs in this huge number of behaviors remains a very difïŹcult activity. An alternative method is to adopt formal methods, and to use exhaustive and automatic veriïŹcation tools such as model-checkers. Model-checking algorithms can be used to verify requirements of a model formally and automatically. Several model checkers as (Berthomieu et al., 2004; Holzmann, 1997; Larsen et al., 1997), have been developed to help the veriïŹcation of concurrent asynchronous systems. It is well known that an important issue that limits the application of model checking techniques in industrial software projects is the combinatorial explosion problem (Clarke et al., 1986; Holzmann & Peled, 1994; Park & Kwon, 2006). Because of the internal complexity of developed software, model checking of requirements over the system behavioral models could lead to an unmanageable state space. The approach described in this chapter presents an exploratory work to provide solutions to the problems mentioned above. It is based on two joint ideas: ïŹrst, to reduce behaviors system to be validated during model-checking and secondly, help the user to specify the formal properties to check. For this, we propose to specify the behavior of the entities that compose the system environment. These entities interact with the system. Their behaviors are described by use cases (scenarios) called here contexts. They describe how the environment interacts with the system. Each context corresponds to an operational phase identiïŹed as system initialization, reconïŹguration, graceful degradation, etc.. In addition, each context is associated with a set of properties to check. The aim is to guide the model-checker to focus on a restriction of the system behavior for veriïŹcation of speciïŹc properties instead on exploring the global system automaton
Trust in MDE Components: the DOMINO Experiment
International audienceA large number of modeling activities can be automatic or computer assisted. This automation ensures a more rapid and robust software development. However, engineers must ensure that the models have the properties required for the application. In order to tend towards this requirement, the DOMINO project (DOMaINs and methodological prOcess) proposes to use the socalled trustworthy Model-Driven Engineering (MDE) components and aims to provide a methodology for the validation and qualification of such components
Formalisation de contextes et d'exigences pour la validation formelle de logiciels embarqués
Un défi bien connu dans le domaine des méthodes formelles est d'améliorer leur intégration dans
les processus de dĂ©veloppement industriel. Dans le contexte des systĂšmes embarquĂ©s, lâutilisation des
techniques de vérification formelle nécessitent tout d'abord de modéliser le systÚme à valider, puis de
formaliser les propriĂ©tĂ©s devant ĂȘtre satisfaites sur le modĂšle et enfin de dĂ©crire le comportement de
l'environnement du modÚle. Ce dernier point que nous nommons « contexte de preuve » est souvent négligé.
Il peut ĂȘtre, cependant, d'une grande importance afin de rĂ©duire la complexitĂ© de la preuve. Dans notre
contribution, nous cherchons Ă proposer Ă lâutilisateur une aide pour la formalisation de ce contexte en lien
avec la formalisation des propriétés. Dans ce but, nous proposons et expérimentons un langage (DSL),
nommĂ©e CDL (Context Description Language), pour la description des acteurs de lâenvironnement, basĂ©e sur
des diagrammes dâactivitĂ©s et de sĂ©quence et des patrons de dĂ©finition des propriĂ©tĂ©s Ă vĂ©rifier. Les propriĂ©tĂ©s
sont modĂ©lisĂ©es et reliĂ©es Ă des rĂ©gions dâexĂ©cution spĂ©cifiques du contexte. Nous illustrons notre
contribution sur un exemple et décrivons des résultats sur plusieurs applications industrielles embarquées
Approche pour la Vérification Formelle de Propriétés : Application au Développement Industriel de Logiciels Embarqués
International audienc
Formal Validation with Model-Checking Techniques
International audience"Un dĂ©fi bien connu dans le domaine des mĂ©thodes formelles est d'amĂ©liorer leur intĂ©gration dans les processus de dĂ©veloppement logiciel. Si nous voulons que ces techniques soient utilisables Ă terme dans le contexte de dĂ©veloppement de logiciels industriels et de taille significatives, cela nĂ©cessite encore d'investir des travaux de recherche tant sur le plan technique que mĂ©thodologique.D'une part, une meilleure gestion de la complexitĂ© des modĂšles Ă simuler doit ĂȘtre atteinte au regard de la performance des calculateurs actuels. D'autre part, les mĂ©thodologies d'emploi sont Ă dĂ©finir et Ă adapter aux processus dĂ©jĂ mis en place par les ingĂ©nieurs dans les unitĂ©s de production.Nous rendons compte, dans cette prĂ©sentation, de travaux de recherche menĂ©s dans le domaine particulier des systĂšmes embarquĂ©s. Ceux-ci ont abordĂ© des points durs scientifiques impliquant des aspects techniques pouvant contribuer au"passage Ă l'Ă©chelle" en cherchant, par exemple, Ă rĂ©duire l'espace des Ă©tats parcourus lors des simulations nĂ©cessaires pour la vĂ©rification de propriĂ©tĂ©s.Nous avons proposĂ©, pour cela, une technique basĂ©e sur la notion de contexte spĂ©cifiĂ© dans un langage ad-hoc nommĂ©e CDL (Context Description Language). Nous avons Ă©galement proposĂ© des Ă©lĂ©ments mĂ©thodologiques permettant un meilleur ancrage dans les processus de dĂ©veloppement existants. Ils concernent l'identification, la structuration et la formalisation des donnĂ©es nĂ©cessaires aux activitĂ©s de vĂ©rification comme la spĂ©cification formelle des contextes de rĂ©duction, des propriĂ©tĂ©s formelles et les modĂšles applicatifs Ă simuler.Dans ce contexte, nous avons proposĂ© un outil d'analyse nommĂ© OBP (Observer-Based Prover) qui nous a permis de mener de nombreuses expĂ©rimentations sur des applications fournies par des industriels du domaine aĂ©ronautique, automobile et des systĂšmes Ă©lectroniques. A partir des rĂ©sultats obtenus, nous traçons un ensemble de perspectives pour le dĂ©veloppement de recherches futures
Validation formelle dâimplantation de patrons de sĂ©curitĂ© : Application aux SCADA
International audienceLes systĂšmes de contrĂŽle et dâacquisition de donnĂ©es (SCADA)sont des systĂšmes spĂ©cifiques, avec leurs propres exigences fonctionnelleset contraintes, dont la sĂ©curitĂ© est quasi absente. Ce sont lessystĂšmes qui contrĂŽlent la majeure partie de nos infrastructures industriellescritiques dont, par exemple, des centrales nuclĂ©aires ou chimiques.De nombreux travaux considĂšrent lâexploitation, dans les systĂšmesSCADA, de mĂ©canismes protecteurs pour amĂ©liorer leur sĂ©curitĂ©et leur rĂ©sistance aux attaques. Ces architectures renforcĂ©es peuventalors faire lâobjet dâune modĂ©lisation logicielle composant les architectureset des modĂšles de patrons de sĂ©curitĂ©. La combinaison entre unearchitecture SCADA et les patrons de sĂ©curitĂ© doit alors ĂȘtre validĂ©eau regard des exigences de sĂ©curitĂ© Ă implanter. La sĂ©curitĂ© SCADApeut bĂ©nĂ©ficier de cette combinaison qui respecte les exigences en tenantcompte de la complexitĂ© temporelle et spatiale. La vĂ©rificationformelle, par model-checking, des propriĂ©tĂ©s pour cette architecturepeut aider Ă garantir lâutilisation correcte des patrons de sĂ©curitĂ© eten Ă©liminant les Ă©ventuelles incohĂ©rences. Ce papier rend compte dâunepremiĂšre Ă©tape de travaux dans ce domaine
Use Cases Modeling for Scalable Model-Checking
International audienc
Context-aware Veri cation of a Landing Gear System
International audienceDespite the high level of automation, the practicability of formal veri cation through model-checking of large models is hindered by the combinatorial explosion problem. In this paper we apply a novel context-aware veri cation technique to the Landing Gear System (LGS). The idea is to express and verify requirements relative to certain environ- mental situations. The system environment is decomposed into several independent scenarios (contexts), which are successively composed with the system during reachability analysis. These contexts are speci ed us- ing a language called CDL (Context Description Language), based on activity and message sequence diagrams. The properties to be veri ed are speci ed with observer automata and attached to speci c regions in the context. This approach enables an automated context-guided de- composition of the veri cation into smaller problems, hence e ectively reducing the state-space explosion problem. In the case of the LGS this technique enabled the fully-automated decomposition of the veri cation into 885 smaller model-checking problems
- âŠ