Enhancing Test Coverage by Back-tracing Model-checker Counterexamples

AbstractThe automatic detection of unreachable coverage goals and generation of tests for "corner-case" scenarios is crucial to make testing and simulation based verification more effective. In this paper we address the problem of coverability analysis and test case generation in modular and component based systems. We propose a technique that, given an uncovered branch in a component, either establishes that the branch cannot be covered or produces a test case at the system level which covers the branch. The technique is based on the use of counterexamples returned by model checkers, and exploits compositionality to cope with large state spaces typical of real applications

The Sensoria Approach Applied to the Finance Case Study

This chapter provides an effective implementation of (part of) the Sensoria approach, specifically modelling and formal analysis of service-oriented software based on mathematically founded techniques. The ‘Finance case study’ is used as a test bed for demonstrating the feasibility and effectiveness of the use of the process calculus COWS and some of its related analysis techniques and tools. In particular, we report the results of an application of a temporal logic and its model checker for expressing and checking functional properties of services and a type system for guaranteeing confidentiality properties of services

On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible

The Drinfel'd Double and Twisting in Stringy Orbifold Theory

This paper exposes the fundamental role that the Drinfel'd double \dkg of the group ring of a finite group $G$ and its twists \dbkg, \beta \in Z^3(G,\uk) as defined by Dijkgraaf--Pasquier--Roche play in stringy orbifold theories and their twistings. The results pertain to three different aspects of the theory. First, we show that $G$--Frobenius algebras arising in global orbifold cohomology or K-theory are most naturally defined as elements in the braided category of \dkg--modules. Secondly, we obtain a geometric realization of the Drinfel'd double as the global orbifold $K$--theory of global quotient given by the inertia variety of a point with a $G$ action on the one hand and more stunningly a geometric realization of its representation ring in the braided category sense as the full $K$--theory of the stack $[pt/G]$. Finally, we show how one can use the co-cycles $\beta$ above to twist a) the global orbifold $K$--theory of the inertia of a global quotient and more importantly b) the stacky $K$--theory of a global quotient $[X/G]$. This corresponds to twistings with a special type of 2--gerbe.Comment: 35 pages, no figure

A Logical Verification Methodology for Service-Oriented Computing

We introduce a logical verification methodology for checking behavioural properties of service-oriented computing systems. Service properties are described by means of SocL, a branching-time temporal logic that we have specifically designed to express in an effective way distinctive aspects of services, such as, e.g., acceptance of a request, provision of a response, and correlation among service requests and responses. Our approach allows service properties to be expressed in such a way that they can be independent of service domains and specifications. We show an instantiation of our general methodology that uses the formal language COWS to conveniently specify services and the expressly developed software tool CMC to assist the user in the task of verifying SocL formulae over service specifications. We demonstrate feasibility and effectiveness of our methodology by means of the specification and the analysis of a case study in the automotive domain