Language and tool support for event refinement structures in Event-B

Event-B is a formal method for modelling and verifying the consistency of chains of model refinements. The event refinement structure (ERS) approach augments Event-B with a graphical notation which is capable of explicit representation of control flows and refinement relationships. In previous work, the ERS approach has been evaluated manually in the development of two large case studies, a multimedia protocol and a spacecraft sub-system. The evaluation results helped us to extend the ERS constructors, to develop a systematic definition of ERS, and to develop a tool supporting ERS. We propose the ERS language which systematically defines the semantics of the ERS graphical notation including the constructors. The ERS tool supports automatic construction of the Event-B models in terms of control flows and refinement relationships. In this paper we outline the systematic definition of ERS including the presentation of constructors, the tool that supports it and evaluate the contribution that ERS and its tool make. Also we present how the systematic definition of ERS and the corresponding tool can ensure a consistent encoding of the ERS diagrams in the Event-B models

Evaluation of graphical control flow management approaches for Event-B modelling

Integrating graphical representations with formal methods can help bridge the gap between requirements and formal modelling. In this paper, we compare and evaluate two graphical approaches aiming at describing control flows and refinement in Event-B, and we use a fire dispatch system case study to perform this evaluation. The fire dispatch system case study provides a good example of a complex workflow through which we try to identify a process that facilitates defining the structural and the behavioural parts of the Event-B model. In our case study, we focus on building the dynamic part of the model to evaluate the two diagrammatic notations: UML Activity Diagrams and Atomicity Decomposition Diagrams. Based on our evaluation, we try to identify the advantages and limitations of both approaches. Finally, we try to compare how both graphical notations can affect the Event-B formal modelling of our case study

Applying Atomicity and Model Decomposition to a Space Craft System in Event-B

Event-B is a formal method for modeling and verifying consistency of systems. In formal methods such as Event-B, refinement is the process of enriching or modifying an abstract model in a step-wise manner in order to manage the development of complex and large systems. To further alleviate the complexity of developing large systems, Event-B refinement can be augmented with two techniques, namely atomicity decomposition and model decomposition. Our main objective in this paper is to investigate and evaluate the application of these techniques when used in a refinement based development. These techniques have been applied to the formal development of a space craft system. The outcomes of this experimental work are presented as assessment results. The experience and assessment can form the basis for some guidelines in applying these techniques in future cases

A graphical tool for event refinement structures in Event-B

The Event Refinement Structures (ERS) approach provides a graphical extension of the Event-B formal method to represent event decomposition and control-flow explicitly. In this paper we present an improved version of the ERS plug-in, which provides a graphical environment for the ERS approach within the Event-B tool, Rodin. The improved ERS plug-in is based on the available frameworks that are developed to support Event-B with an EMF framework, language extensions and generic diagram extensions

Formal modelling of data integration systems security policies

Data Integration Systems (DIS) are concerned with integrating data from multiple data sources to resolve user queries. Typically, organisations providing data sources specify security policies that impose stringent requirements on the collection, processing, and disclosure of personal and sensitive data. If the security policies were not correctly enforced by the integration component of DIS, the data is exposed to data leakage threats, e.g. unauthorised disclosure or secondary use of the data. SecureDIS is a framework that helps system designers to mitigate data leakage threats during the early phases of DIS development. SecureDIS provides designers with a set of informal guidelines written in natural language to specify and enforce security policies that capture confidentiality, privacy, and trust properties. In this paper, we apply a formal approach to model a DIS with the SecureDIS security policies and verify the correctness and consistency of the model. The model can be used as a basis to perform security policies analysis or automatically generate a Java code to enforce those policies within DIS

An approach to atomicity decomposition in the Event-B formal method

Formal methods are mathematically based techniques and tools to model software and hardware systems. Event-B is a formal method that emerged over the last decade as an evolution of classical B. Event-B is supported by an open and extensible Eclipse-based tool-set, called Rodin. Rodin provides an integrated environment supporting the whole process of multi-stage modelling and handling of the associated proofs. Rodin extensibility is exploited by developing a number of plug-ins to extend the main platform capabilities. During recent years, Event-B and Rodin have been used to model some real-world complex systems and prove consistency properties of them. However developing models of large and complex systems is not an easy task, since it can result in complex models and difficult proofs. There are some techniques in Event-B which can help to tackle the difficulties of modelling complex systems; refinement and model decomposition are two examples. Atomicity decomposition was recently introduced as another technique to help with the structuring of refinement-based development of complex systems in Event-B.In this research, we have investigated how the development process with Event-B can be enriched further by using the atomicity decomposition approach. The atomicity decomposition approach provides a graphical notation to structure refinement and to support the explicit sequencing of events in an Event-B model. In this approach, modelling usually starts with a single atomic event of the system which is split to two or more sub-events in the next refinement level. We have further developed the atomicity decomposition patterns and features. A formal description of the atomicity decomposition language is presented. The transformation rules from an atomicity decomposition diagram to the Event-B model are defined. The atomicity decomposition diagrams can be transformed to Event-B models using these rules. Exploiting the extensibility of the Rodin platform, a Rodin plug-in tool was developed to provide atomicity decomposition support in Event-B. The modelling and tool extensions developed in this thesis are applied to two complex case studies, the Media Channel System and the BepiColombo System. We present an evaluation of the atomicity decomposition approach using insights gained from these case studies