199 research outputs found

    A Formal TLS Handshake Model in LNT

    Get PDF
    Testing of network services represents one of the biggest challenges in cyber security. Because new vulnerabilities are detected on a regular basis, more research is needed. These faults have their roots in the software development cycle or because of intrinsic leaks in the system specification. Conformance testing checks whether a system behaves according to its specification. Here model-based testing provides several methods for automated detection of shortcomings. The formal specification of a system behavior represents the starting point of the testing process. In this paper, a widely used cryptographic protocol is specified and tested for conformance with a test execution framework. The first empirical results are presented and discussed.Comment: In Proceedings MARS/VPT 2018, arXiv:1803.0866

    On-the-Fly Model Checking for Extended Action-Based Probabilistic Operators

    Get PDF
    International audienceThe quantitative analysis of concurrent systems requires expressive and user-friendly property languages combining temporal, data-handling, and quantitative aspects. In this paper, we aim at facilitating the quantitative analysis of systems modeled as PTSs (Probabilistic Transition Systems) labeled by actions containing data values and probabilities. We propose a new regular probabilistic operator that computes the probability measure of a path specified by a generalized regular formula involving arbitrary computations on data values. This operator, which subsumes the Until operators of PCTL and their action-based counterparts, can provide useful quantitative information about paths having certain (e.g., peak) cost values. We integrated the regular probabilistic operator into MCL (Model Checking Language) and we devised an associated on-the-fly model checking method, based on a combined local resolution of linear and Boolean equation systems. We implemented the method in the EVALUATOR model checker of the CADP toolbox and experimented it on realistic PTSs modeling concurrent systems

    Histologic Features with Predictive Value for Outcome of Patients with Ulcerative Colitis

    Get PDF
    Ulcerative colitis is an inflammatory bowel disease with variable evolution, in which is difficult to establish patient’s outcome. Histology is an important part of diagnosis of ulcerative colitis and has an increasing role in patients’ management, since increasingly more histologic features with predictive value are being identified and validated. This chapter presents the most important histologic prognostic factors that should be included in histologic reports of patients with ulcerative colitis. Basal plasmacytosis and histologic healing are the most significant validated factors of prognosis in ulcerative colitis, while dysplasia is important since colorectal carcinoma is a severe complication of the disease

    CAESAR_SOLVE: A Generic Library for On-the-Fly Resolution of Alternation-Free Boolean Equation Systems

    Get PDF
    Boolean Equation Systems (BESs) provide a useful framework for modeling various verification problems on finite-state concurrent systems, such as equivalence checking and model checking. These problems can be solved on-the-fly (i.e., without constructing explicitly the state space of the system under analysis) by using a demand-driven construction and resolution of the corresponding BES. In this report, we present a generic software library dedicated to on-the-fly resolution of alternation-free BESs (i.e., without mutually recursive minimal and maximal fixed point equations). Four resolution algorithms are currently provided by the library: algorithms A1 and A2 are general, the latter being optimized to produce small-depth diagnostics, whereas algorithms A3 and A4 are specialized for handling acyclic and disjunctive/conjunctive BESs in a memory-efficient way. The library is developed within the CADP verification toolbox using the generic OPEN/CAESAR environment and is currently used for three purposes: on-the-fly equivalence checking modulo five widely-used equivalence relations, on-the-fly model checking of regular alternation-free mu-calculus, and on-the-fly reduction of state spaces based on tau-confluence

    Logiques temporelles basées sur actions pour la vérification des systèmes asynchrones

    Get PDF
    La vérification formelle est indispensable pour assurer la fiabilité des applications complexes et critiques comme les protocoles de télécommunication et les systèmes répartis. L'approche basée sur les modèles (model checking) consiste à traduire l'application vers un modèle système de transitions étiquetées, sur lequel les propriétés de bon fonctionnement, exprimées comme formules de logique temporelle, sont vérifiées au moyen d'algorithmes spécifiques. Ce rapport présente de manière unifiée les logiques temporelles basées sur actions qui sont actuellement les plus utilisées dans le contexte des systèmes parallèles asynchrones comportant du non-déterminisme. Les différentes logiques traitées (modales, arborescentes, régulières et de point fixe) sont illustrées à travers des exemples de propriétés typiques des systèmes parallèles asynchrones (sûreté, vivacité, équité) et sont comparées suivant l'expressivité, la facilité d'utilisation et l'efficacité des algorithmes de vérification associés

    Formal Description and Analysis of a Bounded Retransmission Protocol

    Get PDF
    This paper reports about the formal specification and verification of a Bounded Retransmission Protocol (BRP) used by Philips in one of its products. We started with the descriptions of the BRP service (i.e., external behaviour) and protocol written in the mu-CRL language by Groote and van de Pol. After translating them in the LOTOS language, we performed verifications by model-checking using the CADP (CAESAR/ALDEBARAN) toolbox. The models of the LOTOS descriptions were generated using the CAESAR compiler (by putting bounds on the data domains) and checked to be branching equivalent using the ALDEBARAN tool. Alternately, we formulated in the ACTL temporal logic a set of safety and liveness properties for the BRP protocol and checked them on the corresponding model using our XTL generic model-checker

    Local Model-Checking of Modal Mu-Calculus on Acyclic Labeled Transition Systems

    Get PDF
    Model-checking is a popular technique for verifying finite-state concurrent systems, the behaviour of which can be modeled using Labeled Transition Systems (Ltss). In this report, we study the model-checking problem for the modal mu-calculus on acyclic Ltss. This has various applications of practical interest such as trace analysis, log information auditing, run-time monitoring, etc. We show that on acyclic Ltss, the full mu-calculus has the same expressive power as its alternation-free fragment. We also present two new algorithms for local model-checking of mu-calculus formulas on acyclic Ltss. Our algorithms are based upon a translation to boolean equation systems and exhibit a better performance than existing model-checking algorithms applied to acyclic Ltss. The first algorithm handles mu-calculus formulas phi with alternation depth ad (phi) greater or equal than 2 and has time complexity O (|phi|^2 * (|S|+|T|)) and space complexity O (|phi|^2 * |S|), where |S| and |T| are the number of states and transitions of the acyclic Lts and |phi| is the number of operators in phi. The second algorithm handles formulas with alternation depth ad (phi) = 1 and has time complexity O (|phi| * (|S|+|T|)) and space complexity O (|phi| * |S|)

    Quantifying the Parallelism in BPMN Processes using Model Checking

    No full text
    International audienceA business process is a set of structured, related activities that aims at fulfilling a specific organizational goal for a customer or market. An important metric when developing a business process is its degree of parallelism, i.e., the maximum number of tasks that are executable in parallel in that process. The degree of parallelism determines the peak demand on tasks, providing a valuable guide for the problem of resource allocation in business processes. In this paper, we investigate how to automatically measure the degree of parallelism for business processes, described using the BPMN standard notation. We first present a formal model for BPMN processes in terms of Labelled Transition Systems, which are obtained through process algebra encodings. We then propose an approach for automatically computing the degree of parallelism by using model checking techniques and dichotomic search. We implemented a tool for automating this check and we applied it successfully to more than one hundred BPMN processes

    GRL: A Specification Language for Globally Asynchronous Locally Synchronous Systems

    Get PDF
    International audienceA GALS (Globally Asynchronous, Locally Synchronous) system consists of several synchronous subsystems that evolve concurrently and interact with each other asynchronously. Most formalisms and design tools support either the synchronous paradigm or the asynchronous paradigm but rarely combine both, which requires an intricate modeling of GALS systems. In this paper, we present a new language, called GRL (GALS Representation Language) designed to model GALS systems in an abstract and versatile manner for the purpose of formal verification. GRL has formal semantics combining the synchronous reactive model underlying dataflow languages and the asynchronous concurrent model underlying process algebras. We present the basic concepts and the main constructs of the language, together with an illustrative example

    Efficient Diagnostic Generation for Boolean Equation Systems

    Get PDF
    Boolean Equation Systems (BESs) provide a useful framework for the verification of concurrent finite-state systems. In practice, it is desirable that a BES resolution also yields diagnostic information explaining, preferably in a concise way, the truth value computed for a given variable of the BES. Using a representation of BESs as extended boolean graphs (EBGs), we propose a characterization of full diagnostics (i.e., both examples and counterexamples) as a particular class of subgraphs of the EBG associated to a BES. We provide algorithms that compute examples and counterexamples in linear time and can be straightforwardly used to extend known (global or local) BES resolution algorithms with diagnostic generation facilities
    • …