Evaluating formal model verification tools in an industrial context: the case of a smart device life cycle management system

IF 2 3区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING Software and Systems Modeling Pub Date : 2024-08-16 DOI:10.1007/s10270-024-01201-0
Maxime Méré, Frédéric Jouault, Loïc Pallardy, Richard Perdriau
{"title":"Evaluating formal model verification tools in an industrial context: the case of a smart device life cycle management system","authors":"Maxime Méré, Frédéric Jouault, Loïc Pallardy, Richard Perdriau","doi":"10.1007/s10270-024-01201-0","DOIUrl":null,"url":null,"abstract":"<p>The formal verification of the properties of semi-formal models can make it easier to ensure their security and safety. However, this task is generally cumbersome for non-specialists in formal verification, particularly in an industrial context. This paper introduces an evaluation of four formal verification tools on an industrial case, called a Life Cycle Management System (LCMS). This LCMS makes it possible to deploy Product-Service Systems (PSSs) to customers using Systems-on-Chip (SoC). A PSS is a business model in which products and services are tightly connected and whose objective is to optimize the use of products, with a positive environmental impact. A SoC can embed hardware security; however, a LCMS must be secure from end to end, which requires a verification not only of the used protocol (in this case, a blockchain-based protocol), but also of the whole architecture. For that purpose, semi-formal UML models of a LCMS were first specified and designed with their associated properties, then improved in order to be formally verifiable. Despite being more complex, they remain capable of being processed by dedicated tools. In this paper, Verifpal and ProVerif, two formal cryptographic protocol verifiers, are used and evaluated for the cryptographic protocol and AnimUML (developed by one of the authors) and HugoRT, two verification tools for behavior and UML for the architectural model are evaluated. These tools are assessed and compared according to their coverage of properties and state spaces, limitations, and usability for non-specialists. Some limitations of the approach itself are also provided.</p>","PeriodicalId":49507,"journal":{"name":"Software and Systems Modeling","volume":"28 1","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2024-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Software and Systems Modeling","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10270-024-01201-0","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

The formal verification of the properties of semi-formal models can make it easier to ensure their security and safety. However, this task is generally cumbersome for non-specialists in formal verification, particularly in an industrial context. This paper introduces an evaluation of four formal verification tools on an industrial case, called a Life Cycle Management System (LCMS). This LCMS makes it possible to deploy Product-Service Systems (PSSs) to customers using Systems-on-Chip (SoC). A PSS is a business model in which products and services are tightly connected and whose objective is to optimize the use of products, with a positive environmental impact. A SoC can embed hardware security; however, a LCMS must be secure from end to end, which requires a verification not only of the used protocol (in this case, a blockchain-based protocol), but also of the whole architecture. For that purpose, semi-formal UML models of a LCMS were first specified and designed with their associated properties, then improved in order to be formally verifiable. Despite being more complex, they remain capable of being processed by dedicated tools. In this paper, Verifpal and ProVerif, two formal cryptographic protocol verifiers, are used and evaluated for the cryptographic protocol and AnimUML (developed by one of the authors) and HugoRT, two verification tools for behavior and UML for the architectural model are evaluated. These tools are assessed and compared according to their coverage of properties and state spaces, limitations, and usability for non-specialists. Some limitations of the approach itself are also provided.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
评估工业环境中的形式模型验证工具:智能设备生命周期管理系统案例
对半正式模型的属性进行形式化验证,可以更容易地确保其安全性。然而,对于形式验证方面的非专业人员来说,这项任务通常比较繁琐,尤其是在工业环境中。本文介绍了在一个名为生命周期管理系统(LCMS)的工业案例中对四种形式化验证工具的评估。该 LCMS 使使用片上系统 (SoC) 向客户部署产品服务系统 (PSS) 成为可能。PSS 是一种将产品和服务紧密联系在一起的商业模式,其目标是优化产品的使用,并对环境产生积极影响。SoC 可以嵌入硬件安全;但是,LCMS 必须从头到尾都是安全的,这就要求不仅要验证所使用的协议(在本例中是基于区块链的协议),还要验证整个架构。为此,首先对 LCMS 的半正式 UML 模型及其相关属性进行了指定和设计,然后对其进行了改进,使其具有正式的可验证性。尽管这些模型更为复杂,但仍可由专用工具进行处理。本文对加密协议使用了 Verifpal 和 ProVerif 这两种形式化的加密协议验证工具,对架构模型使用了 AnimUML(由作者之一开发)和 HugoRT 这两种行为和 UML 验证工具进行了评估。根据属性和状态空间的覆盖范围、局限性以及对非专业人员的可用性,对这些工具进行了评估和比较。此外,还提供了该方法本身的一些局限性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Software and Systems Modeling
Software and Systems Modeling 工程技术-计算机:软件工程
CiteScore
6.00
自引率
20.00%
发文量
104
审稿时长
>12 weeks
期刊介绍: We invite authors to submit papers that discuss and analyze research challenges and experiences pertaining to software and system modeling languages, techniques, tools, practices and other facets. The following are some of the topic areas that are of special interest, but the journal publishes on a wide range of software and systems modeling concerns: Domain-specific models and modeling standards; Model-based testing techniques; Model-based simulation techniques; Formal syntax and semantics of modeling languages such as the UML; Rigorous model-based analysis; Model composition, refinement and transformation; Software Language Engineering; Modeling Languages in Science and Engineering; Language Adaptation and Composition; Metamodeling techniques; Measuring quality of models and languages; Ontological approaches to model engineering; Generating test and code artifacts from models; Model synthesis; Methodology; Model development tool environments; Modeling Cyberphysical Systems; Data intensive modeling; Derivation of explicit models from data; Case studies and experience reports with significant modeling lessons learned; Comparative analyses of modeling languages and techniques; Scientific assessment of modeling practices
期刊最新文献
A model template for reachability-based containment checking of imprecise observations in timed automata Supporting method engineering with a low-code approach: the LOMET  tool A system-theoretic assurance framework for safety-driven systems engineering IAT/ML: a metamodel and modelling approach for discourse analysis Universal conceptual modeling: principles, benefits, and an agenda for conceptual modeling research
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1