首页 > 最新文献

Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)最新文献

英文 中文
Hardness for Explicit State Software Model Checking Benchmarks 显式状态软件模型检查基准的硬度
Neha Rungta, Eric Mercer
Directed model checking algorithms focus computation resources in the error-prone areas of concurrent systems. The algorithms depend on some empirical analysis to report their performance gains. Recent work characterizes the hardness of models used in the analysis as an estimated number of paths in the model that contain an error. This hardness metric is computed using a stateless random walk. We show that this is not a good hardness metric because models labeled hard with a stateless random walk metric have easily discoverable errors with a stateful randomized search. We present an analysis which shows that a hardness metric based on a stateful randomized search is a tighter bound for hardness in models used to benchmark explicit state directed model checking techniques. Furthermore, we convert easy models into hard models as measured by our new metric by pushing the errors deeper in the system and manipulating the number of threads that actually manifest an error.
定向模型检查算法将计算资源集中在并发系统容易出错的地方。这些算法依赖于一些实证分析来报告它们的性能增益。最近的研究将分析中使用的模型的硬度描述为模型中包含错误的路径的估计数量。这个硬度度量是使用无状态随机漫步来计算的。我们发现这不是一个好的硬度度量,因为用无状态随机漫步度量标记为硬的模型很容易发现有状态随机搜索的错误。我们提出了一项分析,表明基于状态随机搜索的硬度度量是用于对显式状态导向模型检查技术进行基准测试的模型中的硬度的更严格的界限。此外,我们将简单模型转换为硬模型,通过将错误推入系统的更深处,并操纵实际显示错误的线程数量,通过我们的新度量来度量。
{"title":"Hardness for Explicit State Software Model Checking Benchmarks","authors":"Neha Rungta, Eric Mercer","doi":"10.1109/SEFM.2007.23","DOIUrl":"https://doi.org/10.1109/SEFM.2007.23","url":null,"abstract":"Directed model checking algorithms focus computation resources in the error-prone areas of concurrent systems. The algorithms depend on some empirical analysis to report their performance gains. Recent work characterizes the hardness of models used in the analysis as an estimated number of paths in the model that contain an error. This hardness metric is computed using a stateless random walk. We show that this is not a good hardness metric because models labeled hard with a stateless random walk metric have easily discoverable errors with a stateful randomized search. We present an analysis which shows that a hardness metric based on a stateful randomized search is a tighter bound for hardness in models used to benchmark explicit state directed model checking techniques. Furthermore, we convert easy models into hard models as measured by our new metric by pushing the errors deeper in the system and manipulating the number of threads that actually manifest an error.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127962977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Testing conformance on Stochastic Stream X-Machines 随机流x机一致性测试
Mercedes G. Merayo, M. Núñez
Stream X-machines have been used to specify real systems requiring to represent complex data structures. One of the advantages of using stream X-machines to specify a system is that it is possible to produce a test set that, under certain conditions, detects all the faults of an implementation. In this paper we present a formal framework to test temporal behaviors in systems where temporal aspects are critical. Temporal requirements are expressed by means of random variables and affect the duration of actions. Implementation relations are presented as well as a method to determine the conformance of an implementation with respect to a specification by applying a test set.
流x机器已用于指定需要表示复杂数据结构的实际系统。使用流X-machines来指定系统的优点之一是,可以生成一个测试集,该测试集在某些条件下可以检测实现的所有错误。在本文中,我们提出了一个正式的框架来测试系统中的时间行为,其中时间方面是至关重要的。时间需求通过随机变量表示,并影响动作的持续时间。提出了实现关系,以及通过应用测试集来确定实现与规范的一致性的方法。
{"title":"Testing conformance on Stochastic Stream X-Machines","authors":"Mercedes G. Merayo, M. Núñez","doi":"10.1109/SEFM.2007.41","DOIUrl":"https://doi.org/10.1109/SEFM.2007.41","url":null,"abstract":"Stream X-machines have been used to specify real systems requiring to represent complex data structures. One of the advantages of using stream X-machines to specify a system is that it is possible to produce a test set that, under certain conditions, detects all the faults of an implementation. In this paper we present a formal framework to test temporal behaviors in systems where temporal aspects are critical. Temporal requirements are expressed by means of random variables and affect the duration of actions. Implementation relations are presented as well as a method to determine the conformance of an implementation with respect to a specification by applying a test set.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117343248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
The Role of Abstract Interpretation in Formal Methods 抽象解释在形式化方法中的作用
P. Cousot
In computer science and software engineering, formal methods are mathematically-based techniques for the specification, development and verification of software and hardware systems. They therefore establish the satisfaction of a specification by a system semantics. Abstract interpretation is a theory of sound approximation of mathematical structures, in particular those involved in the description of the behavior of computer systems. It allows the systematic derivation of sound methods and algorithms for approximating undecidable or highly complex problems in various areas of computer science (semantics, verification and proof, model- checking, static analysis, program transformation and optimization, typing, software steganography, etc.). Its main current application is on the safety and security of complex hardware and software computer systems.
在计算机科学和软件工程中,形式化方法是基于数学的技术,用于软件和硬件系统的规范、开发和验证。因此,它们通过系统语义建立了对规范的满足。抽象解释是一种对数学结构进行合理近似的理论,特别是那些涉及计算机系统行为描述的理论。它允许系统地推导出可靠的方法和算法,用于近似计算机科学各个领域(语义,验证和证明,模型检查,静态分析,程序转换和优化,打字,软件隐写等)中不可确定或高度复杂的问题。它目前的主要应用是复杂的计算机硬件和软件系统的安全与保障。
{"title":"The Role of Abstract Interpretation in Formal Methods","authors":"P. Cousot","doi":"10.1109/SEFM.2007.42","DOIUrl":"https://doi.org/10.1109/SEFM.2007.42","url":null,"abstract":"In computer science and software engineering, formal methods are mathematically-based techniques for the specification, development and verification of software and hardware systems. They therefore establish the satisfaction of a specification by a system semantics. Abstract interpretation is a theory of sound approximation of mathematical structures, in particular those involved in the description of the behavior of computer systems. It allows the systematic derivation of sound methods and algorithms for approximating undecidable or highly complex problems in various areas of computer science (semantics, verification and proof, model- checking, static analysis, program transformation and optimization, typing, software steganography, etc.). Its main current application is on the safety and security of complex hardware and software computer systems.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"350 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124307474","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Specification-based testing for refinement 基于规范的细化测试
Temesghen Kahsai, M. Roggenbach, H. Schlingloff
In this paper, we present a theory for the evaluation of test cases with respect to formal specifications. In particular, we use the specification language CSP-CASL to define and evaluate black-box tests for reactive systems. Using loose semantics and three-valued test oracles, our approach is well-suited to deal with the refinement of specifications. In a structured development process of computational systems, abstract specifications are gradually refined into more concrete ones. With our approach, it is possible to develop test cases already from very abstract and basic specifications, and to reuse them later on in more refined systems.
在这篇论文中,我们提出了一种关于正式规范的测试用例评估的理论。特别地,我们使用规范语言CSP-CASL来定义和评估响应系统的黑盒测试。使用松散语义和三值测试oracle,我们的方法非常适合处理规范的细化。在计算系统的结构化开发过程中,抽象的规范逐渐细化为更具体的规范。使用我们的方法,可以从非常抽象和基本的规范中开发测试用例,并在以后更精细的系统中重用它们。
{"title":"Specification-based testing for refinement","authors":"Temesghen Kahsai, M. Roggenbach, H. Schlingloff","doi":"10.1109/SEFM.2007.38","DOIUrl":"https://doi.org/10.1109/SEFM.2007.38","url":null,"abstract":"In this paper, we present a theory for the evaluation of test cases with respect to formal specifications. In particular, we use the specification language CSP-CASL to define and evaluate black-box tests for reactive systems. Using loose semantics and three-valued test oracles, our approach is well-suited to deal with the refinement of specifications. In a structured development process of computational systems, abstract specifications are gradually refined into more concrete ones. With our approach, it is possible to develop test cases already from very abstract and basic specifications, and to reuse them later on in more refined systems.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125745838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
A Scalable Lock-Free Stack Algorithm and its Verification 一种可扩展的无锁堆栈算法及其验证
R. Colvin, L. Groves
The design of efficient software supporting concurrent access to shared data is a challenging task. Often such programs will have at their core algorithms which utilise conceptual locks to restrict access to the data, and which are significantly more complex than their sequential (non-concurrent) counterparts. Lock-free algorithms, which have been developed to avoid problems such as priority inversion and deadlock, are more complex still due to the larger scope for interference between processes. These algorithms become even more complex when further mechanisms are added to achieve good performance under a wide range of workloads. In this paper we present a lock-free algorithm that efficiently manages interference on a shared stack, by allowing complementary stack operations to be eliminated without altering the stack. The algorithm we present is based on a published algorithm due to Hendler, Shavit and Yerushalmi (2004), and incorporates simplifications and improvements that we discovered while attempting to verify the original algorithm. We present a high-level view of the formal verification of our algorithm, which was machine-checked using the PVS theorem prover.
设计支持并发访问共享数据的高效软件是一项具有挑战性的任务。通常,这些程序的核心算法会利用概念锁来限制对数据的访问,这比顺序(非并发)程序要复杂得多。无锁算法是为了避免优先级反转和死锁等问题而开发的,但由于进程之间的干扰范围更大,因此更加复杂。当添加进一步的机制以在各种工作负载下实现良好的性能时,这些算法变得更加复杂。在本文中,我们提出了一种无锁算法,通过允许在不改变堆栈的情况下消除互补堆栈操作,有效地管理共享堆栈上的干扰。我们提出的算法是基于Hendler, Shavit和Yerushalmi(2004)发表的算法,并结合了我们在试图验证原始算法时发现的简化和改进。我们提出了我们的算法的形式化验证的高级视图,这是使用PVS定理证明器进行机器检查的。
{"title":"A Scalable Lock-Free Stack Algorithm and its Verification","authors":"R. Colvin, L. Groves","doi":"10.1109/SEFM.2007.2","DOIUrl":"https://doi.org/10.1109/SEFM.2007.2","url":null,"abstract":"The design of efficient software supporting concurrent access to shared data is a challenging task. Often such programs will have at their core algorithms which utilise conceptual locks to restrict access to the data, and which are significantly more complex than their sequential (non-concurrent) counterparts. Lock-free algorithms, which have been developed to avoid problems such as priority inversion and deadlock, are more complex still due to the larger scope for interference between processes. These algorithms become even more complex when further mechanisms are added to achieve good performance under a wide range of workloads. In this paper we present a lock-free algorithm that efficiently manages interference on a shared stack, by allowing complementary stack operations to be eliminated without altering the stack. The algorithm we present is based on a published algorithm due to Hendler, Shavit and Yerushalmi (2004), and incorporates simplifications and improvements that we discovered while attempting to verify the original algorithm. We present a high-level view of the formal verification of our algorithm, which was machine-checked using the PVS theorem prover.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130404471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Sound reasoning about unchecked exceptions 关于未检查异常的合理推理
B. Jacobs, Peter Müller, F. Piessens
In most software development projects, it is not feasible for developers to handle explicitly all possible unusual events which may occur during program execution, such as arithmetic overflow, highly unusual environment conditions, heap memory or call stack exhaustion, or asynchronous thread cancellation. Modern programming languages provide unchecked exceptions to deal with these circumstances safely and with minimal programming overhead. However, reasoning about programs in the presence of unchecked exceptions is difficult, especially in a multithreaded setting where the system should survive the failure of a subsystem. We propose a static verification approach for multithreaded programs with unchecked exceptions. Our approach is an extension of the Spec# verification methodology for object-oriented programs. It verifies that objects encapsulating shared resources are always ready to be disposed of, by allowing ownership transfers to other threads only through well-nested parallel execution operations. Also, the approach prevents developers from relying on invariants that may have been broken by a failure. We believe the programming style enforced by our approach leads to better programs, even in the absence of formal verification. The proposed approach enables developers using mainstream languages to gain some of the benefits of approaches based on isolated sub-processes. We believe this is the first verification approach that soundly verifies common exception handling and locking patterns in the presence of unchecked exceptions.
在大多数软件开发项目中,开发人员不可能显式地处理程序执行期间可能发生的所有异常事件,例如算术溢出、高度异常的环境条件、堆内存或调用堆栈耗尽或异步线程取消。现代编程语言提供了未经检查的异常,以安全地处理这些情况,并以最小的编程开销。然而,在存在未检查异常的情况下对程序进行推理是困难的,特别是在多线程设置中,系统应该在子系统故障中幸存下来。我们提出了一种静态验证方法,用于多线程程序的未检查异常。我们的方法是对面向对象程序的spec#验证方法的扩展。它只允许通过嵌套良好的并行执行操作将所有权转移到其他线程,从而验证封装共享资源的对象总是准备好被处置的。此外,该方法还可以防止开发人员依赖可能因失败而被破坏的不变量。我们相信,即使在没有正式验证的情况下,我们的方法所强制的编程风格也会带来更好的程序。所建议的方法使使用主流语言的开发人员能够获得基于隔离子过程的方法的一些好处。我们相信,这是第一个在未检查异常的情况下可靠地验证常见异常处理和锁定模式的验证方法。
{"title":"Sound reasoning about unchecked exceptions","authors":"B. Jacobs, Peter Müller, F. Piessens","doi":"10.1109/SEFM.2007.36","DOIUrl":"https://doi.org/10.1109/SEFM.2007.36","url":null,"abstract":"In most software development projects, it is not feasible for developers to handle explicitly all possible unusual events which may occur during program execution, such as arithmetic overflow, highly unusual environment conditions, heap memory or call stack exhaustion, or asynchronous thread cancellation. Modern programming languages provide unchecked exceptions to deal with these circumstances safely and with minimal programming overhead. However, reasoning about programs in the presence of unchecked exceptions is difficult, especially in a multithreaded setting where the system should survive the failure of a subsystem. We propose a static verification approach for multithreaded programs with unchecked exceptions. Our approach is an extension of the Spec# verification methodology for object-oriented programs. It verifies that objects encapsulating shared resources are always ready to be disposed of, by allowing ownership transfers to other threads only through well-nested parallel execution operations. Also, the approach prevents developers from relying on invariants that may have been broken by a failure. We believe the programming style enforced by our approach leads to better programs, even in the absence of formal verification. The proposed approach enables developers using mainstream languages to gain some of the benefits of approaches based on isolated sub-processes. We believe this is the first verification approach that soundly verifies common exception handling and locking patterns in the presence of unchecked exceptions.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127914281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Towards A Case-Optimal Symbolic Execution Algorithm for Analyzing Strong Properties of Object-Oriented Programs 面向对象程序强特性分析的Case-Optimal符号执行算法
Xianghua Deng, Robby, J. Hatcliff
Recent work has demonstrated that symbolic execution techniques can serve as a basis for formal analysis capable of automatically checking heap-manipulating software components against strong interface specifications. In this paper, we present an enhancement to existing symbolic execution algorithms for object-oriented programs that significantly improves upon the algorithms currently implemented in Bogor/Kiasan and JPF. To motivate and justify the new strategy for handling heap data in our enhanced approach, we present a significant empirical study of the performance of related algorithms and an interesting case counting analysis of the heap shapes that can appear in several widely used Java data structure packages.
最近的工作已经证明,符号执行技术可以作为形式分析的基础,能够根据强接口规范自动检查堆操作软件组件。在本文中,我们对现有的面向对象程序的符号执行算法进行了增强,显著改进了目前在Bogor/Kiasan和JPF中实现的算法。为了激励和证明在我们的增强方法中处理堆数据的新策略,我们对相关算法的性能进行了重要的实证研究,并对几个广泛使用的Java数据结构包中可能出现的堆形状进行了有趣的案例计数分析。
{"title":"Towards A Case-Optimal Symbolic Execution Algorithm for Analyzing Strong Properties of Object-Oriented Programs","authors":"Xianghua Deng, Robby, J. Hatcliff","doi":"10.1109/SEFM.2007.43","DOIUrl":"https://doi.org/10.1109/SEFM.2007.43","url":null,"abstract":"Recent work has demonstrated that symbolic execution techniques can serve as a basis for formal analysis capable of automatically checking heap-manipulating software components against strong interface specifications. In this paper, we present an enhancement to existing symbolic execution algorithms for object-oriented programs that significantly improves upon the algorithms currently implemented in Bogor/Kiasan and JPF. To motivate and justify the new strategy for handling heap data in our enhanced approach, we present a significant empirical study of the performance of related algorithms and an interesting case counting analysis of the heap shapes that can appear in several widely used Java data structure packages.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134551104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Flexible Behavioural Compatibility and Substitutability for Component Protocols: A Formal Specification 组件协议的灵活行为兼容性和可替代性:一种正式规范
N. Hameurlain
Component compatibility and substitutability are widely recognized as the main issues in component- based software engineering (CBSE). Most of existing approaches suffer from the problem of component adaptation. Indeed, components compatibility and substitutability are performed component-to- component without taking into account the context. This paper proposes a new framework where more flexible component protocols compatibility and substitutability relations that depend on the context (environment) can be defined. The proposed approach is based on the notion of component protocol's usability, that is a component such that there exists an environment ensuring the completion and / or the proper termination of the composition of the involved component protocol and that environment. Two optimistic protocols compatibility relations together with two optimistic protocols behavioral subtyping relations related to the principle of substitutability are proposed. Moreover, behavioral refinement of component protocols is studied, and a link between protocols refinement and their usability is established. The soundness of the approach is shown.
组件的兼容性和可替代性是基于组件的软件工程(CBSE)中的主要问题。大多数现有的方法都存在组件适应的问题。实际上,组件的兼容性和可替代性是组件对组件执行的,而不考虑上下文。本文提出了一种新的框架,在该框架中可以定义更灵活的组件协议、依赖于上下文(环境)的兼容性和可替代性关系。所提出的方法基于组件协议可用性的概念,即存在一个环境确保所涉及的组件协议和该环境的组合的完成和/或适当终止。提出了与可替代性原则相关的两个乐观协议兼容性关系和两个乐观协议行为子类型关系。此外,还研究了组件协议的行为细化,建立了协议细化与其可用性之间的联系。证明了该方法的合理性。
{"title":"Flexible Behavioural Compatibility and Substitutability for Component Protocols: A Formal Specification","authors":"N. Hameurlain","doi":"10.1109/SEFM.2007.19","DOIUrl":"https://doi.org/10.1109/SEFM.2007.19","url":null,"abstract":"Component compatibility and substitutability are widely recognized as the main issues in component- based software engineering (CBSE). Most of existing approaches suffer from the problem of component adaptation. Indeed, components compatibility and substitutability are performed component-to- component without taking into account the context. This paper proposes a new framework where more flexible component protocols compatibility and substitutability relations that depend on the context (environment) can be defined. The proposed approach is based on the notion of component protocol's usability, that is a component such that there exists an environment ensuring the completion and / or the proper termination of the composition of the involved component protocol and that environment. Two optimistic protocols compatibility relations together with two optimistic protocols behavioral subtyping relations related to the principle of substitutability are proposed. Moreover, behavioral refinement of component protocols is studied, and a link between protocols refinement and their usability is established. The soundness of the approach is shown.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"250 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116392910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Formal verification of tamper-evident storage for e-voting 电子投票的防篡改存储的正式验证
Dominique Cansell, John Paul Gibson, D. Méry
The storage of votes is a critical component of any voting system. In traditional systems there is a high level of transparency in the mechanisms used to store votes, and thus a reasonable degree of trustworthiness in the security of the votes in storage. This degree of transparency is much more difficult to attain in electronic voting systems, and so the specific mechanisms put in place to ensure the security of stored votes require much stronger verification in order for them to be trusted by the public. There are many desirable properties that one could reasonably expect a vote store to exhibit. From the point of view of security, we argue that tamper-evident storage is one of the most important requirements: the changing, or deletion of already validated and stored votes should be detectable; as should the addition of unauthorised votes after the election is concluded. We propose the application of formal methods (in this paper, event- B) for guaranteeing, through construction, the correctness of a vote store with respect to the requirement for tamper- evident storage. We illustrate the utility of our refinement- based approach by verifying - through the application of a reusable formal design pattern - a store design that uses a specific PROM technology and applies a specific encoding mechanism.
选票的存储是任何投票系统的关键组成部分。在传统的系统中,用于存储选票的机制具有高度的透明度,因此存储中的选票的安全性具有合理的可信度。在电子投票系统中,要达到这种程度的透明度要困难得多,因此,为确保存储选票的安全而建立的具体机制需要更强有力的核查,以便公众信任它们。人们可以合理地期望投票存储展示许多理想的属性。从安全的角度来看,我们认为防篡改存储是最重要的要求之一:更改或删除已经验证和存储的选票应该是可检测的;在选举结束后增加未经授权的选票也应如此。我们提出应用形式化方法(在本文中,event- B),通过构造来保证投票存储相对于防篡改存储的要求的正确性。我们通过一个可重用的正式设计模式的应用验证了一个使用特定PROM技术并应用特定编码机制的存储设计,从而说明了我们基于细化的方法的实用性。
{"title":"Formal verification of tamper-evident storage for e-voting","authors":"Dominique Cansell, John Paul Gibson, D. Méry","doi":"10.1109/SEFM.2007.21","DOIUrl":"https://doi.org/10.1109/SEFM.2007.21","url":null,"abstract":"The storage of votes is a critical component of any voting system. In traditional systems there is a high level of transparency in the mechanisms used to store votes, and thus a reasonable degree of trustworthiness in the security of the votes in storage. This degree of transparency is much more difficult to attain in electronic voting systems, and so the specific mechanisms put in place to ensure the security of stored votes require much stronger verification in order for them to be trusted by the public. There are many desirable properties that one could reasonably expect a vote store to exhibit. From the point of view of security, we argue that tamper-evident storage is one of the most important requirements: the changing, or deletion of already validated and stored votes should be detectable; as should the addition of unauthorised votes after the election is concluded. We propose the application of formal methods (in this paper, event- B) for guaranteeing, through construction, the correctness of a vote store with respect to the requirement for tamper- evident storage. We illustrate the utility of our refinement- based approach by verifying - through the application of a reusable formal design pattern - a store design that uses a specific PROM technology and applies a specific encoding mechanism.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124740769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
A Thread-tag Based Semantics for Sequence Diagrams 基于线程标记的序列图语义
Haitao Dan, R. Hierons, S. Counsell
The sequence diagram is one of the most popular behaviour modelling languages which offers an intuitive and visual way of describing expected behaviour of object-oriented software. Much research work has investigated ways of providing a formal semantics for sequence diagrams. However, these proposed semantics may not properly interpret sequence diagrams when lifelines do not correspond to threads of controls. In this paper, we address this problem and propose a thread-tag based sequence diagram as a solution. A formal, partially ordered multiset based semantics for the thread-tag based sequence diagrams is proposed.
序列图是最流行的行为建模语言之一,它提供了一种直观、可视化的方式来描述面向对象软件的预期行为。许多研究工作已经探讨了为序列图提供形式化语义的方法。然而,当生命线不对应于控件的线程时,这些建议的语义可能不能正确地解释序列图。在本文中,我们解决了这个问题,并提出了一个基于线程标签的序列图作为解决方案。针对基于线程标签的序列图,提出了一种形式化的、部分有序的多集语义。
{"title":"A Thread-tag Based Semantics for Sequence Diagrams","authors":"Haitao Dan, R. Hierons, S. Counsell","doi":"10.1109/SEFM.2007.3","DOIUrl":"https://doi.org/10.1109/SEFM.2007.3","url":null,"abstract":"The sequence diagram is one of the most popular behaviour modelling languages which offers an intuitive and visual way of describing expected behaviour of object-oriented software. Much research work has investigated ways of providing a formal semantics for sequence diagrams. However, these proposed semantics may not properly interpret sequence diagrams when lifelines do not correspond to threads of controls. In this paper, we address this problem and propose a thread-tag based sequence diagram as a solution. A formal, partially ordered multiset based semantics for the thread-tag based sequence diagrams is proposed.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130082091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
期刊
Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1