B. Aichernig, B. Peischl, Martin Weiglhofer, F. Wotawa
Various research prototypes and a well-founded theory of model based testing (MBT) suggests the application of MBT to real-world problems. In this article we report on applying the well-known TGV tool for protocol conformance testing of a Session Initiation Protocol (SIP) server. Particularly, we discuss the performed abstractions along with corresponding rationales. Furthermore, we show how to use structural and fault-based techniques for test purpose design. We present first empirical results obtained from applying our test cases to a commercial implementation and to a popular open source implementation of a SIP Registrar. Notably, in both implementations our input output labeled transition system model proved successful in revealing severe violations of the protocol.
{"title":"Protocol Conformance Testing a SIP Registrar: an Industrial Application of Formal Methods","authors":"B. Aichernig, B. Peischl, Martin Weiglhofer, F. Wotawa","doi":"10.1109/SEFM.2007.31","DOIUrl":"https://doi.org/10.1109/SEFM.2007.31","url":null,"abstract":"Various research prototypes and a well-founded theory of model based testing (MBT) suggests the application of MBT to real-world problems. In this article we report on applying the well-known TGV tool for protocol conformance testing of a Session Initiation Protocol (SIP) server. Particularly, we discuss the performed abstractions along with corresponding rationales. Furthermore, we show how to use structural and fault-based techniques for test purpose design. We present first empirical results obtained from applying our test cases to a commercial implementation and to a popular open source implementation of a SIP Registrar. Notably, in both implementations our input output labeled transition system model proved successful in revealing severe violations of the protocol.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"15 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131800980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
There is a mismatch between the data format used in implementations of security protocols and the data types used in formal verification of security protocols. We present a verified encoding scheme for data used in security protocols, which links the abstract data types of the formal world to a byte format usable in implementations. The encoding is inspired by the ASN1 encoding scheme. The encoding is implemented in Java and the implementation is proven to be correct against a formal specification. The implementation can be used as a reusable reference library in security protocol implementations. The benefit is a separation of concerns: The protocol can be verified on an abstract level. The mapping to bytes is automatically correct by linking the library. Additionally the encoding is a challenging Java verification case study in its own.
{"title":"ASN1-light: A Verified Message Encoding for Security Protocols","authors":"H. Grandy, Robert Bertossi, K. Stenzel, W. Reif","doi":"10.1109/SEFM.2007.8","DOIUrl":"https://doi.org/10.1109/SEFM.2007.8","url":null,"abstract":"There is a mismatch between the data format used in implementations of security protocols and the data types used in formal verification of security protocols. We present a verified encoding scheme for data used in security protocols, which links the abstract data types of the formal world to a byte format usable in implementations. The encoding is inspired by the ASN1 encoding scheme. The encoding is implemented in Java and the implementation is proven to be correct against a formal specification. The implementation can be used as a reusable reference library in security protocol implementations. The benefit is a separation of concerns: The protocol can be verified on an abstract level. The mapping to bytes is automatically correct by linking the library. Additionally the encoding is a challenging Java verification case study in its own.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130472894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Reuse of software entities such as components or web services raise composition issues since, most of the time, they present mismatching behavioural interfaces. Here, we particularly focus on systems for which the number of transactions is unbounded, and unknown in advance. This is typical in pervasive systems where a new client may show up at any moment to request or access a specific service. Hence, we advocate for the use of the pi-calculus to specify component interfaces. The pi-calculus is particularly suitable for creating new component instances and channels dynamically. The unbounded number of transactions and the use of the pi-calculus obliges to apply the composition at run-time. In this paper, we propose a run-time composition engine that solves existing mismatches.
{"title":"Run-time Composition and Adaptation of Mismatching Behavioural Transactions","authors":"J. Cámara, Gwen Salaün, C. Canal","doi":"10.1109/SEFM.2007.35","DOIUrl":"https://doi.org/10.1109/SEFM.2007.35","url":null,"abstract":"Reuse of software entities such as components or web services raise composition issues since, most of the time, they present mismatching behavioural interfaces. Here, we particularly focus on systems for which the number of transactions is unbounded, and unknown in advance. This is typical in pervasive systems where a new client may show up at any moment to request or access a specific service. Hence, we advocate for the use of the pi-calculus to specify component interfaces. The pi-calculus is particularly suitable for creating new component instances and channels dynamically. The unbounded number of transactions and the use of the pi-calculus obliges to apply the composition at run-time. In this paper, we propose a run-time composition engine that solves existing mismatches.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116894930","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we present an approach aiming at full junctional deductive verification of concurrent Java programs, based on symbolic execution. We define a dynamic logic and a deductive verification calculus for a restricted fragment of Java with native concurrency primitives. Even though we cannot yet deal with non-atomic loops, employing the technique of symmetry reduction allows us to verify unbounded systems. The calculus has been implemented within the KeY system, and we demonstrate it by verifying a central method of the StringBuffer class from the Java standard library.
{"title":"A Dynamic Logic for Deductive Verification of Concurrent Programs","authors":"Bernhard Beckert, V. Klebanov","doi":"10.1109/SEFM.2007.1","DOIUrl":"https://doi.org/10.1109/SEFM.2007.1","url":null,"abstract":"In this paper, we present an approach aiming at full junctional deductive verification of concurrent Java programs, based on symbolic execution. We define a dynamic logic and a deductive verification calculus for a restricted fragment of Java with native concurrency primitives. Even though we cannot yet deal with non-atomic loops, employing the technique of symmetry reduction allows us to verify unbounded systems. The calculus has been implemented within the KeY system, and we demonstrate it by verifying a central method of the StringBuffer class from the Java standard library.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133097159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: