There is a mismatch between the data format used in implementations of security protocols and the data types used in formal verification of security protocols. We present a verified encoding scheme for data used in security protocols, which links the abstract data types of the formal world to a byte format usable in implementations. The encoding is inspired by the ASN1 encoding scheme. The encoding is implemented in Java and the implementation is proven to be correct against a formal specification. The implementation can be used as a reusable reference library in security protocol implementations. The benefit is a separation of concerns: The protocol can be verified on an abstract level. The mapping to bytes is automatically correct by linking the library. Additionally the encoding is a challenging Java verification case study in its own.
{"title":"ASN1-light: A Verified Message Encoding for Security Protocols","authors":"H. Grandy, Robert Bertossi, K. Stenzel, W. Reif","doi":"10.1109/SEFM.2007.8","DOIUrl":"https://doi.org/10.1109/SEFM.2007.8","url":null,"abstract":"There is a mismatch between the data format used in implementations of security protocols and the data types used in formal verification of security protocols. We present a verified encoding scheme for data used in security protocols, which links the abstract data types of the formal world to a byte format usable in implementations. The encoding is inspired by the ASN1 encoding scheme. The encoding is implemented in Java and the implementation is proven to be correct against a formal specification. The implementation can be used as a reusable reference library in security protocol implementations. The benefit is a separation of concerns: The protocol can be verified on an abstract level. The mapping to bytes is automatically correct by linking the library. Additionally the encoding is a challenging Java verification case study in its own.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130472894","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Reuse of software entities such as components or web services raise composition issues since, most of the time, they present mismatching behavioural interfaces. Here, we particularly focus on systems for which the number of transactions is unbounded, and unknown in advance. This is typical in pervasive systems where a new client may show up at any moment to request or access a specific service. Hence, we advocate for the use of the pi-calculus to specify component interfaces. The pi-calculus is particularly suitable for creating new component instances and channels dynamically. The unbounded number of transactions and the use of the pi-calculus obliges to apply the composition at run-time. In this paper, we propose a run-time composition engine that solves existing mismatches.
{"title":"Run-time Composition and Adaptation of Mismatching Behavioural Transactions","authors":"J. Cámara, Gwen Salaün, C. Canal","doi":"10.1109/SEFM.2007.35","DOIUrl":"https://doi.org/10.1109/SEFM.2007.35","url":null,"abstract":"Reuse of software entities such as components or web services raise composition issues since, most of the time, they present mismatching behavioural interfaces. Here, we particularly focus on systems for which the number of transactions is unbounded, and unknown in advance. This is typical in pervasive systems where a new client may show up at any moment to request or access a specific service. Hence, we advocate for the use of the pi-calculus to specify component interfaces. The pi-calculus is particularly suitable for creating new component instances and channels dynamically. The unbounded number of transactions and the use of the pi-calculus obliges to apply the composition at run-time. In this paper, we propose a run-time composition engine that solves existing mismatches.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116894930","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we present an approach aiming at full junctional deductive verification of concurrent Java programs, based on symbolic execution. We define a dynamic logic and a deductive verification calculus for a restricted fragment of Java with native concurrency primitives. Even though we cannot yet deal with non-atomic loops, employing the technique of symmetry reduction allows us to verify unbounded systems. The calculus has been implemented within the KeY system, and we demonstrate it by verifying a central method of the StringBuffer class from the Java standard library.
{"title":"A Dynamic Logic for Deductive Verification of Concurrent Programs","authors":"Bernhard Beckert, V. Klebanov","doi":"10.1109/SEFM.2007.1","DOIUrl":"https://doi.org/10.1109/SEFM.2007.1","url":null,"abstract":"In this paper, we present an approach aiming at full junctional deductive verification of concurrent Java programs, based on symbolic execution. We define a dynamic logic and a deductive verification calculus for a restricted fragment of Java with native concurrency primitives. Even though we cannot yet deal with non-atomic loops, employing the technique of symmetry reduction allows us to verify unbounded systems. The calculus has been implemented within the KeY system, and we demonstrate it by verifying a central method of the StringBuffer class from the Java standard library.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133097159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Reactive integrated development environments for software engineering have lead to an increase in productivity and quality of programs produced. They have done so by replacing the traditional sequential compile, test, debug development cycle with a more integrated and reactive development environment where these tools are run automatically in the background, giving the engineer instant feedback on his most recent change. The RODIN platform provides a similar reactive development environment for formal modeling and proof. Using this reactive approach places new challenges on the proof tool used. Since proof obligations are in a constant state of change, proofs in the system must be represented and managed to be resilient to these changes. This paper presents a solution to this problem that represents proof attempts in a way that makes them resilient to change and amenable to reuse.
{"title":"Supporting Proof in a Reactive Development Environment","authors":"Farhad Mehta","doi":"10.1109/SEFM.2007.40","DOIUrl":"https://doi.org/10.1109/SEFM.2007.40","url":null,"abstract":"Reactive integrated development environments for software engineering have lead to an increase in productivity and quality of programs produced. They have done so by replacing the traditional sequential compile, test, debug development cycle with a more integrated and reactive development environment where these tools are run automatically in the background, giving the engineer instant feedback on his most recent change. The RODIN platform provides a similar reactive development environment for formal modeling and proof. Using this reactive approach places new challenges on the proof tool used. Since proof obligations are in a constant state of change, proofs in the system must be represented and managed to be resilient to these changes. This paper presents a solution to this problem that represents proof attempts in a way that makes them resilient to change and amenable to reuse.","PeriodicalId":212544,"journal":{"name":"Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134551318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}