F. Asplund, Martin Törngren, R. Hawkins, J. Mcdermid
Multi-View Modelling Integration Frameworks (MVMIFs) may help mitigate complexity associated with the development of CPS, but may also have implications on safety. Safety-related standards do not provide guidance to mitigate this problem. We therefore suggest that MVMIFs are extended with a confidence view to support the creation of an assurance case that covers issues related to risks in the support environment.
{"title":"The Need for a Confidence View of CPS Support Environments (Fast Abstract)","authors":"F. Asplund, Martin Törngren, R. Hawkins, J. Mcdermid","doi":"10.1109/HASE.2015.14","DOIUrl":"https://doi.org/10.1109/HASE.2015.14","url":null,"abstract":"Multi-View Modelling Integration Frameworks (MVMIFs) may help mitigate complexity associated with the development of CPS, but may also have implications on safety. Safety-related standards do not provide guidance to mitigate this problem. We therefore suggest that MVMIFs are extended with a confidence view to support the creation of an assurance case that covers issues related to risks in the support environment.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"1099 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122911724","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As a dynamic memory virtualization technique, ballooning is widely applied in many virtualization platforms, i.e. Xen and VMware ESX Server. Since ballooning technology enables the guest OS to surrender unused memory back to the host during runtime, and it can increase utilization and flexibility of memory. Despite the rapid development and extensive use of memory virtualization technologies, it is still a challenge to analyze and verify its validity and some major properties through formal methods. In this paper, we model the ballooning under Xen architecture including Xen hyper visor, a set of virtual machines and balloon drivers using the process algebra Communication Sequential Process (CSP) in order to verify some resource control properties of ballooning. The model is implemented with Process Analysis Toolkit (PAT). As a result, the ballooning used in Xen architecture satisfies these major resource control properties in VM requirement document.
{"title":"Modeling and Verifying the Ballooning in Xen with CSP","authors":"Luyao Wang, Fengwei Sui, Yanhong Huang, Huibiao Zhu","doi":"10.1109/HASE.2015.12","DOIUrl":"https://doi.org/10.1109/HASE.2015.12","url":null,"abstract":"As a dynamic memory virtualization technique, ballooning is widely applied in many virtualization platforms, i.e. Xen and VMware ESX Server. Since ballooning technology enables the guest OS to surrender unused memory back to the host during runtime, and it can increase utilization and flexibility of memory. Despite the rapid development and extensive use of memory virtualization technologies, it is still a challenge to analyze and verify its validity and some major properties through formal methods. In this paper, we model the ballooning under Xen architecture including Xen hyper visor, a set of virtual machines and balloon drivers using the process algebra Communication Sequential Process (CSP) in order to verify some resource control properties of ballooning. The model is implemented with Process Analysis Toolkit (PAT). As a result, the ballooning used in Xen architecture satisfies these major resource control properties in VM requirement document.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125118302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ensuring railway interoperability in Europe implies that the functional specifications have a common understanding by all the stakeholders. One solution to guarantee that point is the formalization of the specification. Under the French project called "PERFECT", we aim to formalize railway specifications and validate various systems in order to determine, using software tools, the compliance between ERTMS and National railway requirements. The big challenge is to provide a user-friendly formalization with verification tools. In this paper, we present our preliminary exploration of the use of Hierarchical Colored Petri Net (HCPN) in modeling ERTMS/ETCS (European Rail Traffic Management System/European Train Control System) functional specifications. The purpose of this contribution is to point the benefits in using HCPNs, which are widely used among railway operators, for understanding the specification and analyzing system safety features. The present work focuses on modeling the functional terms of establishing a communication session between the on-board equipment and the Radio Block Center specified in the System Requirements Specification (SRS).
{"title":"HCPN Modeling for ERTMS Requirements Specification","authors":"Zakaryae Boudi, E. El-Koursi, S. C. Dutilleul","doi":"10.1109/HASE.2015.11","DOIUrl":"https://doi.org/10.1109/HASE.2015.11","url":null,"abstract":"Ensuring railway interoperability in Europe implies that the functional specifications have a common understanding by all the stakeholders. One solution to guarantee that point is the formalization of the specification. Under the French project called \"PERFECT\", we aim to formalize railway specifications and validate various systems in order to determine, using software tools, the compliance between ERTMS and National railway requirements. The big challenge is to provide a user-friendly formalization with verification tools. In this paper, we present our preliminary exploration of the use of Hierarchical Colored Petri Net (HCPN) in modeling ERTMS/ETCS (European Rail Traffic Management System/European Train Control System) functional specifications. The purpose of this contribution is to point the benefits in using HCPNs, which are widely used among railway operators, for understanding the specification and analyzing system safety features. The present work focuses on modeling the functional terms of establishing a communication session between the on-board equipment and the Radio Block Center specified in the System Requirements Specification (SRS).","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115344603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The complexity of formalizing the semantics of Verilog is significant. This presents an impediment when attempting to provide high assurance in the correctness of Verilog synthesis. This paper explores the use of higher-order transformation as a paradigm for implementing a synthesis system for a small subset of Verilog. The resulting system is capable of synthesizing net lists in the Xilinx Net list Format that are suitable for downloading to an FPGA. Transformations realizing the synthesis are based on algebraic laws whose correctness can be justified in terms of the operational semantics of Verilog.
{"title":"Verilog Synthesis in the Higher-Order Transformation Framework of TL","authors":"V. Winter, Shiraz Hussain","doi":"10.1109/HASE.2015.13","DOIUrl":"https://doi.org/10.1109/HASE.2015.13","url":null,"abstract":"The complexity of formalizing the semantics of Verilog is significant. This presents an impediment when attempting to provide high assurance in the correctness of Verilog synthesis. This paper explores the use of higher-order transformation as a paradigm for implementing a synthesis system for a small subset of Verilog. The resulting system is capable of synthesizing net lists in the Xilinx Net list Format that are suitable for downloading to an FPGA. Transformations realizing the synthesis are based on algebraic laws whose correctness can be justified in terms of the operational semantics of Verilog.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128537677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper addresses the challenge of big data security by exploiting signal processing theories. We propose a new big data privacy protocol that scrambles data via artificial noise and secret transform matrices. The utility of the scrambled data is maintained, as demonstrated by a cyber-physical system application. We further outline the proof of the proposed protocol's privacy by considering the limitations of blind source separation and compressive sensing.
{"title":"Signal Processing Oriented Approach for Big Data Privacy","authors":"Xiaohua Li, Thomas T. Yang","doi":"10.1109/HASE.2015.23","DOIUrl":"https://doi.org/10.1109/HASE.2015.23","url":null,"abstract":"This paper addresses the challenge of big data security by exploiting signal processing theories. We propose a new big data privacy protocol that scrambles data via artificial noise and secret transform matrices. The utility of the scrambled data is maintained, as demonstrated by a cyber-physical system application. We further outline the proof of the proposed protocol's privacy by considering the limitations of blind source separation and compressive sensing.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133985807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The use of contracts to enhance the maintainability of safety-critical systems has received a significant amount of research effort in recent years. However some key issues have been identified: the difficulty in dealing with the wide range of properties of systems and deriving contracts to capture those properties, and the challenge of dealing with the inevitable incompleteness of the contracts. In this paper, we explore how the derivation of contracts can be performed based on the results of failure analysis. We use the concept of safety kernels to alleviate the issues. Firstly the safety kernel means that the properties of the system that we may wish to manage can be dealt with at a more abstract level, reducing the challenges of representation and completeness of the "safety" contracts. Secondly the set of safety contracts is reduced so it is possible to reason about their satisfaction in a more rigorous manner.
{"title":"Deriving Safety Contracts to Support Architecture Design of Safety Critical Systems","authors":"Irfan Šljivo, Omar Jaradat, I. Bate, P. Graydon","doi":"10.1109/HASE.2015.27","DOIUrl":"https://doi.org/10.1109/HASE.2015.27","url":null,"abstract":"The use of contracts to enhance the maintainability of safety-critical systems has received a significant amount of research effort in recent years. However some key issues have been identified: the difficulty in dealing with the wide range of properties of systems and deriving contracts to capture those properties, and the challenge of dealing with the inevitable incompleteness of the contracts. In this paper, we explore how the derivation of contracts can be performed based on the results of failure analysis. We use the concept of safety kernels to alleviate the issues. Firstly the safety kernel means that the properties of the system that we may wish to manage can be dealt with at a more abstract level, reducing the challenges of representation and completeness of the \"safety\" contracts. Secondly the set of safety contracts is reduced so it is possible to reason about their satisfaction in a more rigorous manner.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"944 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116432317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
K. Morris, Peter J. Clarke, Xudong He, F. Costa, M. Allison
The direct runtime interpretation and execution of domain-specific models through the use of a Domain Specific Virtual Machine (DSVM) is an area of emerging relevance in the model-driven engineering community. This is due in part to the increased efficiency and decreased complexity achieved through specialization of the architecture in disparate domains. An approach to the design of a DSVM is to include a middleware that is responsible for the delivery and management of domain-specific services. It is the job of this middleware to help realize user intent through the execution of received commands while ensuring adherence to system policies based on changing environmental context. To provide assurance of functionality, the DSVM middleware must be policy and context-aware and facilitate variability in its operations. It achieves this variability by dynamically generating behavioral models for execution in response to commands. The dynamic generation of models poses the challenge of ensuring their correctness at runtime. To guarantee the correctness of generated models, we adopted model validation techniques to ensure policy compliance and employed the Alloy Analyzer in our prototype to demonstrate the efficacy of this approach. This granted us use of the Alloy specification language, which, by utilizing first-order logic, enhanced our model validation process by allowing more expressive policies. We demonstrate the increased capabilities and assurance realized by this approach through a case study with a DSVM middleware instance for the communication domain.
{"title":"A Method for Validating Intent Model Behavior in DSVMs","authors":"K. Morris, Peter J. Clarke, Xudong He, F. Costa, M. Allison","doi":"10.1109/HASE.2015.43","DOIUrl":"https://doi.org/10.1109/HASE.2015.43","url":null,"abstract":"The direct runtime interpretation and execution of domain-specific models through the use of a Domain Specific Virtual Machine (DSVM) is an area of emerging relevance in the model-driven engineering community. This is due in part to the increased efficiency and decreased complexity achieved through specialization of the architecture in disparate domains. An approach to the design of a DSVM is to include a middleware that is responsible for the delivery and management of domain-specific services. It is the job of this middleware to help realize user intent through the execution of received commands while ensuring adherence to system policies based on changing environmental context. To provide assurance of functionality, the DSVM middleware must be policy and context-aware and facilitate variability in its operations. It achieves this variability by dynamically generating behavioral models for execution in response to commands. The dynamic generation of models poses the challenge of ensuring their correctness at runtime. To guarantee the correctness of generated models, we adopted model validation techniques to ensure policy compliance and employed the Alloy Analyzer in our prototype to demonstrate the efficacy of this approach. This granted us use of the Alloy specification language, which, by utilizing first-order logic, enhanced our model validation process by allowing more expressive policies. We demonstrate the increased capabilities and assurance realized by this approach through a case study with a DSVM middleware instance for the communication domain.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127202471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xianjin Fu, Zhenbang Chen, Yufeng Zhang, Chun Huang, Wei Dong, J. Wang
Message Passing Interfaces (MPI) plays an important role in parallel computing. Many parallel applications are implemented as MPI programs. The existing methods of bug detection for MPI programs have the shortage of providing both input and non-determinism coverage, leading to missed bugs. In this paper, we employ symbolic execution to ensure the input coverage, and propose an on-the-fly schedule algorithm to reduce the interleaving explorations for non-determinism coverage, while ensuring the soundness and completeness. We have implemented our approach as a tool, called MPISE, which can automatically detect the deadlock and runtime bugs in MPI programs. The results of the experiments on benchmark programs and real world MPI programs indicate that MPISE finds bugs effectively and efficiently. In addition, our tool also provides diagnostic information and replay mechanism to help understand bugs.
{"title":"MPISE: Symbolic Execution of MPI Programs","authors":"Xianjin Fu, Zhenbang Chen, Yufeng Zhang, Chun Huang, Wei Dong, J. Wang","doi":"10.1109/HASE.2015.35","DOIUrl":"https://doi.org/10.1109/HASE.2015.35","url":null,"abstract":"Message Passing Interfaces (MPI) plays an important role in parallel computing. Many parallel applications are implemented as MPI programs. The existing methods of bug detection for MPI programs have the shortage of providing both input and non-determinism coverage, leading to missed bugs. In this paper, we employ symbolic execution to ensure the input coverage, and propose an on-the-fly schedule algorithm to reduce the interleaving explorations for non-determinism coverage, while ensuring the soundness and completeness. We have implemented our approach as a tool, called MPISE, which can automatically detect the deadlock and runtime bugs in MPI programs. The results of the experiments on benchmark programs and real world MPI programs indicate that MPISE finds bugs effectively and efficiently. In addition, our tool also provides diagnostic information and replay mechanism to help understand bugs.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115686543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: