Stéphane Louise, Matthieu Lemerre, Christophe Aussaguès, V. David
This paper presents the design and some aspects of implementation of a highly dependable, safety-oriented kernel for real-time applications. It is specifically designed as an execution facility for a deterministic semi-formal model -- the OASIS model -- which allows to express and verify temporal behaviors and communications of a safety critical real-time application. This paper shows specifically how, from a formalism, and a Domain Specific Language, we achieved to build a generic execution layer that conforms to the highest levels of safety, how the safety is implemented thank to the interaction between the kernel and the compilation tools, and how performance was optimized within these constraints.
{"title":"The OASIS Kernel: A Framework for High Dependability Real-Time Systems","authors":"Stéphane Louise, Matthieu Lemerre, Christophe Aussaguès, V. David","doi":"10.1109/HASE.2011.38","DOIUrl":"https://doi.org/10.1109/HASE.2011.38","url":null,"abstract":"This paper presents the design and some aspects of implementation of a highly dependable, safety-oriented kernel for real-time applications. It is specifically designed as an execution facility for a deterministic semi-formal model -- the OASIS model -- which allows to express and verify temporal behaviors and communications of a safety critical real-time application. This paper shows specifically how, from a formalism, and a Domain Specific Language, we achieved to build a generic execution layer that conforms to the highest levels of safety, how the safety is implemented thank to the interaction between the kernel and the compilation tools, and how performance was optimized within these constraints.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124918015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper deals with the problem of the usage of formal techniques, based on model checking, where models are large and formal verification techniques face the combinatorial explosion issue. The goal of the approach is to express and verify requirements relative to certain context situations. The idea is to unroll the context into several scenarios and successively compose each scenario with the system and verify the resulting composition. We propose to specify the context in which the behavior occurs using a language called CDL ({em Context Description Language}), based on activity and message sequence diagrams. The properties to be verified are specified with textual patterns and attached to specific regions in the context. This article shows how this combinatorial explosion could be reduced by specifying the environment of the system to be validated. Our contribution is illustrated on an industrial embedded system.
{"title":"Reducing State Explosion with Context Modeling for Model-Checking","authors":"P. Dhaussy, Jean-Charles Roger, F. Boniol","doi":"10.1109/HASE.2011.24","DOIUrl":"https://doi.org/10.1109/HASE.2011.24","url":null,"abstract":"This paper deals with the problem of the usage of formal techniques, based on model checking, where models are large and formal verification techniques face the combinatorial explosion issue. The goal of the approach is to express and verify requirements relative to certain context situations. The idea is to unroll the context into several scenarios and successively compose each scenario with the system and verify the resulting composition. We propose to specify the context in which the behavior occurs using a language called CDL ({em Context Description Language}), based on activity and message sequence diagrams. The properties to be verified are specified with textual patterns and attached to specific regions in the context. This article shows how this combinatorial explosion could be reduced by specifying the environment of the system to be validated. Our contribution is illustrated on an industrial embedded system.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125828264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Debugging is a time-consuming activity. To help in debugging, many approaches have been proposed to pinpoint the location of errors given labeled failures and correct executions. While such approaches have been shown to be accurate, at times the location alone is not sufficient in helping programmers understand why the bug happens and how to fix it. Furthermore, a single location might not be powerful enough to discriminate failures from correct executions. To address the above challenges, there have been recent studies on extracting bug signatures which are composed of multiple locations appearing together in a particular order signifying an occurrence of a bug. The latest study on bug signatures by Cheng et al. models program executions as graphs. Two sets of graphs corresponding to failures and correct executions are then contrasted to extract the most discriminative connected sub graphs serving as bug signatures. However, there are two limitations: (1) returned signatures might not be minimal and (2) they can only capture localized bug context. In this work, we develop a signature minimization technique to capture minimal discriminative signatures. Also, we propose a technique of signature fusion to fuse disconnected sub graphs so that our method can capture bug contexts spanning multiple locations. Experimental study on Siemens and Space dataset shows the effectiveness of the proposed bug signature minimization and fusion techniques. Comparing with the state-of-the-art bug signature mining technique, we reduce the number of bugs missed by up to 57.7%, and reduce the average number of nodes traversed by up to 85.6%.
{"title":"Bug Signature Minimization and Fusion","authors":"D. Lo, Hong Cheng, Xiaoyin Wang","doi":"10.1109/HASE.2011.36","DOIUrl":"https://doi.org/10.1109/HASE.2011.36","url":null,"abstract":"Debugging is a time-consuming activity. To help in debugging, many approaches have been proposed to pinpoint the location of errors given labeled failures and correct executions. While such approaches have been shown to be accurate, at times the location alone is not sufficient in helping programmers understand why the bug happens and how to fix it. Furthermore, a single location might not be powerful enough to discriminate failures from correct executions. To address the above challenges, there have been recent studies on extracting bug signatures which are composed of multiple locations appearing together in a particular order signifying an occurrence of a bug. The latest study on bug signatures by Cheng et al. models program executions as graphs. Two sets of graphs corresponding to failures and correct executions are then contrasted to extract the most discriminative connected sub graphs serving as bug signatures. However, there are two limitations: (1) returned signatures might not be minimal and (2) they can only capture localized bug context. In this work, we develop a signature minimization technique to capture minimal discriminative signatures. Also, we propose a technique of signature fusion to fuse disconnected sub graphs so that our method can capture bug contexts spanning multiple locations. Experimental study on Siemens and Space dataset shows the effectiveness of the proposed bug signature minimization and fusion techniques. Comparing with the state-of-the-art bug signature mining technique, we reduce the number of bugs missed by up to 57.7%, and reduce the average number of nodes traversed by up to 85.6%.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125642593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Component-based software systems consist of various components, such as third-party components and in-house built components. Component changes frequently occur in software maintenance, which refers to regression testing. When changes made to a component, the component could be affected, moreover, the changes could bring impacts on the entire system. Related existing research did not address the issue of systematic regression testing of component-based software, especially at system level. This paper proposes a systematic regression testing method from components to system, including analysis of change, impact and test suite refreshment. The paper also reports a case study based on a realistic component-based software system using a state-based testing practice, which shows that the approach is feasible and effective.
{"title":"Regression Testing of Component-Based Software: A Systematic Practise Based on State Testing","authors":"Chuanqi Tao, Bixin Li, J. Gao","doi":"10.1109/HASE.2011.40","DOIUrl":"https://doi.org/10.1109/HASE.2011.40","url":null,"abstract":"Component-based software systems consist of various components, such as third-party components and in-house built components. Component changes frequently occur in software maintenance, which refers to regression testing. When changes made to a component, the component could be affected, moreover, the changes could bring impacts on the entire system. Related existing research did not address the issue of systematic regression testing of component-based software, especially at system level. This paper proposes a systematic regression testing method from components to system, including analysis of change, impact and test suite refreshment. The paper also reports a case study based on a realistic component-based software system using a state-based testing practice, which shows that the approach is feasible and effective.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115564805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
I. Lopatkin, A. Iliasov, A. Romanovsky, Y. Prokhorova, E. Troubitsyna
Failure Modes and Effects analysis (FMEA) is a widely used technique for inductive safety analysis. FMEA provides engineers with valuable information about failure modes of system components as well as procedures for error detection and recovery. In this paper we propose an approach that facilitates representation of FMEA results in formal Event-B specifications of control systems. We define a umber of patterns for representing requirements derived from FMEA in formal system model specified in Event-B. The patterns help the developers to trace the requirements from safety analysis to formal specification. Moreover, they allow them to increase automation of formal system development by refinement. Our approach is illustrated by an example - a sluice control system.
{"title":"Patterns for Representing FMEA in Formal Specification of Control Systems","authors":"I. Lopatkin, A. Iliasov, A. Romanovsky, Y. Prokhorova, E. Troubitsyna","doi":"10.1109/HASE.2011.10","DOIUrl":"https://doi.org/10.1109/HASE.2011.10","url":null,"abstract":"Failure Modes and Effects analysis (FMEA) is a widely used technique for inductive safety analysis. FMEA provides engineers with valuable information about failure modes of system components as well as procedures for error detection and recovery. In this paper we propose an approach that facilitates representation of FMEA results in formal Event-B specifications of control systems. We define a umber of patterns for representing requirements derived from FMEA in formal system model specified in Event-B. The patterns help the developers to trace the requirements from safety analysis to formal specification. Moreover, they allow them to increase automation of formal system development by refinement. Our approach is illustrated by an example - a sluice control system.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124293716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rui Yang, Zhenyu Chen, Baowen Xu, W. E. Wong, Jie Zhang
A typical approach utilized for automated test case generation is to create a model of the implementation under test. Extended Finite State Machine (EFSM) is among the most popular models for model-based testing. However, automated test case generation on EFSM models is still a challenge task as a result of the fact that an EFSM model may contain infeasible paths. In this article we present a novel approach that combines static analysis and dynamic analysis techniques to address the problems of path infeasibility in the process of test case generation on EFSM models. A metric is presented for the purpose of finding a path subset that has few paths, long path length and goodness feasibility to meet adequacy coverage criteria. In addition, we develop an executable model to obtain run-time information feedback and introduce the Scatter Search into test case generation. Based on the executable model, the expected outputs associated with test data are also collected for construction of test oracles automatically. The experimental results show that our approach has good effectiveness for test case generation on EFSM models, and the method that combines static analysis and dynamic analysis can speed up the process of test case generation greatly.
{"title":"Improve the Effectiveness of Test Case Generation on EFSM via Automatic Path Feasibility Analysis","authors":"Rui Yang, Zhenyu Chen, Baowen Xu, W. E. Wong, Jie Zhang","doi":"10.1109/HASE.2011.12","DOIUrl":"https://doi.org/10.1109/HASE.2011.12","url":null,"abstract":"A typical approach utilized for automated test case generation is to create a model of the implementation under test. Extended Finite State Machine (EFSM) is among the most popular models for model-based testing. However, automated test case generation on EFSM models is still a challenge task as a result of the fact that an EFSM model may contain infeasible paths. In this article we present a novel approach that combines static analysis and dynamic analysis techniques to address the problems of path infeasibility in the process of test case generation on EFSM models. A metric is presented for the purpose of finding a path subset that has few paths, long path length and goodness feasibility to meet adequacy coverage criteria. In addition, we develop an executable model to obtain run-time information feedback and introduce the Scatter Search into test case generation. Based on the executable model, the expected outputs associated with test data are also collected for construction of test oracles automatically. The experimental results show that our approach has good effectiveness for test case generation on EFSM models, and the method that combines static analysis and dynamic analysis can speed up the process of test case generation greatly.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116948080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. Rodrigues, D. F. Pigatto, J. C. Estrella, K. Branco
In this paper is shown an evaluation and comparison of techniques that allow the validation of the Web services used, to determine characteristics related to performance and security. In this sense, it is crucial evaluate the cryptography and digital signature performance in SOAP messages, performing the change of cryptographic algorithms, as well as the keys length. Security at the message-level was provided using WSSecurity. The results obtained allow to determine the impact of security mechanisms used in this type of applications.
{"title":"Comparison and Analysis of Cryptographic Algorithms Aiming Performance Improvement in Secure Web Services","authors":"D. Rodrigues, D. F. Pigatto, J. C. Estrella, K. Branco","doi":"10.1109/HASE.2011.69","DOIUrl":"https://doi.org/10.1109/HASE.2011.69","url":null,"abstract":"In this paper is shown an evaluation and comparison of techniques that allow the validation of the Web services used, to determine characteristics related to performance and security. In this sense, it is crucial evaluate the cryptography and digital signature performance in SOAP messages, performing the change of cryptographic algorithms, as well as the keys length. Security at the message-level was provided using WSSecurity. The results obtained allow to determine the impact of security mechanisms used in this type of applications.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117323555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Service high availability is becoming a must in various domains. Services provided by applications originally not designed for high availability can be rendered highly available by integrating them with a middleware compliant to the SAForum specification. Such a middleware offers a number of configuration options. The assessment of service availability at the design of the system configuration facilitates the selection of a system configuration, which is optimal with respect to specific priorities. In this paper we present a case study of turning a legacy video streaming application into a highly available one. We present our methodology, and then we analyze the availability we can expect from the application in various configurations and settings.
{"title":"Integrating Legacy Applications for High Availability: A Case Study","authors":"A. Kanso, F. Khendek, A. Mishra, M. Toeroe","doi":"10.1109/HASE.2011.39","DOIUrl":"https://doi.org/10.1109/HASE.2011.39","url":null,"abstract":"Service high availability is becoming a must in various domains. Services provided by applications originally not designed for high availability can be rendered highly available by integrating them with a middleware compliant to the SAForum specification. Such a middleware offers a number of configuration options. The assessment of service availability at the design of the system configuration facilitates the selection of a system configuration, which is optimal with respect to specific priorities. In this paper we present a case study of turning a legacy video streaming application into a highly available one. We present our methodology, and then we analyze the availability we can expect from the application in various configurations and settings.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126539280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Many fault-tolerant systems organize the replicas of an application process as a process group. The Leader-Determined Membership Protocol determines a new membership for the process group, when a member becomes faulty, a member leaves the group, or a new member joins the group. If the primary becomes faulty, the protocol selects a new primary deterministically, based on the precedences and the ranks of the backups. The new primary determines which processes are members of the new membership, and communicates that information to the backups. The protocol maintains a consistent view of the membership, so that the members see the same primary, the same set of members, and the same primary view number. It also ensures consistency of the states of the members, and consistency with other processes with which the members communicate. By avoiding the use of a multiple-round majority-based consensus algorithm, the Leader-Determined Membership Protocol achieves better performance than other membership protocols, and can operate with the primary and only a single backup.
{"title":"Leader-Determined Membership Protocol","authors":"Wenbing Zhao, P. Melliar-Smith, L. Moser","doi":"10.1109/HASE.2011.14","DOIUrl":"https://doi.org/10.1109/HASE.2011.14","url":null,"abstract":"Many fault-tolerant systems organize the replicas of an application process as a process group. The Leader-Determined Membership Protocol determines a new membership for the process group, when a member becomes faulty, a member leaves the group, or a new member joins the group. If the primary becomes faulty, the protocol selects a new primary deterministically, based on the precedences and the ranks of the backups. The new primary determines which processes are members of the new membership, and communicates that information to the backups. The protocol maintains a consistent view of the membership, so that the members see the same primary, the same set of members, and the same primary view number. It also ensures consistency of the states of the members, and consistency with other processes with which the members communicate. By avoiding the use of a multiple-round majority-based consensus algorithm, the Leader-Determined Membership Protocol achieves better performance than other membership protocols, and can operate with the primary and only a single backup.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125134270","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An architecture for dynamic security monitoring and enforcement for client software running in virtualized environments is presented. Virtualization is heavily used in cloud computing in order to allow a proper trade-off between isolation and resource usage. In this new architecture, monitoring mechanisms check a set of policy-defined conditions at runtime in order to detect threats or anomalous behaviour. On the other hand, enforcement is achievable by using secure software execution methods that comply with the defined policies. The presented architecture allows for context adaptation of the defined policies by using a new event-sequence language. This renders the automatic policy runtime enforcement as a crucial component to achieve proper security in virtualized platforms for cloud computing.
{"title":"Multi-layer Monitoring for Cloud Computing","authors":"Javier González, A. Muñoz, A. Maña","doi":"10.1109/HASE.2011.65","DOIUrl":"https://doi.org/10.1109/HASE.2011.65","url":null,"abstract":"An architecture for dynamic security monitoring and enforcement for client software running in virtualized environments is presented. Virtualization is heavily used in cloud computing in order to allow a proper trade-off between isolation and resource usage. In this new architecture, monitoring mechanisms check a set of policy-defined conditions at runtime in order to detect threats or anomalous behaviour. On the other hand, enforcement is achievable by using secure software execution methods that comply with the defined policies. The presented architecture allows for context adaptation of the defined policies by using a new event-sequence language. This renders the automatic policy runtime enforcement as a crucial component to achieve proper security in virtualized platforms for cloud computing.","PeriodicalId":403140,"journal":{"name":"2011 IEEE 13th International Symposium on High-Assurance Systems Engineering","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131780982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: