Showing papers on "Promela published in 2019"

A novel ECC-based lightweight authentication protocol for internet of things devices

Abstract: In spite of being a promising technology which will make our lives a lot easier we cannot be oblivious to the fact IoT is not safe from online threat and attacks. Thus, along with the growth of IoT we also need to work on its aspects. Taking into account the limited resources that these devices have it is important that the security mechanisms should also be less complex and do not hinder the actual functionality of the device. In this paper, we propose an ECC based lightweight authentication for IoT devices which deploy RFID tags at the physical layer. ECC is a very efficient public key cryptography mechanism as it provides privacy and security with less computation overhead. We also present a security and performance analysis to verify the strength of our proposed approach. We have verified the security and authentication session execution of our protocol using the Promela model and SPIN tool.

Using Threat Analysis Techniques to Guide Formal Verification: A Case Study of Cooperative Awareness Messages

Abstract: Autonomous robotic systems such as Connected and Autonomous Vehicle (CAV) systems are both safety-and security-critical, since a breach in system security may impact safety. Generally, safety and security concerns for such systems are treated separately during the development process. In this paper, we consider an algorithm for sending Cooperative Awareness Messages (CAMs) between vehicles in a CAV system and the use of CAMs in preventing vehicle collisions. We employ threat analysis techniques that are commonly used in the cyber security domain to guide our formal verification. This allows us to focus our formal methods on those security properties that are particularly important and to consider both safety and security in tandem. Our analysis centres on identifying STRIDE security properties and we illustrate how these can be formalised, and subsequently verified, using a combination of formal tools for distinct aspects, namely Promela/SPIN and Dafny.

Formal Analysis and Improvement on Ultralightweight Mutual Authentication Protocols of RFID

Abstract: Ultralightweight mutual authentication protocols (UMAP) of Radio frequency identification (RFID) systems have attracted much attention from researchers. Many studies reveal that most of UMAP suffer malicious attack. To improve security of UMAP, formal analysis is performed with Simple promela interpreter (SPIN). Two typical UMAPs, which are RCIA and RAPP, are selected as our case study. A protocol abstract modeling method is presented to make UMAP can be formalized simply. Using SPIN, verification results show that RCIA and RAPP are both vulnerable against desynchronization attack. A Generalized model of UMAP (G-UMAP) and a general patching scheme are presented for resisting the attack. To validate the patching scheme, formal verification is then performed for the improved protocol. SPIN verification shows that the improved RCIA and RAPP both gain higher security. The above proposed modeling method has great significance for similar UMAP analyzing, and the proposed patching scheme is proved to be practical and reliable.

Applying Model Checking Approach with Floating Point Arithmetic for Verification of Air Collision Avoidance Maneuver Hybrid Model

Abstract: A term Cyber-Physical System (CPS) refers to a mathematically described (specified) real-world process, that combines discrete changes of pre-defined control states (a cyber part) and changes of controllable continuous-time states (a physical part). In this paper, we present a model-checking approach to verification of Cyber-Physical Systems. The primary goal of the paper is to try using SPIN verifier and Promela language to specify and verify a safety property of a CPS for Air Collision Avoidance. The main “obstacle” preventing model checking the CPSs is the absence of a floating-point arithmetic in input languages of model checkers. In this paper, we describe an implementation of a standard floating-point arithmetic in Promela language as well as results of verifying an Air Collusion Avoidance model using this implementation and comparison of our approach with other approaches. Also, we stress an importance of verified standard mathematical functions used in CPSs solutions.

A method to verify parallel and distributed software in c# by doing roslyn ast transformation to a promela model

Abstract: In this paper, we describe an approach to formal verification of parallel and distributive programs in C#. We use Microsoft Roslyn technique to get syntax and semantic information about interesting constructions in the real source code to generate some corresponding code in Promela language, designed to model actor-based interoperation systems, so we do a program-to-model transformation. Then, we verify the usual problems of parallel and distributive code by checking pre-defined LTL formulas for the model program. We are able to provide checking of data races, improper locking usage, possible deadlocks in distributive service interoperations using the Model Checking approach. This method can be used to construct a static analyzer for the .NET platform.

FASTEN: an open extensible framework to experiment with formal specification approaches: using language engineering to develop a multi-paradigm specification environment for NuSMV

Abstract: Formal specification approaches have been successfully used to specify and verify complex systems. Verification engineers so far either directly use formal specification languages which can be consumed by verification tools (e.g. SMV, Promela) or main stream modeling languages which are then translated into formal languages and verified (e.g. SysML, AADL). The first approach is expressive and effective but difficult to use by non-experts. The second approach lowers the entry barrier for novices but users are limited to the constructs of the chosen modeling languages and thereby end up abusing the language to encode behaviors of interest. In this paper, we introduce a third approach that we call FASTEN, in which modular and extensible Domain Specific Languages (DSLs) are used to raise the abstraction level of specification languages towards the domain of interest. The approach aims to help novice users to use formal specification, enable experts to use multi-paradigm modeling, and provide tools for the developers of verification technologies to easily experiment with various types of specification approaches. To show the feasibility of the approach, we release an open-source tool based on Jetbrains' MPS language workbench that provides an extensible stack of more than ten DSLs, situated at different levels of abstraction, built on top of the SMV language. We use the NuSMV model checker to perform verification, to simulate the models and lift the traces at the abstraction level of the DSLs. We detail on the experience with designing and developing the DSLs stack and briefly report on using the DSLs in practice for the study of a communication protocol of a safety critical system.

Practical Model Checking of a Home Area Network System: Case Study

Abstract: The integrated communication infrastructure is the core of the Smart Grid architecture. Its two-way communication and information flow provides this network with all needed resources in order to control and manage all connected components from the utility to the customer side. This latter, named the Home Area Network or HAN, is a dedicated network connecting smart devices inside the customer home, and using different solutions. In order to avoid problems and anomalies along the process life cycle of developing a new solution for HAN network, the modeling and validation is one of the most powerful tools to achieve this goal. This paper presents a practical case study of such validation. It intends to validate a HAN SDL model, described in a previous work, using model checking techniques. It introduces a method to translate the SDL model to a Promela model using an intermediate format IF. After the generation of the Promela model, verification is performed to ensure that some functional properties are satisfied. The desired properties are defined in Linear Temporal Logic (LTL), and DTSPIN (an extension of SPIN with discrete time) model checker is used to verify the correctness of the model.

Limiting state space explosion of model checking using discrete event simulation: combining DEVS and PROMELA

Abstract: In this paper we propose an approach combining discrete event simulation and model checking. Indeed, methods like model checking suffer from the state space explosion when the modeled system is complex. Consequently, we propose an approach that allows the model checking procedure to focus on a subset of the total state space that is more likely to contain an erroneous state regarding a property. To do so, a simulation run that allows us to observe some qualitative metrics is performed, and stopped when a predefined "critical state" is reached. This state is then projected as the initial state of the non-deterministic finite automaton used by the model checking procedure. Thus, the search will only explore states reachable from this critical state, limiting state space explosion. We finally illustrate the proposed approach through a Network-On-Chip system, and compare it with the ad hoc classical model checking approach.

A model checking based approach for detecting SDN races

Abstract: The paper is devoted to the verification of Software Defined Networking (SDN) components and their compositions. We focus on the interaction between three basic entities, an application, a controller, and a switch. When the application submits a request to the controller, containing a set of rules to configure, these rules are expected to be ‘pushed’ and correctly applied by the switch of interest. However, this is not always the case, and one of the reasons is the presence of races or concurrency issues in SDN components and related interfaces. We propose a model checking based approach for deriving test sequences that can identify SDN races. The test generation strategy is based on model checking, and related formal verification is performed with the use of extended automata specifying the behavior of the components of interest; Linear Temporal Logic (LTL) formulas are utilized to express the properties to check. We generalize the races of interest and propose an approach for deriving the corresponding LTL formulas that are later used for verifiation. The Spin model checker is used for that purpose and thus, Promela specifications for interacting components are also provided; those are: the ONOS REST API, the ONOS controller and an OpenFlow Switch. An experimental evaluation with the aforementioned components showcases the existence of race conditions in their compositions.

Model Checking of WebRTC Peer to Peer System

Abstract: The establishment of the multimedia session is crucial in the WebRTC architecture before media and data transmission. The preliminary bi-directional flow provides the network with all the information needed in order to control and manage the communication between end-users. This control includes the setup, management, and teardown of a session and the definition, and the modification of multiple features that will be enabled in the ongoing session. This is performed by a mechanism named Signaling. In this work, we will use the formal verification to increase confidence in our SDL model by checking the consistency and reliability of the WebRTC Peer to Peer system. The verification and validation are proved the most efficient tools to avoid errors and defects in the concurrent system designs. Indeed, by using model-checking techniques we will verify if the WebRTC system adheres to standards if it performs the selected functions in the correct manner. To achieve that, we will first translate the SDL model to an intermediate format IF that will be retranslated to a Promela Model. Second, using the SPIN model checker, we will verify the general correctness of the model before checking if the desired properties are satisfied using the Linear Temporal Logic (LTL).

Trace Analysis Using an Event-Driven Interval Temporal Logic

Abstract: Nowadays, many critical systems can be characterized as hybrid ones, combining continuous and discrete behaviours that are closely related. Changes in the continuous dynamics are usually fired by internal or external discrete events. Due to their inherent complexity, it is a crucial but not trivial task to ensure that these systems satisfy some desirable properties. An approach to analyze them consists of the combination of model-based testing and run-time verification techniques. In this paper, we present an interval logic to specify properties of event-driven hybrid systems and an automatic transformation of the logic formulae into networks of finite-state machines. Currently, we use Promela/Spin to implement the network of finite-state machines, and analyze non-functional properties of mobile applications. We use the TRIANGLE testbed, which implements a controllable network environment for testing, to obtain the application traces and monitor network parameters.

Verifying Cloud Application for the Interaction Correctness Using SoaML and SPIN

Abstract: Cloud application is a kind of software implemented using cloud computing technology and deployed in the cloud environment. This paper focuses on guaranteeing the interaction correctness between cloud application and users. In general, the main methods to do this are testing and verification. But in the cloud environment, testing is costly and the operation is extremely difficult, while the verification can avoid these shortcomings, and be suitable for cloud application. In this paper, we use SoaML(Service-Oriented Architecture Modeling Language) to model cloud application, apply hierarchical automaton to formalize ServiceInterface of SoaML, and translate SeviceInterface into PROMELA according to the semantics of automaton; Meanwhile, describe the ServiceContract of SoaML using linear temporal logic (LTL). Both PROMELA and LTL formula are integrated into SPIN model checker for automatic verification of cloud application. Experiment shows that we can verify the correctness of cloud application effectively.

An integrated environment for Spin-based C code checking: Towards bringing model-driven code checking closer to practitioners

Abstract: Model-driven code checking (MDCC) has been successfully used for the verification of functional requirements of C code. An environment model that describes the context, which a program is expected to run in, is defined in Promela, translated to a model checker program by Spin, and linked with the program acting as system under verification. In this article, we summarise the practical advantages of MDCC which motivate its use in an industrial setting and discuss the challenges to its broader adoption. Environment models exhibit heavily intertwined Promela and C code statements, which make them hard to write and understand. We propose a high-level language for verification harness definition which hides the Spin engine under the hood. A small number of language concepts is sufficient to define verification harnesses for commonly encountered C programs. Widening the scope of the approach, we provide means to verify programs that exhibit internal state and extend the set of checked properties beyond classical assertions to those checked by LLVM/Clang code sanitizers. Thus, a user can focus on finding the best solution to combine exhaustive exploration of the environment with testing strategies. Our approach is prototypically integrated into mbeddr development platform. We present its instantiation on real-world code examples and discuss our experiences gained with the verification of software from the railway domain.

Promela and Spin Formal Verification of an M-Health Medical Social Media System

Abstract: The process of detecting and identifying errors early in the life-cycle of any software has many challenges. The tools used for model checking are however becoming more effective and usable because they are helping the identification of errors. This has empowered users to apply model checking to large-scale problems. The process of validating the model implementation is normally harder. We created a Promela model by using a model checker called Spin in order to verify the Medical Social Media System based on Social Oriented Networks by using M-Health technology and sensors in smartphones and bracelets for medical data acquisition, in order for it to be used in the healthcare sector in Iraq. For the Promela Model, we first described the behaviors of the Medical Social Media Systems via UML timelines. After that, we combined the UML timelines in state diagrams that were finally transformed into a Promela model and verified with the Spin model checker.

From Dynamic State Machines to Promela

Abstract: Dynamic State Machines (DSTM) is an extension of Hierarchical State Machines recently introduced to answer some concerns raised by model-based validation of railway control systems. However, DSTM can be used to model a wide class of systems for design, verification and validation purposes. Its main characteristics are the dynamic instantiation of parametric machines and the definition of complex data types. In addition, DSTM allows for recursion and preemptive termination. In this paper we present a translation of DSTM models in Promela that can enable automatic test case generation via model checking and, at least in principle, system verification. We illustrate the main steps of the translation process and the obtained Promela encoding.

Safety protocol formal verification method based on model detection

Abstract: The invention provides a safety protocol formal verification method based on model detection. In the method, an intruder model based on algorithmic knowledge logic is taken as a theoretical basis, SPIN/Promela is used to model and analyze a large number of network safety protocols, and a model detection technology is used to design and realize a network safety protocol verification model generation system. In the system, for the different types of protocols, a corresponding modeling method is provided, such as a combined identity logic modeling method, a two-channel attacker interception modeling method, an attacker knowledge base function modeling method and a four-channel parallel modeling method; the method is used for the Promela modeling of the safety protocol; and the analysis requirements of several different types of safety protocols are effectively satisfied, and for the size of an attacker knowledge base in the safety protocol, a program enumeration method is used to construct. The three optimization strategies of static analysis, syntax reordering and partial order reduction are arranged in the system so that a state explosion problem in a safety protocol model detectionprocess can be effectively alleviated.

Formalizing Time Petri Nets with Metric Temporal Logic using Promela

Abstract: Formal verifications for the real-time systems are crucial and inevitable. The formal model and its desirable properties may be checked using model checker. Time Petri net is one of the practical representation for the formal model and its target properties may be efficiently written in metric temporal logic providing the time duration checking. However, the model checking of the time Petri nets with metric temporal logic is still merely supported. In this paper, we propose an alternative to transform the given time Petri nets along with the metric temporal logic into Promela code, which would be practically verified using SPIN tool. We also modified the previous work on translating basic metric temporal logic (MTL) formulas into linear temporal logic (LTL) written in Promela as to cope with the next and until temporal operators. The resulting Promela codes are correctly generated and verifiable using SPIN tool.

Verifying nondeterministic processes driven by broadcasts on Android

Abstract: Broadcasts in Android facilitate inner-process and inter-process communications. Although broadcasts enable high scalability and loose coupling in achieving collaboration among system components, there is no support for developers to verify the correctness of broadcast-driven nondeterministic processes. To overcome this challenge, we propose a verification approach for systems driven by all the four types of Android broadcasts. Our approach uses the PROMELA language to model broadcast senders and receivers, with regards to unique features of each broadcast type. Based on our design of initialisation procedures, developers can verify properties of their systems using the SPIN model checker. We evaluate our approach in a case study on an example system. Results show that our approach can effectively conduct verification in terms of safety, liveness and never claims with limited computing resources.

Model Checking the OpenFlow Protocol Using SPIN

Abstract: Software-Defined Networking (SDN) is a new architecture of separation of logical control and data forwarding. Although this separation has brought many benefits to the network, it also exposes the network to more risks. OpenFlow protocol is a communication protocol between them. The correct behavior of OpenFlow protocol is critical to SDN. Model checking technology has been widely applied to the protocol verification. This paper presents the process of model checking the OpenFlow protocol using SPIN. First, we describe an abstract formal model of OpenFlow protocol. And then we translate the model with PROMELA which is a model description language. Finally we apply the model checker (SPIN) to verify properties. In the process, it is realized that to pay more attention to the delay of SDN is more efficient when updating OpenFlow protocol version.

System Modeling and Design of Smart for ATM

Abstract: In today’s continuously changing world of technology, the upgradation of gadgets and systems is an in-parallel activity with these changes. In this series of technological updates, the availability of ATM as a part of Online banking activity support is not novice, but in use since a decade back. Since most of the technological advancements have two facets, ATM too provides convenience but on the other hand increases the security risk. The objective of the paper is to depict the Framework Design of the SMILE for FOBIA including Safe Mode Alarm Reporting Technique (SMART) and GPS Enabled Tracking (GET) for coerced cash withdrawal in ATM. The system is modelled using PROMELA (Process Meta Language), simulated and tested through jSpin model verifier tool.

Automated analysis of e-learning web applications

Abstract: In our paper we are exploring the use of formal methods for testing and verification of interactive e-learning web applications. These programs can be highly interactive and are often used for knowledge assessment and on-line tutoring purposes. They are written in web standard languages and executed in client browsers. Even simpler web applications can have various different interaction scenarios which makes them hard to test reliably. Therefore, we are using formal methods tools such as SPIN model checker and its Promela language to improve web application testing process. We create semi-automatically Promela process models from web application source code, and run their simulations, as well as verification using SPIN. Using these techniques, we want to identify flaws in web application design, and find and visualize all interaction scenarios using finite state automata. We will present use case example based on tutoring web application from our e-learning system used on our course Fundamentals of Electrical Engineering.

Security protocol vulnerability mining method based on multiple reverse cases

Abstract: The invention discloses a security protocol vulnerability mining method based on multiple reverse cases, which comprises the following steps: S1, modeling a security protocol required to be verified by using a promela language, and storing the security protocol in a .pml file format; S2, reducing the security property of a protocol, and expressing the security property in an LTL form; S3, verifying the security protocol in a manner of searching for an inverse example; S4, eliminating similar inverse cases, wherein an editing distance method is used for measuring a weight sequence of the inverse cases, and eliminating the similar inverse cases; then further eliminating similar reverse examples by using a method of comparing the attack path graphs; and S5, processing the residual reverse case set in the step S4 by using a statistical method. According to the method, a weight concept is introduced in a model detection stage, weight sequences in inverse cases are further compared, and similar inverse cases are eliminated. In the inverse case analysis stage, a statistical method is used for processing a large number of redundant inverse cases, so that the analysis process of the inversecases is more automatic, and the accuracy and efficiency of security protocol analysis are improved.

Using Formal Methods to Guide the Development of an Asthma Management System

Abstract: This paper reports on the use of a method to encourage the use of formal verification to explore the correctness of the development of an Ambient Assisted Living system, in this case one to help people with asthma to better manage their condition. We apply the methodology by modelling in ProMeLa and using SPIN for simulation and verification. We illustrate how the method is applied and some of the insights the developing team gained in its application.

A Specification-Based Approach to Model Checking Event-Driven Systems

Abstract: An event-driven system with multiple external events is difficult to verify manually. Model checking is an appropriate approach for exhaustively and automatically verifying this kind of systems. In fact, adopting the specification language used by a specific model checker to specify the behaviors of the system is really hard because many events with the corresponding constraints need to be considered. To address this problem, we propose a domain-specific language (DSL) to facilitate the specification of an event-driven system with several configurations and validation rules for checking their properties. In our approach, the occurrences of these events can be defined using different scenarios. From the specification of the system, we generate the program in Promela (Process or Protocol Meta Language) for the verification. Model checking techniques are then applied to export the counterexamples as the results of the verification. From these results, we can handle the occurrence of the events to find the corresponding errors of the system.

Modeling and Verification of Starvation-Free Bitwise Arbitration Technique for Controller Area Network Using SPIN Promela

Abstract: The Controller Area Network (CAN) is a message based communication service working over high-speed serial bus systems, and mostly used in the automotive industries and real-time communication systems. The CAN bus connects several independent CAN modules and allows them to communicate and work together asynchronously and/or synchronously. All nodes can simultaneously transmit data to the CAN bus, and the collision of multiple messages on the bus is resolved by a bitwise arbitration technique that operates by assigning a node with a low-priority message to switch to a “listening” mode while a node with a high-priority message remains in a “transmitting” mode. This arbitration mechanism results in the starvation problem that lower-priority messages continuously lose arbitration to higher-priority ones. This starvation is seen as a critical section problem with priority scheduling, where a synchronization technique is required at the entry and exit of the bus. The techniques of non-starvation critical section with general semaphore and barrier synchronization are applied to enable the CAN bus to proceed without starvation. In this paper, we present a formal model of a starvation-free bitwise CAN arbitration protocol applying barrier synchronization and starvation-free mutual exclusion. Based on SPIN Promela, we provide that the proposed CAN starvation-free CAN bus model works correctly.

Formal Verfication of Security Protocol Using Spin Tool

Abstract: Nowadays, security is a big issue related with the network. In order to send sensitive information through the network, we require a mechanism to ensure the information is sent to the intended receiver. Various methods is discussed which is used for verification and model checking method is implemented to construct a model using promela which verifies the properties that satisfies with a cryptographic protocol. This paper involves a brief survey on different methods available for the verification of security protocols and suggests a better method based on qualitative analysis on the survey. Also, we give a verification analysis of NSPK protocol using model checking tool Spin.

From Global Choreographies to Provably Correct and Efficient Distributed Implementations.

Abstract: We define a method to automatically synthesize provably-correct efficient distributed implementations from high-level global choreographies. A global choreography describes the execution and communication logic between a set of provided processes which are described by their interfaces. The operations at the level of choreographies include multiparty communications, choice, loop, and branching. Choreographies are master-triggered, that is each choreography has one master to trigger its execution. This allows to automatically generate conflict free distributed implementations without controllers. The behavior of the synthesized implementations follows the behavior of choreographies. In addition, the absence of controllers ensures the efficiency of the implementation and reduces the communication needed at runtime. Moreover, we define a translation of the distributed implementations to equivalent Promela versions. The translation allows verifying the distributed system against behavioral properties. We implemented a Java prototype to validate the approach and applied it to automatically synthesize micro-services architectures. We illustrate our method on the automatic synthesis of a verified distributed buying system.

Visualization of Promela with NS-Chart

Abstract: In the paradigm of model checking, a formal model is considered as one of the crucial sources that tends to be verified with the desired properties. The definition of the formal model should be understandable and clear in order to express the structure and behaviors of the system visually using diagrammatic tools. In this paper, we focused on the formal model which is written in Promela language that supports the non-determinism of the concurrent system. From our study, we found that the Promela syntax could probably be drawn by using NS-chart visual symbols. The classic NS-chart symbols represents the control flow of the system that was written in Promela. As a main purpose of this paper, we aim to propose a set of mapping rules for generating the NS-chart drawing from Promela source codes. The result of the drawing with the proposed NS-Chart syntax showed that the Promela control flow structure could be represented succinctly and the chart could be practically used for tracing the counterexample of the verification.