Showing papers on "Promela published in 2022"

Towards an Integrated Tool Support for the Analysis of IOPT Nets Using the Spin Model Checker

Abstract: This paper presents a model translation to allow automatic simulation and verification of controller models for cyber-physical systems. The models are constructed using IOPT nets, a non-autonomous Petri nets class. Those models are then translated into Promela models to be executed by the Spin model checker, a widely used open-source software verification tool. Three illustrative examples are presented: one autonomous model and two non-autonomous models. As future work, it is foreseen the integration with the freely available IOPT-Tools framework.

Discrete Time Model for Process Meta Language with Fictitious-Clock

Abstract: Industries like telecommunications, medical, automotive, military, avionics, and aerospace use complex real-time systems. Specification and Description Language (SDL) is one of the leading domain specific languages that is formally defined by international standards and well established in describing such systems. To check system properties abstracted model of the system is prepared in selected modeling language. We use Spin (Simple Promela Interpreter) model checker that is one of the leading tools for verification of complex concurrent and reactive systems. This paper focuses on modeling the SDL timer construct. It is one of the SDL constructs that is not easily modeled with Promela, but is present in many SDL systems. After an overview of the related work we propose a new Discrete Time Model for Promela (DTMP) that is seamlessly integrated in our framework for modeling SDL systems and can be used with the mainstream version of the Spin tool. To the best of our knowledge, this is not possible with the existing solutions. We describe how DTMP can be used to model SDL systems that use timers. Experimental results demonstrate its applicability to non-SDL systems with Fischer’s mutual exclusion protocol and the Parallel Acknowledgment with Retransmission that were used in prior studies. We compare state-space requirements with one of the existing solutions DT Promela and DT Spin. With that, virtues and shortcomings of this high-level solution are exposed. We have shown that DTMP is effective when an extensive range of timer expiration values are used, which is usually the case in real-life SDL systems.

Formal Analysis of the Security Protocol with Timestamp Using SPIN

Abstract: The verification of security protocols is an important basis for network security. Now, some security protocols add timestamps to messages to defend against replay attacks by network intruders. Therefore, verifying the security properties of protocols with timestamps is of great significance to ensure network security. However, previous formal analysis method of such protocols often extracted timestamps into random numbers in order to simplify the model before modeling and verification, which probably cause time-dependent security properties that are ignored. To solve this problem, a method for verifying security protocols with timestamps using model checking technique is proposed in this paper. To preserve the time-dependent properties of the protocol, Promela (process meta language) is utilized to define global clock representing the protocol system time, timer representing message transmission time, and the clock function representing the passage of time; in addition, a mechanism for checking timestamps in messages is built using Promela. To mitigate state space explosion in model checking, we propose a vulnerable channel priority method of using Promela to build intruder model. We take the famous WMF protocol as an example by modeling it with Promela and verifying it with model checker SPIN (Simple Promela Interpreter), and we have successfully found two attacks in the protocol. The results of our work can make some security schemes based on WMF protocol used in the Internet of things or other fields get security alerts. The results also show that our method is effective, and it can provide a direction for the analysis of other security protocols with timestamp in many fields.

Modeling and Verification of a Hybrid Model of Mobile Banking Based Branchless Banking System in E-Banking Using SPIN

Abstract: Branchless banking is known as “banking beyond branches” that bridges the gap between the banking institutions and the unbanked people of the rural areas and provides financial services at their doorstep/village by using banking agents. Banking agents employ electronic data capture (EDC) systems such as point of sale (POS) systems and payment cards and create a financial system accessible to all levels of society irrespective of the demographic and geographic conditions of the country. Mobile technologies are becoming more popular day by day among unbanked people. Banking agents can utilize mobile banking to operate branchless banking in rural areas that can be more convenient and cheaper than the overhead costs of POS systems. This paper proposes a new hybrid model of Mobile Banking-based Branchless Banking System (MB-BBS) that provides branchless banking services and mobile banking services to unbanked people in rural areas globally. This paper employs a process meta language (PROMELA) to specify system descriptions and security properties and builds a verification model of MB-BBS. Finally, MB-BBS is successfully verified using a simple PROMELA interpreter (SPIN). The SPIN verification results prove that the proposed MB-BBS is error-free, and banks can employ the MB-BBS model to provide enhanced banking services to unbanked people globally.

From symbolic constraint automata to Promela

Abstract: In this paper, we study a subclass of constraint automata with local variables. The fragment denotes an executable subset of constraint automata for which synchronization and data constraints are expressed in an imperative guarded command style, instead of a denotational style as in the coordination language Reo. To demonstrate the executability property, we provide a translation scheme from symbolic constraint automata to Promela, the language of the model checker Spin. As a proof of concept, we model in Reo a software defined network circuit, and use the Spin model checker to verify that our model satisfies some temporal properties.

Model sketching by abstraction refinement for lifted model checking

Abstract: In this work, we show how the use of verification and analysis techniques for model families (software product lines) with numerical features provides an interesting technique to synthesize complete models from sketches (i.e. partial models with holes). In particular, we present an approach for synthesizing Promela model sketches using variability-specific abstraction refinement for lifted (family-based) model checking.

Model Checking Functional Integration of Human Cognition and Machine Reasoning

Abstract: Functional integration of human cognition and machine reasoning is an industry-wide problem where failure risks health or safety. Differences in human versus machine functioning obscure conventional integration. We introduce cognitive work problems (CWP) for rigorous, verifiable functional integration. CWP specify the cognitive problem that integrated designs must solve. They are technology-neutral, abstract work objects, allowing people and computing to share and transform them in coordination. The end-to-end method is illustrated on a system that employs AI for remote patient monitoring (RPM) during COVID-19 home care. The CWP specified actionable risk awareness as the medical problem RPM must solve. Graphical modeling standards enabled user participation: CWP as finite state machines and system behavior in BPMN. For model checking, the CWPs logical content was translated to linear temporal logic (LTL) and the BPMN into Promela as inputs to the SPIN model checker. SPIN verified the Promela implements the LTL correctly. We conclude this CWP-derived RPM design solves the medical problem and enhances patient safety. The method appears general to many critical systems.

PROMELA based formal verification for safety-critical software

Abstract: 聚焦安全关键软件, 研究基于PROMELA形式模型验证C程序中违反断言、数组越界、空指针解引用、死锁及饥饿等5类故障技术。建立C程序抽象语法树节点到PROMELA模型, 验证属性相关函数到PROMELA模型的2类映射规则; 根据映射规则提出由C程序自动生成PROMELA形式模型的算法, 并对算法进行理论分析; 针对C程序中5种故障类型, 分别给出基于PROMELA模型的形式化验证方法, 并分析验证的范围; 覆盖各类故障的验证范围, 为每类故障类型选取12个C程序案例进行实证研究, 实验结果证明了方法的有效性。

AntiPhiMBS-TRN: A New Anti-phishing Model to Mitigate Phishing Attacks in Mobile Banking System at Transaction Level

Abstract: With the continuous improvement and growth at a rapid pace in the utility of mobile banking payment technologies, fraudulent mobile banking transactions are being multiplied using bleeding-edge technologies sharply and a significant economic loss is made every year around the world. Phishers seek new vulnerabilities with every advance in fraud prevention and have become an even more pressing issue of security challenges for banks and financial institutions. However, researchers have focused mainly on the prevention of fraudulent transactions on the online banking system. This paper proposes a new anti-phishing model for mobile banking systems at the transaction level (AntiPhiMBS-TRN) that mitigates fraudulent transactions in the mobile banking payment system. This model applies a unique id for the transactions and an application id for the bank application known to the bank, bank application, users, and the mobile banking system. In addition, AntiPhiMBS-TRN also utilizes the international mobile equipment identity (IMEI) number of the registered mobile device to prevent fraudulent transactions. Phishers cannot execute fraudulent transactions without knowing the unique id for the transaction, application id, and IMEI number of the mobile device. This paper employs a process meta language (PROMELA) to specify system descriptions and security properties and builds a verification model of AntiPhiMBS-TRN. Finally, AntiPhiMBS-TRN is successfully verified using a simple PROMELA interpreter (SPIN). The SPIN verification results prove that the proposed AntiPhiMBS-TRN is error-free, and banks can implement the verified model for mitigating fraudulent transactions in the mobile banking system globally.

STAn: analysis of data traces using an event-driven interval temporal logic

Abstract: Abstract The increasing integration of systems into people’s daily routines, especially smartphones, requires ensuring correctness of their functionality and even some performance requirements. Sometimes, we can only observe the interaction of the system (e.g. the smartphone) with its environment at certain time points; that is, we only have access to the data traces produced due to this interaction. This paper presents the tool STAn , which performs runtime verification on data traces that combine timestamped discrete events and sampled real-valued magnitudes. STAn uses the Spin model checker as the underlying execution engine, and analyzes traces against properties described in the so-called event-driven interval temporal logic () by transforming each formula into a network of concurrent automata, written in Promela , that monitors the trace. We present two different transformations for online and offline monitoring, respectively. Then, Spin explores the state space of the automata network and the trace to return a verdict about the corresponding property. We use the proposal to analyze data traces obtained during mobile application testing in different network scenarios.

A formal analysis method for composition protocol based on model checking

Abstract: Protocol security in a composition protocol environment has always been an open problem in the field of formal analysis and verification of security protocols. As a well-known tool to analyze and verify the logical consistency of concurrent systems, SPIN (Simple Promela Interpreter) has been widely used in the analysis and verification of the security of a single protocol. There is no special research on the verification of protocol security in a composition protocol environment. To solve this problem, firstly, a formal analysis method for composition protocol based on SPIN is proposed, and a formal description of protocol operation semantics is given. Then the attacker model is formalized, and a message specification method based on field detection and component recognition is presented to alleviate the state explosion problem. Finally, the NSB protocol and the NSL protocol are used as examples for compositional analysis. It is demonstrated that the proposed method can effectively verify the security of the protocol in a composition protocol environment and enhance the efficiency of composition protocol verification.