Showing papers on "Specification language published in 2008"

ROWLBAC: representing role based access control in OWL

Abstract: There have been two parallel themes in access control research in recent years. On the one hand there are efforts to develop new access control models to meet the policy needs of real world application domains. In parallel, and almost separately, researchers have developed policy languages for access control. This paper is motivated by the consideration that these two parallel efforts need to develop synergy. A policy language in the abstract without ties to a model gives the designer little guidance. Conversely a model may not have the machinery to express all the policy details of a given system or may deliberately leave important aspects unspecified. Our vision for the future is a world where advanced access control concepts are embodied in models that are supported by policy languages in a natural intuitive manner, while allowing for details beyond the models to be further specified in the policy language.This paper studies the relationship between the Web Ontology Language (OWL) and the Role Based Access Control (RBAC) model. Although OWL is a web ontology language and not specifically designed for expressing authorization policies, it has been used successfully for this purpose in previous work. OWL is a leading specification language for the Semantic Web, making it a natural vehicle for providing access control in that context. In this paper we show two different ways to support the NIST Standard RBAC model in OWL and then discuss how the OWL constructions can be extended to model attribute-based RBAC or more generally attribute-based access control. We further examine and assess OWL's suitability for two other access control problems: supporting attribute based access control and performing security analysis in a trust-management framework.

Systems and methods for embedding a cloud-based resource request in a specification language wrapper

Abstract: Embodiments relate to systems and methods for embedding a cloud-based resource request in a specification language wrapper In embodiments, a set of applications and/or a set of appliances can be registered to be instantiated in a cloud-based network Each application or appliance can have an associated set of specified resources with which the user wishes to instantiate those objects For example, a user may specify a maximum latency for input/output of the application or appliance, a geographic location of the supporting cloud resources, a processor throughput, or other resource specification to instantiate the desired object According to embodiments, the set of requested resources can be embedded in a specification language wrapper, such as an XML object The specification language wrapper can be transmitted to a marketplace to seek the response of available clouds which can support the application or appliance according to the specifications contained in the specification language wrapper

Essence: A constraint language for specifying combinatorial problems

Abstract: Essence is a formal language for specifying combinatorial problems in a manner similar to natural rigorous specifications that use a mixture of natural language and discrete mathematics. Essence provides a high level of abstraction, much of which is the consequence of the provision of decision variables whose values can be combinatorial objects, such as tuples, sets, multisets, relations, partitions and functions. Essence also allows these combinatorial objects to be nested to arbitrary depth, providing for example sets of partitions, sets of sets of partitions, and so forth. Therefore, a problem that requires finding a complex combinatorial object can be specified directly by using a decision variable whose type is precisely that combinatorial object.

VDMTools: advances in support for formal modeling in VDM

Abstract: We describe the current status of "VDMTools", a group of tools supporting the analysis of system models expressed in the formal language of the Vienna Development Method. Three dialects of the language are supported: the ISO standard VDM specification language with support for modular structuring, the extension VDM++ which supports object-oriented structuring and concurrency, and a version extending VDM++ with features for modeling and analysing distributed embedded real-time systems. VDMTools provides extensive static semantics checking, automatic code generation, roundtrip mapping to UML class diagrams, documentation support, test coverage analysis and debugging support. The tools' focus is on supporting the cost-effective development and exploitation of formal models in industrial settings. The paper presents the components of VDMTools and reports recent experience using them for the development of large models.

Finding Minimal Unsatisfiable Cores of Declarative Specifications

Abstract: Declarative specifications exhibit a variety of problems, such as inadvertently overconstrained axioms and underconstrained conjectures, that are hard to diagnose with model checking and theorem proving alone. Recycling core extractionis a new coverage analysis that pinpoints an irreducible unsatisfiable core of a declarative specification. It is based on resolution refutation proofs generated by resolution engines, such as SAT solvers and resolution theorem provers. The extraction algorithm is described, and proved correct, for a generalized specification language with a regulartranslation to the input logic of a resolution engine. It has been implemented for the Alloy language and evaluated on a variety of specifications, with promising results.

Clock constraint specification language: specifying clock constraints with UML/MARTE

Abstract: The Object Management Group (OMG) unified modeling language (UML) profile for modeling and analysis of real-time and embedded systems (MARTE) aims at using the general-purpose modeling language UML in the domain of real-time and embedded (RTE) systems. To achieve this goal, it is absolutely required to introduce inside the mainly untimed UML an unambiguous time structure which MARTE model elements can rely on to build precise models amenable to formal analysis. The MARTE Time model has defined such a structure. We have also defined a non-normative concrete syntax called the clock constraint specification language (CCSL) to demonstrate what can be done based on this structure. This paper gives a brief overview of this syntax and its formal semantics, and shows how existing UML model elements can be used to apply this syntax in a graphical way and benefit from the semantics.

Logics of specification languages

Abstract: Preludium.- An Overview.- The Languages.- Abstract State Machines for the Classroom.- The event-B Modelling Method: Concepts and Case Studies.- A Methodological Guide to the CafeOBJ Logic.- Casl - the Common Algebraic Specification Language.- Duration Calculus.- The Logic of the RAISE Specification Language.- The Specification Language TLA+.- The Typed Logic of Partial Functions and the Vienna Development Method.- Z Logic and Its Applications.- Postludium.- Reviews.

Aspect-oriented in-lined reference monitors

Abstract: An Aspect-Oriented, declarative, security policy specification language is presented, for enforcement by In-lined Reference Monitors. The semantics of the language establishes a formal connection between Aspect-Oriented Programming and In-lined Reference Monitoring wherein policy specifications denote Aspect-Oriented security automata---security automata whose edge labels are encoded as pointcut expressions. The prototype language implementation enforces these security policies by automatically rewriting Java bytecode programs so as to detect and prevent policy violations at runtime.

Blueprint Model and Language for Engineering Cloud Applications

Abstract: The research presented in this thesis is positioned within the domain of engineering CSBAs. Its contribution is twofold: (1) a uniform specification language, called the Blueprint Specification Language (BSL), for specifying cloud services across several cloud vendors and (2) a set of associated techniques, called the Blueprint Manipulation Techniques (BMTs), for publishing, querying, and composing cloud service specifications with aim to support the flexible design and configuration of an CSBA.

Towards a framework for specification and code generation of automatic systems

Abstract: Autonomic computing is an emerging field for developing complex large-scale systems by transforming them into self-managing autonomic systems, which are intrinsically intended to reduce complexity through automation. However, the very complexity inherent in many systems that lend themselves well to autonomic computing can often cause difficulty in designing those same autonomic systems. This emphasizes the need for a specification language that allows for modeling and validation of such systems. This thesis approaches the problem of formal specification and code generation of autonomic systems within a framework. The core of this framework is an autonomic system specification language (ASSL). ASSL implies a multi-tier structure for specifying autonomic systems and targets at the generation of an operational framework instance from an ASSL specification. In general, the proposed framework helps to design and generate an autonomic computing wrapper that embeds the components of existing systems, i.e., it allows a non-intrusive adding of self-management features to existing systems. Moreover, the framework allows a top-down development approach to autonomic systems, where the generated framework instance will guide the designers to the needed components and their interfaces of the system under consideration. In order to define an appropriate basis for reasoning about ASSL specification models, we define ASSL formally via a well-defined context-free grammar and a semantic description covering the important operational aspects of the ASSL specification structures and commands. In addition, we propose semantic definitions for consistency checking that lay the ground for a mathematical theory for proving properties and checking consistency of autonomic systems specified with ASSL. We present our approach to reducing complexity when modeling autonomic systems with ASSL. This is possible because ASSL embeds a large set of properly designed abstractions that hide specifics of autonomic systems, thus reducing their complexity. In an attempt to validate the usability and applicability of ASSL, we apply the latter to modeling the NASA ANTS swarm-based prospective mission. In this thesis, an ASSL architecture model for autonomic elements is proposed. The model is considered generic because it is pertaining to any autonomic system successfully generated with the ASSL framework. An ASSL framework toolset that was designed and developed in the course of this project is presented, as well as test results generated with the same.

Open Knowledge

Abstract: The drive to extend the Web by taking advantage of automated symbolic reasoning (the so-called Semantic Web) has been dominated by a traditional model of knowledge sharing, in which the focus is on task-independent standardisation of knowledge. It appears to be difficult, in practice, to standardise in this way because the way in which we represent knowledge is strongly influenced by the ways in which we expect to use it. We present a form of knowledge sharing that is based not on direct sharing of "true" statements about the world but, instead, is based on sharing descriptions of interactions. By making interaction specifications the currency of knowledge sharing we gain a context to interpreting knowledge that can be transmitted between peers, in a manner analogous to the use of electronic institutions in multi-agent systems. The narrower notion of semantic commitment we thus obtain requires peers only to commit to meanings of terms for the purposes and duration of the interactions in which they appear. This lightweight semantics allows networks of interaction to be formed between peers using comparatively simple means of tackling the perennial issues of query routing, service composition and ontology matching. A basic version of the system described in this paper has been built (via the OpenKnowledge project); all its components use established methods; many of these have been deployed in substantial applications; and we summarise a simple means of integration using the interaction specification language itself.

Towards an ASSL specification model for NASA swarm-based exploration missions

Abstract: NASA swarm-based exploration missions represent a new class of concept missions based on the cooperative nature of a hive culture. A mission of this class requires an autonomic system, comprising a set of autonomous mobile units. The design and implementation of such systems requires specific engineering approaches, including new formal specification methods and techniques. This article presents an introduction to our research towards a formal specification of NASA concept swarm-based missions. The Autonomic System Specification Language (ASSL) is a framework for formally specifying and generating autonomic systems. With ASSL, we can specify high-level behavior policies, as part of overall system behavior, which shows that ASSL is a very appropriate language for specifying the autonomic behavior of swarm-based missions. We show how ASSL can be used to specify self-configuring, self-healing, and safety properties of NASA swarm-based missions.

An environment for flexible advanced compensations of Web service transactions

Abstract: Business to business integration has recently been performed by employing Web service environments. Moreover, such environments are being provided by major players on the technology markets. Those environments are based on open specifications for transaction coordination. When a failure in such an environment occurs, a compensation can be initiated to recover from the failure. However, current environments have only limited capabilities for compensations, and are usually based on backward recovery. In this article, we introduce an environment to deal with advanced compensations based on forward recovery principles. We extend the existing Web service transaction coordination architecture and infrastructure in order to support flexible compensation operations. We use a contract-based approach, which allows the specification of permitted compensations at runtime. We introduce abstract service and adapter components, which allow us to separate the compensation logic from the coordination logic. In this way, we can easily plug in or plug out different compensation strategies based on a specification language defined on top of basic compensation activities and complex compensation types. Experiments with our approach and environment show that such an approach to compensation is feasible and beneficial. Additionally, we introduce a cost-benefit model to evaluate the proposed environment based on net value analysis. The evaluation shows in which circumstances the environment is economical.

A Formal Model of Emotions: Integrating Qualitative and Quantitative Aspects

Abstract: When constructing a formal model of emotions for intelligent agents, two types of aspects have to be taken into account. First, qualitative aspects pertain to the conditions that elicit emotions. Second, quantitative aspects pertain to the actual experience and intensity of elicited emotions. In this presentation, we show how the qualitative aspects of a well-known psychological model of human emotions can be formalized in an agent specification language and how its quantitative aspects can be integrated into this model. Furthermore, we discuss several unspecified details and implicit assumptions in the psychological model that are explicated by this effort.

A model checking approach for verifying COWS specifications

Abstract: We introduce a logical verification framework for checking functional properties of service-oriented applications formally specified using the service specification language COWS. The properties are described by means of SocL, a logic specifically designed to capture peculiar aspects of services. Service behaviours are abstracted in terms of Doubly Labelled Transition Systems, which are used as the interpretation domain for SocL formulae. We also illustrate the SocL model checker at work on a bank service scenario specified in COWS.

Existential live sequence charts revisited

Abstract: Scenario-based specifications are a popular means for describing intended system behaviour. We aim to facilitate early analysis of system behaviour and the development of behaviour models in conjunction with scenarios. In this paper we define a novel scenario-based specification language with an existential semantics and that supports conditional specification of behaviour in the form of prechart and main chart. The language semantics is consistent with existing informal scenario-based and use-case based approaches to requirements engineering. The language provides a good fit with universal live sequence charts as standard existential live sequence charts do not adequately support conditional scenarios. In addition, we define a novel synthesis algorithm that, rather than building arbitrarily one of the many behaviour models that satisfy a scenario, constructs a modal transition system (MTS) which characterizes all behaviour models that conform to the scenario.

The Specification Language TLA

Abstract: The specification language TLA+ was designed by Lamport for formally describing and reasoning about distributed algorithms. It is described in Lamport’s book Specifying Systems [29], which also gives good advice on how to make the best use of TLA+ and its supporting tools. Systems are specified in TLA+ as formulas of the Temporal Logic of Actions, TLA, a variant of linear-time temporal logic also introduced by Lamport [27]. The underlying data structures are specified in (a variant of) Zermelo-Frankel set theory, the language accepted by most mathematicians as the standard basis for formalizing mathematics. This choice is motivated by a desire for conciseness, clarity, and formality that befits a language of formal specification where executability or efficiency are not of major concern. TLA+ specifications are organized in modules that can be reused independently.

Regular Specifications of Resource Requirements for Embedded Control Software

Abstract: For embedded control systems, a schedule for the allocation of resources to a software component can be described by an infinite word whose ith symbol models the resources used at the ith sampling interval. Dependency of performance on schedules can be formally modeled by an automaton (omega-regular language) which captures all the schedules that keep the system within performance requirements. We show how such an automaton is constructed for linear control designs and exponential stability or settling time performance requirements. Then, we explore the use of the automaton for online scheduling and for schedulability analysis. As a case study, we examine how this approach can be applied for the LQG control design. We demonstrate, by examples, that online schedulers can be used to guarantee performance in worst-case condition together with good performance in normal conditions. We also provide examples of schedulability analysis.

The mCRL2 toolset

Abstract: We describe the toolset for the behavioural specification language mCRL2. The purpose of the toolset is to analyse abstract models that describe the communication behaviour of software based systems. With the help of the toolset we want to efficiently detect and prevent problems in software, preferably before it is built. The tools allow to transform specifications, generate and visualise state spaces, verify modal properties, and much more. In order to facilitate reuse of the code most of the functionality is included in libraries. This makes the toolset suitable as a platform for third party tool development and for other specification languages as well. The toolset is distributed under the Boost license, which permits such use.

Model checking of analog systems using an analog specification language

Abstract: In this contribution an advanced methodology for model checking of analog systems is introduced. A new Analog Specification Language (ASL) for efficient property specifications is defined and model checking algorithms for implementing this language are presented. This allows verification of complex static and dynamic circuit properties like Oscillation and Startup Time that have not yet been formally verifiable with previous approaches. The new verification methodology is applied to example circuits and experimental results are discussed and compared to conventional circuit simulation.

Integrating a formal method into a software engineering process with UML and Java

Abstract: We describe how CSP-OZ, a formal method combining the process algebra CSP with the specification language Object-Z, can be integrated into an object-oriented software engineering process employing the UML as a modelling and Java as an implementation language. The benefit of this integration lies in the rigour of the formal method, which improves the precision of the constructed models and opens up the possibility of (1) verifying properties of models in the early design phases, and (2) checking adherence of implementations to models. The envisaged application area of our approach is the design of distributed reactive systems. To this end, we propose a specific UML profile for reactive systems. The profile contains facilities for modelling components, their interfaces and interconnections via synchronous/broadcast communication, and the overall architecture of a system. The integration with the formal method proceeds by generating a significant part of the CSP-OZ specification from the initially developed UML model. The formal specification is on the one hand the starting point for verifying properties of the model, for instance by using the FDR model checker. On the other hand, it is the basis for generating contracts for the final implementation. Contracts are written in the Java Modeling Language (JML) complemented by CSPjassda, an assertion language for specifying orderings between method invocations. A set of tools for runtime checking can be used to supervise the adherence of the final Java implementation to the generated contracts.

Java type inference is broken: can we fix it?

Abstract: Java 5, the most recent major update to the Java Programming Language, introduced a number of sophisticated features, including a major extension to the type system. While the technical details of these new features are complex, much of this complexity is hidden from the typical Java developer by an ambitious type inference mechanism. Unfortunately, the extensions to the Java 5 type system were so novel that their technical details had not yet been thoroughly investigated in the research literature. As a result, the Java 5 compiler includes a pragmatic but flawed type inference algorithm that is, by design, neither sound nor locally complete. The language specification points out that neither of these failures is catastrophic: the correctness of potentially-unsound results must be verified during type checking; and incompleteness can usually be worked around by manually providing the method type parameter bindings for a given call site. This paper dissects the type inference algorithm of Java 5 and proposes a signficant revision that is sound and able to calculate correct results where the Java 5 algorithm fails. The new algorithm is locally complete with the exception of a difficult corner case. Moreover, the new algorithm demonstrates that several arbitrary restrictions in the Java type system---most notably the ban on lower-bounded type parameter declarations and the limited expressibility of intersection types---are unnecessary. We hope that this work will spur the evolution of a more coherent, more comprehensive generic type system for Java.

Provably Correct Runtime Monitoring

Abstract: Runtime monitoring is an established technique for enforcing a wide range of program safety and security properties. We present a formalization of monitoring and monitor inlining, for the Java Virtual Machine. Monitors are security automata given in a special-purpose monitor specification language, ConSpec. The automata operate on finite or infinite strings of calls to a fixed API, allowing local dependencies on parameter values and heap content. We use a two-level class file annotation scheme to characterize two key properties: (i) that the program is correct with respect to the monitor as a constraint on allowed program behavior, and (ii) that the program has an instance of the given monitor embedded into it, which yields state changes at prescribed points according to the monitor's transition function. As our main application of these results we describe a concrete inliner, and use the annotation scheme to characterize its correctness. For this inliner, correctness of the level II annotations can be decided efficiently by a weakest precondition annotation checker, thus allowing on-device checking of inlining correctness in a proof-carrying code setting.

A formal specification of the Fractal component model in Alloy

Abstract: This report contains a formal specification of the Fractal component model using the Alloy specification language. The report covers all the elements of the (informal) reference specification of the Fractal model. It provides a truly language-independent specification of the Fractal model, and lifts the ambiguities of the reference specification.

Property Verification for Generic Access Control Models

Abstract: To formally and precisely capture the security properties that access control should adhere to, access control models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a new general approach for property verification for access control models. The approach defines a standardized structure for access control models, providing for both property verification and automated generation of test cases. The approach expresses access control models in the specification language of a model checker and expresses generic access control properties in the property language. Then the approach uses the model checker to verify these properties for the access control models and generates test cases via combinatorial covering array for the system implementations of the models.