Qian-Qian Lin,Shu-Ling Wang,Bo-Hua Zhan,Bin Gu

DOI: https://doi.org/10.1007/s11390-020-0537-8

IF: 1.871

2020-11-01

Journal of Computer Science and Technology

Abstract:Real-Time Publish and Subscribe (RTPS) protocol is a protocol for implementing message exchange over an unreliable transport in data distribution service (DDS). Formal modelling and verification of the protocol provide stronger guarantees of its correctness and efficiency than testing alone. In this paper, we build formal models for the RTPS protocol using Uppaal and Simulink/Stateflow. Modelling using Simulink/Stateflow allows analyzing the protocol through simulation, as well as generate executable code. Modelling using Uppaal allows us to verify properties of the model stated in TCTL (Timed Computation Tree Logic), as well as estimate its performance using statistical model checking. We further describe a procedure for translation from Stateflow to timed automata, where a subset of major features in Stateflow is supported, and prove the soundness statement that the Stateflow model is a refinement of the translated timed automata model. As a consequence, any property in a certain fragment of TCTL that we have verified for the timed automata model in Uppaal is preserved for the original Stateflow model.

computer science, software engineering, hardware & architecture

Huan Sun,Ziyu Mao,Jingyi Wang,Ziyan Zhao,Wenhai Wang

DOI: https://doi.org/10.1007/978-3-031-43681-9_13

2023-01-01

Abstract:Real-time operating systems (RTOSs) such as C/OS-II are critical components of many industrial systems, which makes it of vital importance to verify their correctness. However, earlier specifications for verification of RTOSs often do not explicitly specify the behavior of possible unbounded kernel service invocations. To address the problem, a new event-based modelling approach is recently proposed to treat the operating system as a concurrent reactive system (CRS). Besides, a respective parametric rely-guarantee style reasoning framework called PiCore is developed to verify such systems effectively. Witnessing the advancement, we conduct a case study to investigate the use of PiCore to compositionally verify two important entangled modules of a practical RTOS C/OS-II, i.e., the memory management module and the mailbox module. Several desirable safety properties regarding the memory pools and mailboxes are formally defined and proved with PiCore ( 2500 lines of specifications and proof scripts in Isabelle/HOL) based on a formal execution model considering the two modules simultaneously. We also discuss the shortcomings of PiCore for our case study and present possible improvement directions.

Huan Sun,Ziyu Mao,Jingyi Wang,Ziyan Zhao,Wenhai Wang

DOI: https://doi.org/10.1007/978-3-031-43681-9_13

2023-01-01

Abstract:Real-time operating systems (RTOSs) such as mu C/OS-II are critical components of many industrial systems, which makes it of vital importance to verify their correctness. However, earlier specifications for verification of RTOSs often do not explicitly specify the behavior of possible unbounded kernel service invocations. To address the problem, a new event-based modelling approach is recently proposed to treat the operating system as a concurrent reactive system (CRS). Besides, a respective parametric rely-guarantee style reasoning framework called PiCore is developed to verify such systems effectively. Witnessing the advancement, we conduct a case study to investigate the use of PiCore to compositionally verify two important entangled modules of a practical RTOS mu C/OS-II, i.e., the memory management module and the mailbox module. Several desirable safety properties regarding the memory pools and mailboxes are formally defined and proved with PiCore (approximate to 2500 lines of specifications and proof scripts in Isabelle/HOL) based on a formal execution model considering the two modules simultaneously. We also discuss the shortcomings of PiCore for our case study and present possible improvement directions.

Junya Xu,Jiaqi Yin,Huibiao Zhu,Lili Xiao

DOI: https://doi.org/10.2298/csis210707057x

2023-01-01

Computer Science and Information Systems

Abstract:Apache Kafka is an open source distributed messaging system based on the publish-subscribe model, which achieves low latency, high throughput and good load balancing. As a popular messaging system, the transmission of messages between applications is one of the core functions of Kafka. Therefore, the reliability and security of data in the process of message transmission in Kafka have become the focus of attention. The formal methods can analyze whether a model is highly credible. Therefore, it is significant to analyze Kafka messaging mechanism which describes the communication process and rules between each module entity in Kafka from the perspective of formal methods. In this paper, we apply the process algebra CSP (Communicating Sequential Processes) and the model checking tool PAT (Process Analysis Toolkit) to analyze Kafka messaging mechanism. The results of verification show that the model caters for its specification and guarantees the reliability of messages in the normal communication process. Moreover, in order to further analyze the security of Kafka messaging mechanism, we add the intruder model and the authentication protocol Kerberos model and compare the verification results of Kafka messaging mechanism with or without the secure protocol Kerberos. The results show that the Kerberos protocol has improved the security of Kafka messaging mechanism in some aspects, but there are still some security loopholes.

computer science, information systems, software engineering

Xu Ke,Wang YueXuan,Wu Cheng

DOI: https://doi.org/10.1007/s11432-007-0006-9

2007-01-01

Science in China Series F Information Sciences

Abstract:Ensuring the correctness and reliability of large-scale resource sharing and complex job processing is an important task for grid applications. From a formal method perspective, a grid service chain model based on state Pi calculus is proposed in this work as the theoretical foundation for the service composition and collaboration in grid. Following the idea of the Web Service Resource Framework (WSRF), state Pi calculus enables the life-cycle management of system states by associating the actions in the original Pi calculus with system states. Moreover, model checking technique is exploited for the design-time and run-time logical verification of grid service chain models. A grid application scenario of the dynamic analysis of material deformation structure is also provided to show the effectiveness of the proposed work.

Tieming Chen,Zhenbo Yu,Shijian Li,Bo Chen

DOI: https://doi.org/10.1155/2016/8797568

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the nodemobility related specification for modeling location-based node activity. Then, the traditional Dolev Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

Yu Jiang,Houbing Song,Rui Wang,Ming Gu,Jiaguang Sun,Lui Sha

DOI: https://doi.org/10.1109/tii.2016.2573762

IF: 12.3

2017-01-01

IEEE Transactions on Industrial Informatics

Abstract:Wireless medical cyber-physical systems are widely adopted in the daily practices of medicine, where huge amounts of data are sampled by the wireless medical devices and sensors, and is passed to the decision support systems (DSSs). Many text-based guidelines have been encoded for work-flow simulation of DSS to automate health care based on those collected data. But for some complex and life-critical diseases, it is highly desirable to automatically rigorously verify some complex temporal properties encoded in those data, which brings new challenges to current simulation-based DSS with limited support of automatical formal verification and real-time data analysis. In this paper, we conduct the first study on applying runtime verification to cooperate with current DSS based on real-time data. Within the proposed technique, a user-friendly domain specific language, named DRTV, is designed to specify vital real-time data sampled by medical devices and temporal properties originated from clinical guidelines. Some interfaces are developed for data acquisition and communication. Then, for medical practice scenarios described in DRTV model, we will automatically generate event sequences and runtime property verifier automata. If a temporal property violates, real-time warnings will be produced by the formal verifier and passed to medical DSS. We have used DRTV to specify different kinds of medical care scenarios and have applied the proposed technique to assist existing wireless medical cyber-physical system. As presented in experiment results, in terms of warning detection, it outperforms the only use of DSS or human inspection, and improves the quality of clinical health care of hospital.

Zohra Sbaï,Mohamed Escheikh

DOI: https://doi.org/10.48550/arXiv.1305.4247

2013-05-18

Logic in Computer Science

Abstract:In this paper, we deal with the formal verification of an encryption scheme for Wireless Sensor Networks (WSNs). Especially, we present our first results on building a framework dedicated to modelling and verification of WSNs aspects. To achieve our goal, we propose to specify WSNs models written in Petri nets using Promela constructs in order to verify correctness properties of them using SPIN Model checker. We first specify in Promela a Petri net description of an encryption scheme for WSNs that describes its behavior. Then, correctness properties that express requirements on the system's behavior are formulated in Linear Temporal Logic (LTL). Finally, SPIN model checker is used to check if a specific correctness property holds for the model, and, if not, to provide a counterexample: a computation that does not satisfy this property. This counterexample will help to detect the source of the eventual problem and to correct it.

Zhiru Hou,Lili Xiao,Huibiao Zhu,Phan Cong Vinh

DOI: https://doi.org/10.1007/s11036-024-02332-w

2024-09-15

Mobile Networks and Applications

Abstract:The secure transmission of information is receiving more and more attention nowadays. Aeolus is a novel platform designed to enhance the development of distributed applications by preventing unauthorized disclosure of information. And one of the most representative systems for information transmission is the file system, therefore it is of great significance to formally analyze the Aeolus-based file system. In this paper, we use Communicating Sequential Processes (CSP) to model and formalize the file system based on Aeolus. Moreover, we utilize the Process Analysis Toolkit (PAT) to simulate and verify the CSP description of our established model. We specifically verify the validity of five properties: Deadlock Freedom, Divergence Freedom, Reachability, Secrecy, and Integrity. The verification results demonstrate that the model successfully satisfies these properties, affirming the effectiveness of the framework in ensuring file operations and guaranteeing the secure transmission of information.

computer science, information systems,telecommunications, hardware & architecture

Shamim Ripon,Sumaya Mahbub,K. M. Intiaz-ud-Din

DOI: https://doi.org/10.7763/IJET.2013.V5.553

2014-03-08

Abstract:The advancement of mobile and wireless communication technologies in recent years introduced various adaptive protocols to adapt the need for secured communications. Security is a crucial success factor for any communication protocols, especially in mobile environment due to its ad hoc behavior. Formal verification plays an important role in development and application of safety critical systems. Formalized exhausted verification techniques to analyze the security and the safety properties of communications protocols increase and confirm the protocol confidence. SPIN is a powerful model checker that verifies the correctness of distributed communication models in a rigorous and automated fashion. This short paper proposes a SPIN based formal verification approach of a security adaptive protocol suite. The protocol suite includes a neighbor discovery mechanism and routing protocol. Both parts of the protocol suite are modeled into SPIN and exhaustively checked various temporal properties which ensure the applicability of the protocol suite in real-life applications.

Networking and Internet Architecture

Shan Zhou,Jinbo Wang,Jiao Jia,Chi Zhang,Ruixue Wang

DOI: https://doi.org/10.1109/tr.2022.3166548

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:System on programmable chip (SOPC) is a kind of system on a programmable chip. The system architecture is superior to the traditional design pattern. The system has an on-chip bus between the processor and the programmable logic, which forms a high bandwidth, low latency, connection, and has rich flexible customization of IP. It also has advantages of low power consumption and high performance. The application in the field of high reliable proportion rising year by year. However, the change of system architecture and the expansion of software scale have brought great impact on the simulation test method and the physical test method. The existing dynamic testing methods are based on limited testing scenarios to investigate the system. It is difficult to find hidden errors in the design of complex connection segments, such as the errors in the on-chip bus transmission, the errors in the hardware and software coupling, and so on. Due to system scale of the state-space explosion problem and various forms IP, SOPC cannot apply formal verification techniques. In this article, we propose a SOPC formalized validation framework. It is based on polymorphous IP abstraction modeling, common formal properties analysis, and modeling methods in system architecture and other high-risk areas. The experimental results show that the proposed algorithm and the established SOPC formal verification framework can introduce the formal verification technique to SOPC high-risk area verification, and it can be used as the guidance of SOPC formal verification.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Jin Lv,Yongxin Zhao,Xi Wu,Yongjian Li,Qiang Wang

DOI: https://doi.org/10.1109/tr.2020.3026689

IF: 5.883

2021-09-01

IEEE Transactions on Reliability

Abstract:Time sensitive networking (TSN) is an emerging technology for in-vehicle networks, which has strict timing constraints and dependability requirements. The performance and efficiency of TSN depend on a reliable scheduling mechanism for real-time communications. Traditionally, the TSN scheduler is analyzed using simulations and testing, which are error-prone and inaccurate. In this article, we employ a timed model checker UPPAAL to formally model and analyze the TSN scheduler with a consideration of its transmission latency and time utilization. We first use the build-in assertion in UPPAAL to verify the deadlock-free property, safety property, and starvation-free property of our model. Then, we calculate the time utilization and the transmission delay of audio video bridging data frame under two scheduling mechanisms according to the simulation process. Then, we compared the time performance of this two scheduling mechanisms and found that each of them has their own advantages and disadvantages. This article provides a formal analysis framework for investigating scheduling strategies in TSN, which facilitates the designers to have a better understanding and development of TSN schedulers in the future.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Liu Yezhou,Nicolescu Radu,Sun Jing

DOI: https://doi.org/10.1007/s41965-021-00080-4

2020-01-01

Journal of Membrane Computing

Abstract:As a recently proposed membrane computing model, cP systems are capable of solving computational hard and distributed problems. Although several membrane system variants were formally verified in previous research, none of their approaches was applicable to cP systems. To formally verify the safety and liveness properties of cP systems, we solve a famous NP-Complete problem—the subset sum problem—in cP systems and use the PAT3 and ProB model checkers to verify the cP solution. Our cP solution outperforms previous work in time complexity and uses fewer rules. To perform model checking in cP systems, we define several mapping rules from cP notation to formal verification languages CSP# and B. We show that we can use model checkers to effectively detect design errors in cP systems. This work is the first study on formal verification of cP systems, and it showed that cP models can be effectively transformed into model checking problems and verified automatically.

HU Yi,YU Dong,YUE Dong-feng,LIU Xu-jun,HUANG Jun

2009-01-01

Abstract:Based on the research about conventional communication mechanism,for the features of CNC Fieldbus,a new RTPS-based communication mechanism for CNC Fieldbus is presented.The RTPS architecture and the key message-oriented middleware are expatiated firstly,then formal analysis methods and probabilistic timed automata are adopted to analysis and construct system state transfer model of the proposed mechanism.Finally,experiments by using PRISM model checker are carried out to check the stability and realtime performance of this mechanism.The results prove that the new communication mechanism can be suitable for CNC Fieldbus demands.

Mohammed Foughali,Alexander Zuepke

DOI: https://doi.org/10.3389/frobt.2022.791757

2022-04-13

Abstract:Due to the severe consequences of their possible failure, robotic systems must be rigorously verified as to guarantee that their behavior is correct and safe. Such verification, carried out on a model, needs to cover various behavioral properties (e.g., safety and liveness), but also, given the timing constraints of robotic missions, real-time properties (e.g., schedulability and bounded response). In addition, in order to obtain valid and useful verification results, the model must faithfully represent the underlying robotic system and should therefore take into account all possible behaviors of the robotic software under the actual hardware and OS constraints (e.g., the scheduling policy and the number of cores). These requirements put the rigorous verification of robotic systems at the intersection of at least three communities: the robotic community, the formal methods community, and the real-time systems community. Verifying robotic systems is thus a complex, interdisciplinary task that involves a number of disciplines/techniques (e.g., model checking, schedulability analysis, component-based design) and faces a number of challenges (e.g., formalization, automation, scalability). For instance, the use of formal verification (formal methods community) is hindered by the state-space explosion problem, whereas schedulability analysis (real-time systems) is not suitable for behavioral properties. Moreover, current real-time implementations of robotic software are limited in terms of predictability and efficiency, leading to, e.g., unnecessary latencies. This is flagrant, in particular, at the level of locking protocols in robotic software. Such situation may benefit from major theoretical and practical findings of the real-time systems community. In this paper, we propose an interdisciplinary approach that, by joining forces of the different communities, provides a scalable and unified means to efficiently implement and rigorously verify real-time robots. First, we propose a scalable two-step verification solution that combines formal methods and schedulability analysis to verify both behavioral and real-time properties. Second, we devise a new multi-resource locking mechanism that is efficient, predictable, and suitable for real-time robots and show how it improves the latter's real-time behavior. In both cases, we show, using a real drone example, how our approach compares favorably to that in the literature. This paper is a major extension of the RTCSA 2020 publication "A Two-Step Hybrid Approach for Verifying Real-Time Robotic Systems."

Feng Zhang,Yongwang Zhao,Dianfu Ma,Wensheng Niu

DOI: https://doi.org/10.1109/access.2017.2770323

IF: 3.9

2017-01-01

IEEE Access

Abstract:AADL along with its Behavior Annex is an architecture and behavior description language for safety-critical domains, e.g. avionics, aerospace, and defence. In order to formally analyze behavior properties of AADL models, it is necessary to transform the AADL language into formal languages supported by formal verification tools. Moreover, comprehensive formal verification of AADL models highly requires that the transformation supports larger subset of the AADL language, as well as verification tools are able to capture various behavior of AADL, such as concurrency and timing. As an extended communicating sequential process (CSP), stateful timed CSP with its model checker-PAT provide an strongly expressive language and verification tool for real-time systems, distributed systems, and concurrent systems. This paper introduces a model transformation approach from a comparatively complete subset of AADL to stateful timed CSP, in particular supporting major components of AADL Behavior Annex. We propose a comprehensive set of transformation rules for AADL to stateful timed CSP. Then, we perform formal verification in PAT to analyze concurrent behavior properties of AADL models, such as safety, liveness, and trace refinement with various fairness assumptions, in which we consider time capacities, deadlines, periods of AADL threads and durations of AADL processes. As a study case, we develop an AADL model of F-16 “Auto Pilot Controller”and transform the model into Stateful Timed CSP. We specify a set of critical properties of the model and perform formal verification in PAT.

Z ZANG,G LUO,C YIN,臧志远,罗贵明,殷翀元

DOI: https://doi.org/10.1016/S1007-0214(09)70011-2

2009-01-01

Abstract:In networks, the stable path problem (SPP) usually results in oscillations in interdomain systems and may cause systems to become unstable. With the rapid development of internet technology, the occurrence of SPPs in interdomain systems has quite recently become a significant focus of research. A framework for checking SPPs is presented in this paper with verification of an interdomain routing system using formal methods and the NuSMV software. Sufficient conditions and necessary conditions for determining SPP occurrence are presented with proof of the method's effectiveness. Linear temporal logic was used to model an interdomain routing system and its properties were analyzed. An example is included to demonstrate the method's reliability.

张凤玲,卜磊,王林章,赵建华,李宣东

DOI: https://doi.org/10.1360/112012-498

2013-01-01

Scientia Sinica Informationis

Abstract:Recently, sensor technology has seen significant achievement. Meanwhile, Wireless Sensor Network (WSN) technique has attracted lots of attention because of its open and dynamic behaviors, and has become a very important component of the Internet-based computing. The behavior of WSN system is very complex and may encounter lots of stochastic uncertainties and disturbances like message loss and node dynamics. Furthermore, WSN system is difficult to change and maintain once it is deployed. Thus, it is critical to ensure the quality of the low level protocols of WSN system in design phase. Designers should ensure the logical correctness of a protocol, as well as evaluate the performance of the protocol under certain target environments. To handle these issues, in this paper, we propose a framework to analyze and evaluate WSN protocols based on stochastic timed automata and statistical model checking. We propose to address the modeling of the uncertainties in the realistic behaviors by weighted stochastic transitions in the timed automata model of the protocol. Furthermore, we propose that the performance of the protocol under realistic environments should be evaluated by statistical model checking which is much cheaper and more scalable. To illustrate the feasibility and detail of the modeling and verification approach presented in this paper, two well-known WSN protocols, Timing-sync Protocol for Sensor Networks (TPSN) and Flooding Time Synchronization Protocol (FTSP), are studied thoroughly throughout the paper.

Huiquan Zhu,Jing Sun,Jin Song Dong,Shang-Wei Lin

DOI: https://doi.org/10.1007/s11334-015-0269-z

2015-01-01

Innovations in Systems and Software Engineering

Abstract:CSP# is a formal modeling language that emphasizes the design of communication in concurrent systems. PAT framework provides a model checking environment for the simulation and verification of CSP# models. Although the desired properties can be formally verified at the design level, it is not always straightforward to ensure the correctness of the system’s implementation conforms to the behaviors of the formal design model. To avoid human error and enhance productivity, it would be beneficial to have a tool support to automatically generate the executable programs from their corresponding formal models. In this paper, we propose such a solution for translating verified CSP# models into C# programs in the PAT framework. We encoded the CSP# operators in a C# library-“PAT.Runtime”, where the event synchronization is based on the “Monitor” class in C#. The precondition and choice layers are built on top of the CSP event synchronization to support language-specific features. We further developed a code generation tool to automatically transform CSP# models into multi-threaded C# programs. We proved that the generated C# program and original CSP# model are equivalent on the trace semantics. This equivalence guarantees that the verified properties of the CSP# models are preserved in the generated C# programs. Furthermore, based on the existing implementation of choice operator, we improved the synchronization mechanism by pruning the unnecessary communications among the choice operators. The experiment results showed that the improved mechanism notably outperforms the standard JCSP library.

Fengling Zhang,Lei Bu,Linzhang Wang,Jianhua Zhao,Xin Chen,Tian Zhang,Xuandong Li

DOI: https://doi.org/10.1016/j.entcs.2013.09.001

2013-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Wireless Sensor Networks (WSNs) are widely used in different kinds of environments. They may encounter lots of stochastic uncertainties and disturbances like message loss and node dynamics. Thus, it is critical to ensure the correctness of low level protocols in WSNs and evaluate their performance under different circumstances. In this paper, we propose a new method to analyze and evaluate WSN protocols based on stochastic timed automata and statistical model checking. For modeling, the work flow of a WSN protocol can be modeled with classical timed automata. Then, to model the uncertainties such as message loss and node dynamics, which are common in realistic circumstances, the timed automata can be extended by stochastic transitions, resulting in the stochastic timed automata. For analysis, the correctness of the protocol can be answered by classical model checking on the timed automata, while the performance of the protocol under realistic environments can be evaluated by statistical model checking on the stochastic model. To illustrate the feasibility and scalability of the modeling and verification method presented in this paper, Timing-sync Protocol for Sensor Networks (TPSN) will be studied completely throughout the paper.