A verification approach to applied system security

We present a method for the security analysis of realistic models over off-the-shelf systems and their configuration by formal, machine-checked proofs. The presentation follows a large case study based on a formal security analysis of a CVS-Server architecture.The analysis is based on an abstract architecture (enforcing a role-based access control), which is refined to an implementation architecture (based on the usual discretionary access control provided by the POSIX environment). Both architectures serve as a skeleton to formulate access control and confidentiality properties.Both the abstract and the implementation architecture are specified in the language Z. Based on a logical embedding of Z into Isabelle/HOL, we provide formal, machine-checked proofs for consistency properties of the specification, for the correctness of the refinement, and for security properties.     

Editing graphs to satisfy degree constraints: A parameterized approach

We study a wide class of graph editing problems that ask whether a given graph can be modified to satisfy certain degree constraints, using a limited number of vertex deletions, edge deletions, or edge additions. The problems generalize several well-studied problems such as the General Factor Problem and the Regular Subgraph Problem. We classify the parameterized complexity of the considered problems taking upper bounds on the number of editing steps and the maximum degree of the resulting graph as parameters.     

Specifying software features for composition: A tool-supported approach

Development of several computing and communication technologies is enabling the widespread availability of pervasive systems. In smart home applications, household appliances—such as security alarms, heating systems, doors and windows—are connected to home digital networks. These applications offer features that are typically developed by disparate vendors, and when composed together, these features are expected to work together harmoniously. Engineering these systems poses two main challenges. The first challenge is: how can developers of individual features specify the features in order to make them composable with other hitherto unknown features? The second challenge is: when composition of features does not produce the desired behaviour, what can be done to resolve this non-intrusively? This article argues that the two issues are intrinsically related, and proposes an approach that addresses the first challenge in a way that makes the second challenge manageable. In particular, we describe a way of writing feature specifications in which assumptions about the problem world are made explicit. These feature assumptions can then be evaluated at runtime in order to preserve the desired system behaviour to the extent possible. Our approach is illustrated with examples from smart home applications.     

Modula: A language for modular multiprogramming

This paper defines a language called Modula, which is intended primarily for programming dedicated computer systems, including process control systems on smaller machines. The language is largely based on Pascal, but in addition to conventional block structure it introduces a so-called module structure. A module is a set of procedures, data types and variables, where the programmer has precise control over the names that are imported from and exported to the environment. Modula includes general multiprocessing facilities, namely processes, interface modules and signals. It also allows the specification of facilities that represent a computer's specific peripheral devices. Those given in this paper pertain to the PDP-11.     

Human factors approach for evaluation and redesign of human–system interfaces of a nuclear power plant simulator

Nuclear power production is a safety-critical process where ultimate execution of process change decisions lie with the operators. Thus it is important to provide the best possible decision support through effective supervisory control operator interfaces. This requires a human factors/ergonomics approach in the modernization of analog instrumentation and control systems of the existing nuclear power plants. In this article, we describe how this approach is being used for modernization of the ANGRA I power plant. Using a cognitive task analysis (CTA) approach, we observed operators working on an advanced control room of a nuclear power plant digital simulator and noted several opportunities for improvement in the human/system interfaces related to the graphics design, alarm systems and procedure integration. A redesigned prototype was constructed as an alternative to the current simulator and hardcopy procedure manuals. The design improves upon the graphical layout of system information and provides better integration of procedures, automation and alarm systems. The design was validated by expert opinion and a scenario-based comparison.

Relevance to industry

Human factors/ergonomics are not playing the role they deserve in the design of process control systems making them less controllable than they could be if human factors were adequately incorporated. The use of human factors approach in the design of process control systems throughout the industry presents many opportunities for improvements with regard to system effectiveness, efficiency, reliability and safety.     

A requirements-based programming approach to developing a NASA autonomous ground control system

A new requirements-based programming approach to the engineering of computer-based systems offers not only an underlying formalism, but also full formal development from requirements capture through to the automatic generation of provably-correct code. The method, Requirements-to-Design-to-Code (R2D2C), is directly applicable to the development of autonomous systems and systems having autonomic properties. We describe both the R2D2C method and a prototype tool that embodies the method, and illustrate the applicability of the method by describing how the prototype tool could be used in the development of LOGOS, a NASA autonomous ground control system that exhibits autonomic behavior. Finally, we briefly discuss other possible areas of application of the approach.     

The implicit set paradigm: A new approach to finite state system verification

This paper presents a new state of the art in the field of finite state system verification. The paradigm of this approach is to represent and to manipulate these systems in an implicit, way. The computational costs of the verification procedures using this paradigm depend on the costs of the operations performed on this implicit representation instead of the number of states and transitions of the verified systems. This paradigm allows these new verification procedures to overcome the limitations of previously availble techniques.     

Specification and validation of a concurrent system: an educational project

For several years we have been in charge of a course on specification and validation of concurrent and reactive systems. At the end of this course, the students must carry out a project dealing with a model railway. They have to specify the railway, validate their model, and finally translate it into a program controlling the model railway with up to five trains. In this paper, after presenting the project, we describe how the railway is specified and checked, step by step, by the students. We also explain how the analysis results lead to a policy for the switch control. Finally, we include some remarks about the implementation. Published online: 24 August 2001     

A CAD-Based hierarchical approach to interference detection among fixture modules in a reconfigurable fixturing system

A reconfigurable fixturing system has been developed for a computer-integrated assembly environment. The fixturing system employs a number of fixture modules which are set-up, adjusted and changed automatically by the assembly robot. A dedicated software program has been developed for the design, analysis, and verification of the fixture layout. The software program has been integrated with a commercially available computer-aided design (CAD) package to provide a user-friendly platform for modeling and display purposes. The robot program for setting up, adjusting, and dismantling the designed fixture is generated automatically. Interference between fixture modules during the fixture construction may arise due to incorrect selection of the fixture contact points at the design stage. The objective of the work described here is to develop a hierarchical approach for calculation of interference between fixture modules in a reconfigurable fixturing system. The formulation for the interference detection employs geometrical constraints as the basis. The approach does not require detailed simulation of the fixture construction for interference detection.     

Providing standard-oriented data models and interfaces to eGovernment services: A semantic-driven approach

As eGovernment becomes a very active research area, a lot of solutions to solve citizens' needs are being deployed. These solutions, even of a high quality, suffer from some drawbacks. Most of them related to the lack of interoperability among different Public Administrations or the difficulties to locate or invoke the desired service. To deal with these issues, a semantic-based approach centered in citizens is proposed. This paper tackles the provision of a front-end solution to access services in Public Administrations. A complete software interface within a holistic model of service is deeply discussed.     

一种从Z到精化演算的软件开发方法

一、引言形式化方法的研究和应用已有二十多年的历史,源于Dijkstra和Hoare的程序验证以及Scott、stratchey等人的程序语义研究,指为保证复杂系统的可靠性,以数学为基础对其进行精确描述和验证的语言、技术和工具。形式化方法的关键在于形式规约语言。通过语法和语义有严格数学定义的形式规约语言对系统及其各方面性能的描述,产生系统的形式规约,可以帮助开发者获得对所描述系统的深刻理解,并通     

Verifying a distributed list system: A case history

The background for this paper is twofold: One is the definition of a caching protocol for shared memory parallel computers called SCI, and the other is the usage of rewriting techniques in program verification. The paper concentrates on a linked list system, which is a central aspect of the caching protocol. We first describe an informal proof of this system, including a rather large invariant. Thereafter we show how the list system and the invariant can both be described in the formalism of rewriting logic, and we use this to carry through a significant part of the verification mechanically, using the OBJ3 interpreter.     

A new simulation approach to the freezing transition

The task of accurately locating fluid-crystal phase boundaries by computer simulation is hampered by problems associated with traversing mixed-phase states. We describe a recently introduced Monte Carlo (MC) method that circumvents this problem by implementing a global coordinate transformation (“phase switch”) which takes the system from one pure phase to the other in a single MC step. The method is potentially quite general. We illustrate it by application to the freezing of hard spheres.     

奇异线性系统最优估计的多项式方法

基于多项式ARMA新息模型方法提出了随机奇异线性离散时间系统的稳态最优估计.估值器的增益矩阵是通过新息分析和射影方法推得;其计算归结为求解一个多项式方程和谱分解.这一结果是最优估计多项式方法在奇异系统中的应用.     

Rescuing interfaces: A multi-year study of human-robot interaction at the AAAI Robot Rescue Competition

This paper presents results from three years of studying human-robot interaction in the context of the AAAI Robot Rescue Competition. We discuss our study methodology, the competitors’ systems and performance, and suggest ways to improve human-robot interaction in urban search and rescue (USAR) as well as other remote robot operations.

A behavioral analysis and verification approach to pattern-based design composition

Integrating software components to produce large-scale software systems is an effective way to reuse experience and reduce cost. However, unexpected interactions among components when integrated into software systems are often the cause of failures. Discovering these composition errors early in the development process could lower the cost and effort in fixing them. This paper introduces a rigorous analysis approach to software design composition based on automated verification techniques. We show how to represent, instantiate and integrate design components, and how to find design composition errors using model checking techniques. We illustrate our approach with a Web-based hypermedia case study.     

A parametric programming approach to moving-horizon state estimation

We propose a solution to moving-horizon state estimation that incorporates inequality constraints in both a systematic and computationally efficient way, akin to Kalman filtering. The proposed method allows the on-line constrained optimization problem involved in moving-horizon state estimation to be solved offline, requiring only a look-up table and simple function evaluations for real-time implementation. The method is illustrated via simulations on a system that has been studied in literature.     

利用HyperChem获取反应过渡态的方法

利用HyperChem的动态数据交换DDE(Dynamic Data Exchange)功能，通过Excel中的Visual BasicA编程来控制HyperChem的运行，从而控制反应过程中的反应坐标和反应步长，计算得到反应系统沿反应坐标的能量变化曲线，从而可获取反应的过渡态和活化能△E。利用该计算方法搜寻了喹啉分子在S-Mo-Ni催化剂晶体表面催化加氢反应的过渡态，取得较好的效果。利用该方法可以确定复杂反应过渡态，从而为实验研究起理论指导作用。