2020 IEEE/ACM 8th International Conference on Formal Methods in Software Engineering (FormaliSE)最新文献

筛选

英文中文

Security Verification of Industrial Control Systems using Partial Model Checking 基于部分模型检验的工业控制系统安全验证

2020 IEEE/ACM 8th International Conference on Formal Methods in Software Engineering (FormaliSE) Pub Date : 2020-05-01 DOI: 10.1145/3372020.3391558

T. Kulik, Jalil Boudjadar, P. Tran-Jørgensen

{"title":"Security Verification of Industrial Control Systems using Partial Model Checking","authors":"T. Kulik, Jalil Boudjadar, P. Tran-Jørgensen","doi":"10.1145/3372020.3391558","DOIUrl":"https://doi.org/10.1145/3372020.3391558","url":null,"abstract":"Industrial control systems are moving from isolated to distributed and cloud-connected architectures. While the operational benefits of this migration form the driving force for this trend, the necessary security assurance is often difficult to achieve. Formal methods, including model checking, provide capable technologies to deal with this challenge. However, when formal verification must account for the complexity of modern control systems the state space being explored grows drastically as more details are included in the analysis. This may eventually cause a state space explosion, which makes formal verification infeasible. To address this, we propose a method for decomposing cloud-connected control systems into modules representing the different parts of the system (clients, the cloud, the control network, etc.). Based on the decomposed version of the system, we use UPPAAL to model several well-known cyber attacks and formally verify the system’s behavior under these attacks. To determine viability of our approach, we first use statistical model checking SMC to assess the probabilities of success for selected attacks. Based on SMC outcomes, we use symbolic model checking to individually analyse the sub-system affected by each attack. The results obtained from this analysis are then used to demonstrate the feasibility of our approach. We demonstrate our method using an actual control system architecture provided by our industrial partner. CCS Concepts • Security and privacy → Logic and verification; Denial-of-service attacks; Security requirements.","PeriodicalId":448369,"journal":{"name":"2020 IEEE/ACM 8th International Conference on Formal Methods in Software Engineering (FormaliSE)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115529365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 3

Formal Model-Based Assurance Cases in Isabelle/SACM : An Autonomous Underwater Vehicle Case Study 伊莎贝尔/SACM中基于正式模型的保障案例:自主水下航行器案例研究

2020 IEEE/ACM 8th International Conference on Formal Methods in Software Engineering (FormaliSE) Pub Date : 2020-03-02 DOI: 10.1145/3372020.3391559

S. Foster, Yakoub Nemouchi, C. O'Halloran, K. Stephenson, N. Tudor

引用次数: 12

Relational Test Tables: A Practical Specification Language for Evolution and Security 关系测试表:一种用于进化和安全的实用规范语言

2020 IEEE/ACM 8th International Conference on Formal Methods in Software Engineering (FormaliSE) Pub Date : 2019-10-20 DOI: 10.1145/3372020.3391566

A. Weigl, Mattias Ulbrich, Suhyun Cha, Bernhard Beckert, B. Vogel‐Heuser

{"title":"Relational Test Tables: A Practical Specification Language for Evolution and Security","authors":"A. Weigl, Mattias Ulbrich, Suhyun Cha, Bernhard Beckert, B. Vogel‐Heuser","doi":"10.1145/3372020.3391566","DOIUrl":"https://doi.org/10.1145/3372020.3391566","url":null,"abstract":"A wide range of interesting program properties are relational, i.e., they described a relation between two program runs. Two prominent relational properties are the regression verification (proving conditional program equivalence), and non-interference (proving the absence of information flow). The verification of relational properties is hardly accessible to engineers due to the lack of appropriate specification languages for relational properties. In previous work, we introduced the concept of generalized test tables: a table-based specification language, which allows the tight temporal specification of functional (nonrelational) properties for reactive systems. We introduce relational test tables-an extension of generalized test tables for the specification of relational properties. Relational test tables support specification of k-safety properties (a super set of relational properties) between $kgeq 2$ program runs. We show the applicability of relational test tables by specifying and verifying change scenarios and information flow of reactive systems. We provide an implementation of the verification pipeline for programs following the IEC 61131-3 coding standard under http://github.com/VerifAPS/verifaps-lib.CCS CONCEPTS• Software and its engineering $rightarrow$ Software verification; Model checking; • General and reference $rightarrow$ Verification; • Security and privacy $rightarrow$ Software security engineering.","PeriodicalId":448369,"journal":{"name":"2020 IEEE/ACM 8th International Conference on Formal Methods in Software Engineering (FormaliSE)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129395711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

首页上一页