10,162 Hits in 6.8 sec

Formal Assurance Arguments: A Solution in Search of a Problem?

Patrick John Graydon
2015 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks  
An assurance case comprises evidence and argument showing how that evidence supports assurance claims (e.g., about safety or security).  ...  For example, formalisation might reduce the benefits of argumentation by limiting the audience to people who can read formal logic.  ...  ACKNOWLEDGMENT This work was funded by the Swedish Foundation for Strategic Research as part of the SYNOPSIS project and by Artemis as part of the nSafeCer project (grant 295373).  ... 
doi:10.1109/dsn.2015.28 dblp:conf/dsn/Graydon15 fatcat:cixumuibyvflzidgu36txkpvui

Semantic and logical foundations of global computing: Papers from the EU-FET global computing initiative (2001–2005)

Donald Sannella, Vladimiro Sassone
2007 Theoretical Computer Science  
are mobile, and their number, connectivity, and communication bandwidth may change during computation; • they have a limited knowledge of their working environment, and no global information about the  ...  Preface Global computing refers to systems of interacting computational agents exhibiting the following characteristics: • they are autonomous, in that their activity is not centrally coordinated; • they  ...  Acknowledgements We wish to thank the colleagues who acted as referees for this volume.  ... 
doi:10.1016/j.tcs.2007.09.017 fatcat:rfgqaf7lkbe7rd3fyjqfejoe6a

Identification of Security Requirements in Systems of Systems by Functional Security Analysis [chapter]

Andreas Fuchs, Roland Rieke
2010 Lecture Notes in Computer Science  
Based on this graph, we deduce a set of authenticity requirements for the input from the leaves of the derivation graph.  ...  In this paper we address the security engineering process for systems of systems.  ...  CONCLUSION The presented approach for deriving safety critical authenticity requirements in systems of systems solves several issues compared to existing approaches.  ... 
doi:10.1007/978-3-642-17245-8_4 fatcat:3koehi2ig5hbxjypykkvtpasxq

Mechanized metatheory for a $$\lambda $$ λ -calculus with trust types

Rodrigo Ribeiro, Lucília Figueiredo, Carlos Camarão
2013 Journal of the Brazilian Computer Society  
We give formal proofs of type soundness, erasure and simulation theorems and also prove decidability of the typing problem. As a result of our formalisation a certified type checker is derived.  ...  In this work, we use the Coq proof assistant to formalise a λ-calculus with trust types, originally formulated by Ørbaek and Palsberg.  ...  The authors used it to implement a web-based version of a Haskell interpreter, but no formal description of the safety inference process was given. Type systems for security.  ... 
doi:10.1007/s13173-013-0119-5 fatcat:jfdmzpfurfa3dblcubtlxootpu

Analysing Java's safety guarantees under concurrency

Andreas Lochbihler
2014 it - Information Technology  
Two features distinguish Java from other mainstream programming languages like C and C++: its builtin support for concurrency and safety guarantees such as type safety or safe execution in a sandbox.  ...  We show that type safety and Java's data race freedom guarantee hold.  ...  Third, tools for static analysis, debugging and verification of Java programs rely on type safety to, e.g., internally compute abstract representations such as control flow graphs and determine the possible  ... 
doi:10.1515/itit-2013-1037 fatcat:o456tjsfafearjrrjgjisug64q

Possibilistic Information Flow Control for Workflow Management Systems

Thomas Bauereiss, Dieter Hutter
2014 Electronic Proceedings in Theoretical Computer Science  
For this purpose, we define the semantics of a workflow as a state-event system and formalise security properties in a trace-based way, i.e. on an abstract level without depending on details of enforcement  ...  Graphical notations exist for specifying both workflows and associated security requirements. We present an approach for formally verifying that a workflow satisfies such security requirements.  ...  Acknowledgements We thank Richard Gay, Sylvia Grewe, Steffen Lortz, Heiko Mantel and Henning Sudbrock for providing a formalisation of the MAKS framework in Isabelle/HOL that allowed us to verify our main  ... 
doi:10.4204/eptcs.148.4 fatcat:2hefu3pau5e6rjhgm53ggxbj7u

Runtime verification of cryptographic protocols

Andreas Bauer, Jan Jürjens
2010 Computers & security  
Second, the implicit assumptions on the protocol participants are derived from the design model, formalised in linear-time temporal logic, and the validity of these formulae at runtime is monitored using  ...  Virtually all of these results, when applied to an actual implementation of a security protocol, rely on certain implicit assumptions on the implementation (for example, that the cryptographic checks that  ...  Acknowledgements We thank the reviewers for constructive feedback which led to a significant improvement of this paper. r e f e r e n c e s  ... 
doi:10.1016/j.cose.2009.09.003 fatcat:6xkwm6kqpjajfommn7t4efcy3q

Mechanised Assurance Cases with Integrated Formal Methods in Isabelle [article]

Yakoub Nemouchi, Simon Foster, Mario Gleirscher, Tim Kelly
2019 arXiv   pre-print
Assurance cases are often required as a means to certify a critical system.  ...  Our contribution is a mechanical framework for developing assurance cases with integrated formal methods based in the Isabelle system.  ...  Such systems include autonomous vehicles, traffic flow control, patient monitoring, surgical robot assistants, and building security automation.  ... 
arXiv:1905.06192v1 fatcat:34r6xufndfaatnljbarnbyiu6q

Modelling Security Properties in a Grid-based Operating System with Anti-Goals

Alvaro Arenas, Benjamin Aziz, Juan Bicarregui, Brian Matthews, Erica Y. Yang
2008 2008 Third International Conference on Availability, Reliability and Security  
We apply goal-refinement to derive security requirements for these two security goals and we develop a model of antigoals and show how system vulnerabilities and threats to the security goals can arise  ...  In this paper, we discuss the use of formal requirementsengineering techniques in capturing security requirements for a Grid-based operating system.  ...  We are also grateful to the GridTrust project for facilitating the tool to model the security requirements.  ... 
doi:10.1109/ares.2008.159 dblp:conf/IEEEares/ArenasABMY08 fatcat:kd3vrzj2rndlpavx7flhfx6lfq

Integration of Formal Proof into Unified Assurance Cases with Isabelle/SACM

Simon Foster, Yakoub Nemouchi, Mario Gleirscher, Ran Wei, Tim Kelly
2021 Formal Aspects of Computing  
We thus show that Isabelle is a suitable platform for critical systems assurance.  ...  We embed its functional specification into Isabelle, verify its security requirements, and form a modular security case in Isabelle/SACM that combines the heterogeneous artifacts.  ...  as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made.  ... 
doi:10.1007/s00165-021-00537-4 fatcat:25fhspkevrhdrbefh7ynkbiobu

Using Assurance Cases and Boolean Logic Driven Markov Processes to Formalise Cyber Security Concerns for Safety-Critical Interaction with Global Navigation Satellite Systems

Chris Johnson
2011 Electronic Communications of the EASST  
These threats are compounded by the difficulty of representing and reasoning about the impact of jamming, spoofing and insider threats for the end-users of safety-critical systems.  ...  We show how formal reasoning techniques can be used to identify the safety and security concerns that jeopardise interaction with future generations of Global Navigation Satellite Systems applications.  ...  Acknowledgements: The work described in the paper has been supported by the UK Engineering and Physical Sciences Research Council grant EP/I004289/1.  ... 
doi:10.14279/tuj.eceasst.45.679 dblp:journals/eceasst/Johnson11 fatcat:rydxnmpu6ret5kdk7rmsjhzc2u

Workshop on Security in Business Processes - A workshop report

Rafael Accorsi, Raimundas Matulevičius
2015 Enterprise Modelling and Information Systems Architectures - An International Journal  
These were the perspectives of secure business processes, security and compliance, security and Internet services, and engineering secure business processes.  ...  During one-day workshop, a number of important and emerging issues towards the security in business processes.  ...  This resulted in the method for combined harm assessment of safety and security for information systems. The project suggests a number of implications regarding the business process area.  ... 
doi:10.18417/emisa.8.1.5 dblp:journals/emisaij/AccorsiM13 fatcat:7umqptnvqfhztfkvwlxu5kxz3i

Using Formal Methods for Autonomous Systems: Five Recipes for Formal Verification [article]

Matt Luckcuck
2021 arXiv   pre-print
Autonomous systems use software to make decisions without human control, are often embedded in a robotic system, are often safety-critical, and are increasingly being introduced into everyday settings.  ...  Autonomous systems need robust development and verification methods, but formal methods practitioners are often asked: why use Why use Formal Methods for Autonomous Systems?.  ...  Because of the safety and security implications of an autonomous system failing, the most robust methods should be chosen for each system component and development phase.  ... 
arXiv:2012.00856v2 fatcat:hatdgqwbabbfdbngmjt4q2rroi

Analysis and Run-Time Verification of Dynamic Security Policies [chapter]

Helge Janicke, François Siewe, Kevin Jones, Antonio Cau, Hussein Zedan
2006 Lecture Notes in Computer Science  
Security policies and security mechanisms govern the access to information and other resources.  ...  In this paper we present a security model that allows to express dynamic access control policies that can change on time or events.  ...  Chop and Chopstar Derived constructs Following is a list of some derived constructs which are useful for the specification of systems: finite = ¬(true ; f alse): finite interval, i.e., any interval of  ... 
doi:10.1007/11683704_8 fatcat:5f3jmzcbbjfd7em32ju4p3txli

A survey on the formalisation of system requirements and their validation

Konstantinos Mokos, Panagiotis Katsaros
2020 Array  
A survey on the formalisation of system requirements and their validation Konstantinos Mokos, Panagiotis Katsaros • The state-of-the-art in formalisation and validation of system requirements is surveyed  ...  Formalisation and validation of system requirements provides early evidence of adequate specification, for reducing the validation tests and highcost corrective measures in the later system development  ...  , security, and performability.  ... 
doi:10.1016/j.array.2020.100030 fatcat:j25rort2vjcp5fkjr247nhvyra
« Previous Showing results 1 — 15 out of 10,162 results