Formal verification of safety communication protocol for ETCS Chen Lijie 08.06.2011  Introduction  Safety communication protocol in ETCS  CPN model.

Slides:

Advertisements

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Advertisements

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.

LIFE CYCLE MODELS FORMAL TRANSFORMATION

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

CPSC 322, Lecture 19Slide 1 Propositional Logic Intro, Syntax Computer Science cpsc322, Lecture 19 (Textbook Chpt ) February, 23, 2009.

Tele Design of Reactive Systems Summer 2001 Prof. Dr. Stefan Leue Institute for Computer Science Albert-Ludwigs-Universität Freiburg

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

PROOF TRANSLATION AND SMT LIB CERTIFICATION Yeting Ge Clark Barrett SMT 2008 July 7 Princeton.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

VERTAF: An Application Framework for Design and Verification of Embedded Real-Time Software Pao-Ann Hsiung, Shang-Wei Lin, Chih-Hao Tseng, Trong-Yen Lee,

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

Modelling with Coloured Petri Nets Søren Christensen Department of Computer Science University of Aarhus.

Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.

1 Advanced Material The following slides contain advanced material and are optional.

Formal methods Basic concepts. Introduction  Just as models, formal methods is a complement to other specification methods.  Standard is model-based.

On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Computer Science 340 Software Design & Testing Design By Contract.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Research on Dependability and Security - Dr. Panagiotis Katsaros, Lecturer - Dr. Lefteris Angelis, Assistant Professor - collaboration with other academic.

© Siemens AG, CT SE 1, Dr. A. Ulrich C O R P O R A T E T E C H N O L O G Y Research at Siemens CT SE Software & Engineering Development Techniques.

DOPROPC: a domain property pattern system helping to specify control system requirements Fan WuHehua ZhangMing Gu School of Software, Tsinghua University.

Compositional IS Development Framework Application Domain Application Domain Pre-existing components, legacy systems Extended for CD (ontologies) OAD Methods.

Chapter 8 Architecture Analysis. 8 – Architecture Analysis 8.1 Analysis Techniques 8.2 Quantitative Analysis  Performance Views  Performance.

Protocol Architectures. Simple Protocol Architecture Not an actual architecture, but a model for how they work Similar to “pseudocode,” used for teaching.

XpsOES : A New Tool for Improving Safety at Workplace Yasar Kucukefe, Ph.D., National Power Energy.

Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.

© Andrew IrelandDependable Systems Group ITI Techmedia and Technology Transfer Andrew Ireland Dependable Systems Group School of Mathematical & Computer.

Introduction to Formal Methods Based on Jeannette M. Wing. A Specifier's Introduction to Formal Methods. IEEE Computer, 23(9):8-24, September,

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )

Yang Liu, Jun Sun and Jin Song Dong School of Computing National University of Singapore.

Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.

Verification and Validation in the Context of Domain-Specific Modelling Janne Merilinna.

Towards an Automatic Verification of Interactive Scores and their Real-Time Performance Jaime Arias, Myriam Desainte-Catherine and Camilo Rueda (Carlos.

Safety-Critical Systems 5 Testing and V&V T

FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.

3 June Paris Seminar Modelling and Analysis of TCP’s Connection Management Procedures Jonathan Billington and Bing Han Computer Systems Engineering.

Basic Concepts of Component- Based Software Development (CBSD) Model-Based Programming and Verification.

1 VERTAF: An Object-Oriented Application Framework for Embedded Real-Time Systems Pao-Ann Hsiung*, Trong-Yen Lee, Win-Bin See, Jih-Ming Fu, and Sao-Jie.

Over View of CENELC Standards for Signalling Applications

International Workshop Jan 21– 24, 2012 Jacksonville, Fl USA Model-based Systems Engineering (MBSE) Initiative Slides by Henson Graves Presented by Matthew.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

Modelling Reactive Systems 4 Professor Muffy Calder Dept. of Computing Science University of Glasgow

Open Incremental Model Checking (OIMC) and the Role of Contracts Model-Based Programming and Verification.

Applicability Analysis of Software Testing for Actual Operating Railway Software Jong-Gyu Hwang 1, Hyun-Jeong Jo 1, Baek-Hyun Kim 1, Jong-Hyun Baek 1 1.

Comp 684: Davit Stepanyan1 Software Architecture in Industrial Applications by Davit Stepanyan

SAFEWARE System Safety and Computers Chap18:Verification of Safety Author : Nancy G. Leveson University of Washington 1995 by Addison-Wesley Publishing.

Properties as Processes : FORTE slide Properties as Processes: their Specification and Verification Joel Kelso and George Milne School of Computer.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

© Andrew IrelandGrand Challenges for Computing Research 2004 The Verifying Compiler Andrew Ireland Dependable Systems Group School of Mathematical & Computer.

Formal methods its uses and limitations. A little about formality Objective knowledge / information Objective knowledge / information Information brought.

CENG 424-Logic for CS Introduction Based on the Lecture Notes of Konstantin Korovin, Valentin Goranko, Russel and Norvig, and Michael Genesereth.

Software Verification and Validation

Software Requirements

Software Design Methodology

Department of Computer Science Abdul Wali Khan University Mardan

Dept. of Computation, UMIST

Computer Science 340 Software Design & Testing

Computer in Safety-Critical Systems

Presentation transcript:

Formal verification of safety communication protocol for ETCS Chen Lijie  Introduction  Safety communication protocol in ETCS  CPN model of safety communication protocol  Formal verification of protocol  Conclusions

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 2 Introduction User requirement System design Verification Necessity of verification give certainty about satisfaction of a required property “ Jae-Dong Lee. Verification and conformance test generation of communication protocol for railway signalling systems. Computer Standards & Interfaces” Conformance test Necessity of verification

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 3 A communication system could be represented by Petri-net Petri-net could be applied for verification of safety-critical system ASK-CTL in CPN Tools is common method for model checking Introduction Necessity to apply Petri-net for verification

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 4 Safety communication protocol for ETCS Importance of safety for a communication system The train ahead stops If the following train does not receive the command that it should stop, it will go on running and collide with the train ahead

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 5 Safety communication protocol for ETCS It is needed to add safety-related transmission function upon the non-trusted channel EURORADIO(commun ication system in ETCS) could include 3 layers Application layer Safety layer Channel Establish safety connection Transmit any message Process data Safety communication protocol is executed in safety layer, functioned as a safety-related transmission system Structure of communication system in ETCS ETCS SUBSET 037

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 6 CPN model of safety communication protocol General model of communication system ETCS Specification subset 037

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 7 CPN model of safety communication protocol CPN model of safety logic in the protocol ETCS Specification subset 037

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 8 Formal verification of protocol Verification of domain-independent property – Boundedness, Liveness Verify property independent of domain knowledge, including basic property Petri-net model should satisfy. Verification of domain-related property - Safety Verify property related to domain knowledge, including property safety communication protocol should satisfy. Formal verification of protocol

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 9 Verification of boundedness Basic definitions in Petri-net

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 10 Verification of boundedness Theorem for verification of boundedness

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 11 Y 1 = [1, 1, 1, 1, 0] T Verification of boundedness Low level petri net model of the protocol

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 12 Y 2 = [0, 0, 0, 0, 1] T Y n = [1, 1, 1, 1, 1] T > 0The protocol model has boundedness Verification of boundedness Low level petri net model of the protocol

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 13 Verification of liveness Code to query dead markings Query the dead markings in state space

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 14 Verification of liveness Code to query invalid dead markings Define possible valid terminal markings Query invalid terminal markings in dead markings

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 15 Verification of safety Code to query unsafe state Unsafe state: safety connection state is still disconnected when it should transmit data. Query unsafe state in the entire state space

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 16 Something bad never happens: the case that safety connection fails to establish never happens. Safety requirement Verification of safety ASK-CTL to query unsafe state Judge if anti- proposition of function unsafe is true, namely if there does not exist state defined in unsafe

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 17 Conclusions Petri-net is a suitable method to verify safety communication protocol. A state representation of the safety communication protocol is developed in the form of CPN. This allows Poseidon and Design/CPN tool to be used for the verification. By using a state space analysis it is proved that dead markings in the protocol model are reasonable. Design/CPN transforms the aim of verification into formal description and verifies the model. As a result, it is found that the safety communication protocol could never fail to establish safety connection.

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 18 References [1]Euroradio FIS ： class 1 requirements[EB/OL], [2]Jae-Dong Lee, Jae-Il Jung, Jae-Ho Lee, Jong-Gyu Hwang, Jin-Ho Hwang, Sung-Un Kim. Verification and conformance test generation of communication protocol for railway signalling systems. Computer Standards & Interfaces 29 (2007) 143–151 [3]Jae-Ho Lee, Jong-Gyu Hwang, Gwi-Tae Park. Performance evaluation and verification of communication protocol for railway signaling systems. Computer Standards & Interfaces 27 (2005) 207–219 [4]CENELEC, Railway Applications - Safety related communication in open transmission systems, EN , [5]Jensen K. Coloured Petri nets. Basic concepts, analysis methods and practical use. Analysis methods, vol. 2. Monographs in theoretical computer science. Berlin: Springer; 1997 [2nd corrected printing. ISBN: ]. [6]E. Nemeth, T.Bartha, Cs.Fazekas, K.M.Hangos. Verification of a primary-to- secondary leaking safety procedure in a nuclear power plant using coloured Petri nets. Reliability Engineering and System Safety 2009; 94:

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 19 [7]Panagiotis Katsaros. A roadmap to electronic payment transaction guarantees and a Colored Petri Net model checking approach. Information and Software Technology 2009; 51: [8]Heiner M. Verification and optimization of control programs by Petri nets without state explosion. In: Proceedings of the second international workshop on manufacturing and Petri nets, held at the XVIII international conference on applications and theory of Petri nets (ICATPN’97), p. 69–84. [9]A. Cheng, S. Christensen, K.H. Mortensen, Model checking Colored Petri Nets exploiting strongly connected components, in: Proceedings of the International Workshop on Discrete Event Systems, Edinburgh, Scotland, UK, 1996, pp. 169–177

| M. Eng. Chen Lijie | Formal verification of safety communication protocol for ETCS Slide 20 Welcome to Beijing