Stuart AllenMark Bickford Robert Constable Richard Eaton Christoph KreitzLori Lorigo Secure software infrastructure Logic Programming Communications Advances.

Slides:

Advertisements

Similar presentations

Synthesis of Protocol Converter Using Timed Petri-Nets Anh Dang Balaji Krishnamoorthy Manoj Iyer Presented by:

Advertisements

Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

XML Technology in E-Commerce

© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

VIDE als voortzetting van Cocktail SET Seminar 11 september 2008 Dr. ir. Michael Franssen.

Stuart AllenMark Bickford Robert Constable (PI) Christoph KreitzLori LorigoRobbert Van Renesse Secure software infrastructure Logic Programming Communications.

VIDE Integrated Environment for Development and Verification of Programs.

The Architecture Design Process

1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.

Software Engineering and Middleware: a Roadmap by Wolfgang Emmerich Ebru Dincel Sahitya Gupta.

Π-Method: A Model-Driven Formal Method for Architecture- Centric Software Engineering By Flavio Oquendo Presented by: Sajith Wickramaratne.

Ensuring Non-Functional Properties. What Is an NFP?  A software system’s non-functional property (NFP) is a constraint on the manner in which the system.

Establishing the overall structure of a software system

Architectural Design Principles. Outline  Architectural level of design The design of the system in terms of components and connectors and their arrangements.

1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.

Router modeling using Ptolemy Xuanming Dong and Amit Mahajan May 15, 2002 EE290N.

Course Instructor: Aisha Azeem

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Mathematics throughout the CS Curriculum Support by NSF #

Architectural Design.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

Chapter 2 The process Process, Methods, and Tools

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.

©Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 13Slide 1 Architectural Design u Establishing the overall structure of a software system.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Chapter 10 Architectural Design.

Architectural Design portions ©Ian Sommerville 1995 Establishing the overall structure of a software system.

Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.

Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.

Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.

Architectural Blueprints The “4+1” View Model of Software Architecture

OOI CI LCA REVIEW August 2010 Ocean Observatories Initiative OOI Cyberinfrastructure Architecture Overview Michael Meisinger Life Cycle Architecture Review.

Architectural Design lecture 10. Topics covered Architectural design decisions System organisation Control styles Reference architectures.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

Class 5 Architecture-Based Self-Healing Systems David Garlan Carnegie Mellon University.

Chapter 10 Analysis and Design Discipline. 2 Purpose The purpose is to translate the requirements into a specification that describes how to implement.

Architectural Patterns Support Lecture. Software Architecture l Architecture is OVERLOADED System architecture Application architecture l Architecture.

Documenting Software Architectures 1.Uses and Audiences for Architecture Documentation Architecture documentation serves as a means of education Architecture.

Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.

Page 1 Advanced Technology Center HCSS 03 – April 2003 vFaat: von Neumann Formal Analysis and Annotation Tool David Greve Dr. Matthew Wilding Rockwell.

FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.

Software Design Process

Ensemble Fault-Tolerance Security Adaptation. The Horus and Ensemble Projects Accomplishments and Limitations Kent Birman, Bob Constable, Mayk Hayden,

Network Protocols Network Systems Security Mort Anvari.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

1 Software Design Lecture What’s Design It’s a representation of something that is to be built. i.e. design  implementation.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.

Slide 1 Service-centric Software Engineering. Slide 2 Objectives To explain the notion of a reusable service, based on web service standards, that provides.

Self-stabilization in NEST Mikhail Nesterenko (based on presentation by Anish Arora, Ohio State University)

Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

Building reliable, high- performance communication systems from components Xiaoming Liu, Christoph Kreitz, Robbert van Renesse, Jason Hickey, Mark Hayden,

Duminda WijesekeraSWSE 623: Introduction1 Introduction to Formal and Semi- formal Methods Based on A Specifier's Introduction to Formal Methods (J. Wing)

These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.

From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.

Slide 1 Chapter 8 Architectural Design. Slide 2 Topics covered l System structuring l Control models l Modular decomposition l Domain-specific architectures.

Choosing a Formal Method Mike Weissert COSC 481. Outline Introduction Reasons For Choosing Formality Application Characteristics Criteria For A Successful.

A Framework for Automated and Composable Testing of Component-based Services Miguel A. Jiménez, Ángela Villota, Norha M. Villegas, Gabriel Tamura, Laurence.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.

ARTEMIS SRA 2016 Trust, Security, Robustness, and Dependability Dr. Daniel Watzenig ARTEMIS Spring Event, Vienna April 13, 2016.

Logical architecture refinement

Chapter 20 Object-Oriented Analysis and Design

Software Engineering Group, Motorola India Electronics Pvt. Ltd.,

From Use Cases to Implementation

Presentation transcript:

Stuart AllenMark Bickford Robert Constable Richard Eaton Christoph KreitzLori Lorigo Secure software infrastructure Logic Programming Communications Advances in Logical Programming Environments

Build open L ogical P rogramming E nvironment - integrate programming language and logic - share libraries of formalized mathematics - enable cooperation among formal systems - local reflection and code transformations Project goals Application to reliable embedded systems - semantics-based transformation and optimization - high-assurance software components and systems - formal component design

Nuprl LPE - new implementation with open architecture - formal documentation mechanisms - development of class theory - local reflection for weaving aspects Progress - formal design of adaptive systems Application to networked systems - optimization of protocol stacks - compositional protocol verification - formal design of adaptive systems

Cooperating processes Library as persistent database - basis for sharing mathematics Ability to connect to external systems Cooperating inference engines Multiple user interfaces Reflective system structure LPE Architecture

Comments contain references to objects - formal content browsable while reading text Display objects determine term presentation - print representation (screen/LaTeX macros) - suppressing formal parameters - preferences vs. parentheses Formal Documentation Create documentation from formal objects - formal design expertise in “readable” form - screen display, LaTeX articles, HTML documents

Provides expressive type constructs - Union, Intersection, Subtyping, Records, Modules Supports formalization and composition of - Abstract specifications + concrete code of components - Modular verifications   IOA Ocaml (Ensemble) External System Formalizes JVM Java/JVM Ocaml Language Formalized in Nuprl Class theory provides IOA formalisms Formal Class Theory Extends Nuprl’s type theory

Add properties to code MessagePassingwith Total Order FaultTolerant System with Total Order Transform Total Order code to include rejoining & view-change code FaultTolerance Weaving as formal method requires local reflection - thms about semantical effect of syntactical transformations - reasoning about refinement + meta-properties   Weaving and local reflection

Optimize component-based network systems Formal Optimization Fast, abstract, verifiably correct results, speedup factor 3-4 (demo available) Automate with Nuprl LPE Identify Common Case Predicates Component code + CCP -> optimization theorem System composition -> theorem composition Composed theorem -> new system code generate fast-path for common case compress message headers

Incremental through proof inheritance : (A = P)  (A  B = P) A  B intersects : states, actions initial states, transitions Induction: 1. A  I = I 2. B  I = I 3. A.init  B.init  I A  B = I View = view View ETO ETO = total  view Total = total Total Compositional Protocol Verification

Adapt system to suit run-time dynamics - system upgrades - changing conditions (higher security levels, …) - use optimal implementations of components Usually complicated switch spec Building block approach - generic switching protocol constructs hybrid protocols from simpler ones - flexible, easy to prove correct Formal Design of Adaptive Systems Joint work with Robbert Van Renesse, Xiaoming Liu, Ken Birman

Normal mode - forward messages to current protocol - receive messages from current protocol Switching Protocol P1P2 Switching Mode - deliver messages from previous protocol - buffer messages sent in the new protocol Switching Protocols: basic model

What kind of properties will be preserved by switching? In other words, what are the properties of these properties ? Reliability? Total Order?Integrity? Confidentiality? Prioritized Delivery? Virtual Synchrony? propertiesmeta- Inject formal methods at earliest design stage

we proved that six meta-properties are sufficient for protocols to work correctly under a switching protocol switch spec network Using the Nuprl LPE

Formal Model of Communication Communication property - predicate P on traces Trace - List tr of send and receive events Send(p,m) : message p sent by process m Deliver(p,m) : message p received by process m

Confidentiality  q  T. Deliver(q,m)  tr   p  T. Send(p,m)  tr ) Reliability  p,m. Send(p, m)  tr   q. Deliver(q,m)  tr Properties, formalized Integrity (T: set of trusted processes)  q  T. Deliver(q,m)  tr   p  T. Send(p,m)  tr Total order  q 1,q 2,m 1,m 2. Deliver(q 1,m 1 )  tr  Deliver(q 2,m 1 )  tr  Deliver(q 1,m 2 )  tr  Deliver(q 2,m 2 )  tr  Deliver(q 1,m 1 ) < Deliver(q 1, m 2 )  Deliver(q 2,m 1 ) < Deliver(q 2, m 2 )

Expressed by relation R between traces tr u,tr l above and below a protocol layer M (P)   tr u,tr l. P(tr l )  tr l R tr u  P(tr u ) Meta-property Predicate M on properties of protocols   Requires capability for higher order reasoning

Meta-properties for Switching } } Layered Communication Protocol Switching R send-e (tr u,tr l )  tr u = tr [Send(p 1,m 1 ),..,Send(p n,m n )] R async (tr u,tr l )  swap-adjacent(tr l,tr u ) for e 1,e 2 with process(e 1 )  process(e 2 ) R delay (tr u,tr l )  swap-adjacent(tr l,tr u ) for e 1,e 2 with e 1 =Send(p,m 1 )  e 2 = Deliver(p,m 2 ) R safety (tr u,tr l )  tr l  tr u R composable (tr u,tr l 1, tr l 2 )  tr l 1  tr l 2 =[]  interleave(tr u,tr l 1, tr l 2 )  … R memoryless (tr u,tr l )  tr u = tr l - [e | msg(e)  {m 1,..,m n }] Switchable(P)  M safety (P)  …  M composable (P) Asynchrony Safety Delayable Send- enabled Composable Memoryless

Formal design at same pace as “informal” one Verifying Hybrid Protocols  P.  tr u,tr l. switch_invariant(tr u,tr l )  Switchable(P)  (P(pr 1 (tr l ))  P(pr 2 (tr l )))  P(tr u ) Switchable properties are preserved if the switch implementation satisfies a switch invariant tr u results from swapping tr l events with different origin messages sent by different protocols must be delivered in the same order Nuprl proof developed in parallel to implementation

Lessons learned Employing formal techniques at every design stage is of great use for building efficient network systems The LPE is capable of supporting “real” design - its theory is very expressive - reflection supports reasoning about program transformation Automation still needs to be increased More experience from applications is necessary The component-based approach is ideal for building adaptive systems

Extend scope of automation - Domain-specific reasoning strategies - Connect external inference engines - Formalize design knowledge (e.g. as theorems) - Techniques for automated system (code) synthesis Develop and deploy full reflection mechanism Build formal infrastructure for practitioners - Include library of formally documented mathematics  Plans Design & verification of new programs - New hybrid protocols (adaptivity) - Probabilistic protocols (scalability)