Download presentation
Presentation is loading. Please wait.
1
IoT Modelling Framework and Papyrus Shuai Li, CEA
CHARIOT-VESSEDIA Workshop “THE ROAD AHEAD FOR A COGNITIVE COMPUTING PLATFORM SUPPORTING A UNIFIED APPROACH TOWARDS PRIVACY, SECURITY AND SAFETY (PSS) OF IOT SYSTEMS” IoT Modelling Framework and Papyrus Shuai Li, CEA CHARIOT-VESSEDIA Workshop 9 May 2019, Dublin, Ireland CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
2
CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
Presentation outline CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
3
From specifications to proof goals
4
Context 1 2 Problems: Challenge: Approach:
Often safety and security requirements are expressed at system level Need to validate these requirements at code level 2 How to translate high-level requirements into low-level proof goals? Challenge: Problems: A model-based framework for static code analysis Approach: CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
5
From system models to code validation
High-level model Low-level requirements Code validation Automatic tooling Papyrus Diversity Frama-C η0 sd c?x1 Frama-C proof η1 C1 C2 C3 c!r1 r=foo(x) η2 η3 c!t1 r=foo(x) t=bar(r) xLIA η4 η5 Low-level requirements (Relational properties) c!x1-1 t=bar(r) η8 η7 CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
6
System models to symbolically executable models
7
System modelling framework
AClass + b(pB: Integer) BClass + a(pA: String) <<Interface>> ItfB ItfA + a(pA: Integer) A: AClass B: BClass a b System A: AClass B: BClass Focus on transformation of interactions to symbolically executable state-machines CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
8
Message occurrence transformation
sd xLIA: state q2 { transition tr_2 { input A( b ); } --> q3; CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
9
Behavior execution transformation
sd y = f(x) @routine: macro routine f(integer a, return integer r) { newfresh(r); CALLstack <=< { “f”, a, r}; } xLIA: state q2 { transition tr_2 { f(x, y); } --> q3; CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
10
Optional fragment transformation
Lifeline A transformation sd CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
11
Alternative fragment transformation
Lifeline A transformation sd CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
12
Loop fragment transformation
Lifeline A transformation sd CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
13
Symbolic execution and relational property inference
14
CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
Symbolic execution CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
15
Symbolic execution to cover expected behavior
η0: (s0, x:=x0, r:=r0, t:=t0, True, Φ) in? x1 [r>3] out ! x-1 η1: (s1, x:=x1, r:=r1, t:=t0, True, [(foo, x1, r1)]) out!x1-1 out!r1 in ? x r=foo(x) s1 s0 η2: (s0, x:=x1, r:=r1, x1 ≤ 10 ᴧ r1>3, [(foo, x1, r1)] ) η3: (s0, x:=x1, r:=r1, t:=t1, x1 >10 ᴧ r1 ≤ 3 , [(foo, x1, r1), (bar, r1 +1, t1)]) [x>10 ᴧ r ≤ 3] out ! r t=bar(r+1) s2 [t>5] out ! t out!t1 η4: (s0, x:=x1, r:=r1, t:=t1, x1 >10 ᴧ r1 ≤ 3 ᴧ t1 > 5 , [(foo, x1, r1), (bar, r1 +1, t1)]) CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
16
Relational property inference
η0 @relational \forall int x1; \callset( \call(foo, x1, id1) , \call(bar, \callresult(id1) + 1, id2) ) => (x1 >10 => ( \callresult(id1) ≤ 3 => \callresult(id2) >5) ); in?x1 η1 out!r1 η3 out!t1 η4 yyyyy x1 >10 ᴧ r1 ≤ 3 ᴧ t1 > 5 , [ (foo, x1, r1) , (bar, r1 +1, t1) ]) CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
17
6LoWPAN case-study
18
Verify “firmware update” behavior of 6LoWPAN networks
software code Which properties to validate for “firmware update” behavior correctness in the code? CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
19
Modeling the “firmware update” behavior
The first package contains metadata about Nbpackage, and package size .. Load the address into the flash memory (two partitions). Release of the flash memory area that will receive the firmware High-level modeling write each received package to flash memory Integrity check Send confirmation CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
20
Interactions to state-machines in textual xLia language
Uml sequence diagram Model Model translation into xLIA CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
21
Configure tool for symbolic execution
Configure our property inference module from model input model Select the behavior: All firmware update packages are received and successfully installed on the node Specify output file CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
22
Performing symbolic execution
Diversity execution console Launch inference from Diversity CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
23
Visualizing execution tree
Scenario: All firmware update packages are received and successfully installed on the node CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
24
Relational properties inference
This is the low-level property corresponding to the selected firmware update scenario Property: does the functions' code allow the firmware update mechanism or not? The property annotates functions called within the firmware update scenario CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
25
Code analysis with Frama-C using generated low-level requirements
Static code analysis Code analysis with Frama-C using generated low-level requirements Property proven CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
26
Conclusion
27
Summary and future work
A model-based framework for static code analysis: bridge gap betweensystem model and code level proof goal UML architecture models and their interaction models Transformation of interaction models to symbolically executable xLia textual state-machines Symbolic execution of state-machines to find paths covering correct behaviors Inference of relation properties in the code Integrated Development Environment Papyrus UML modeler Diversity symbolic execution engine Frama-C code analyzer Future work Streamline integration with other elements of the VESSEDIA modeling framework and tools State-machine models, embedded Operation contracts in ACSL, embedded constraints in ACSL Existing C code and ACSL state property generators CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
28
CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
Contact Details CEA Shuai Li The projects CHARIOT & VESSEDIA have received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No & No CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
Similar presentations
![1/31 CS 426 Senior Projects Chapter 1: What is UML? Chapter 2: What is UP? [Arlow and Neustadt, 2005] January 22, 2009.](/16/5189061/big_thumb.jpg "1/31 CS 426 Senior Projects Chapter 1: What is UML? Chapter 2: What is UP? [Arlow and Neustadt, 2005] January 22, 2009.>")
![1 CS 426 Senior Projects Chapter 1: What is UML? Chapter 2: What is UP? [Arlow and Neustadt, 2002] January 26, 2006.](/17/5347186/big_thumb.jpg "1 CS 426 Senior Projects Chapter 1: What is UML? Chapter 2: What is UP? [Arlow and Neustadt, 2002] January 26, 2006.>")
