John Scheid and Steven Holtsberg. Ina Jo Specification Language Reference Manual. Technical Report TM-6021/001/06, Paramax Systems Corporation, A Unisys Company, June, 1992.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....messages, the authors propose to incorporate into the analysis data from the session key message contents. Another approach introduced by Kemmerer, is based on predicate calculus extensions [14] This method is using the specification language Ina Jo and the Formal Development Methodology. Ina Jo [28] is a non procedural assertion language that is an extension of first order predicate calculus. Formal specifications written in Ina Jo specify definitions, initial conditions, transforms, axioms, and criteria. Criteria are used to specify critical requirements for a secure state. Ina Jo formal ....

Scheid J., Holtsberg S., Ina Jo Specification Language Reference Manual, System Development Group, (1988), Unisys Corporation, CA.

....In addition, in order to deal with flaws related to the re use of old messages the author proposes to incorporate into the analysis data from the session key message contents. Another approach [29] is based on predicate calculus extensions. This method is using the specification language Ina Jo [41] and the Formal Development Methodology (FDM) Formal specifications written in Ina Jo specify definitions, initial conditions, transforms, axioms, and criteria. Criteria are used to specify critical requirements for a secure state. Ina Jo formal specifications can then be executed and verified by ....

Scheid J., Holtsberg S. Ina Jo Specification Language Reference Manual, System Development Group, Unisys Corporation, CA, 1988

....specification. As another example, consider a fat set object that has an insert but no delete method; fat sets only grow in size. The constraint for fat set would be: constraint 8 i : int : i 2 s ae ) i 2 s 4 The use of the term constraint is borrowed from the Ina Jo specification language [Scheid and Holtsberg 1992], which also includes constraints in specifications. 12 Delta B. Liskov and J. Wing We can formulate history properties as predicates over state pairs. The predicate OE(x ae ; x ) appearing in a constraint clause for type stands for the predicate: For all computations, c, and all states ae ....

Scheid, J. and Holtsberg, S. 1992. Ina Jo specification language reference manual. Technical Report TM-6021/001/06 (June), Paramax Systems Corporation, A Unisys Company.

.... Rule Our first definition of the subtype relation relies on the addition of some information to specifications, namely a constraint clause that states the history properties of the type explicitly 3 ; 3 The use of the term constraint is borrowed from the Ina Jo specification language [34], which also includes constraints in specifications. stack = type uses BStack (stack for S) for all s: stack invariant length(s ae :items) s ae :limit push = proc (i: int) requires length(s pre :items) s pre :limit modifies s ensures s post :items = s pre :items jj [ i ] s post :limit = ....

John Scheid and Steven Holtsberg. Ina jo specification language reference manual. Technical Report TM-6021/001/06, Paramax Systems Corporation, A Unisys Company, June 1992.

....using pre and post conditions, the logical interpretation of the specification is an implication: pre ) post 2 Thanks to Daniel Jackson for this term. When the pre condition is false then the implication is vacuously true, so any behavior should be allowed. Some formal methods (like InaJo [16] and I O automata [11] use the term pre condition but mean something entirely different. The pre condition is interpreted as a guard; no state transition should occur if the guard is not met. Here the interpretation is conjunction: pre post The difference is that under the disclaimer ....

John Scheid and Steven Holtsberg. Ina Jo specification language reference manual. Technical Report TM-6021/001/06, Paramax Systems Corporation, A Unisys Company, June 1992.

.... OE(x ae ; x ) appearing in a constraint clause for type stands for the predicate: For all computations, c, and all states ae and in c such that ae precedes , 8x : x 2 dom(ae) OE(x ae ; x ) 2 The use of the term constraint is borrowed from the Ina Jo specification language [SH92] which also includes constraints in specifications. Note that we do not require that be the immediate successor of ae in c. Just as we had to prove that methods preserve the invariant, we must show that they satisfy the constraint. This is done by using the history rule for each mutator. ....

Scheid, J. and Holtsberg, S. Ina Jo specification language reference manual. Technical Report TM-6021/001/06, Paramax Systems Corporation, A Unisys Company, June 1992.

....as being in various states, which are differentiated from one another by the values of state variables. The values of the variables can be changed only via well defined state transitions. Kemmerer uses an extension of first order predicate calculus, a formal specification language called Ina Jo [65]. This nonprocedural assertion language was not developed specifically for use with security protocols, and thus this work fits into the Type I analysis approach. Ina Jo was designed as a general purpose tool to support software development and correctness proofs. Ina Jo uses the following symbols ....

J. Scheid and S. Holtsberg. Ina Jo Specification Language Reference Manual. Systems Development Group, Unisys Corporation, September 1988.

....as being in various states, which are differentiated from one another by the values of state variables. The values of the variables can be changed only via well defined state transitions. Kemmerer uses an extension of first order predicate calculus, a formal specification language called Ina Jo [48]. This nonprocedural assertion language was not developed specifically for use with security protocols, and thus this work fits into the Type I analysis approach. Ina Jo uses the following symbols for logical operations: logical AND logical implication In addition, there is a conditional ....

J. Scheid and S. Holtsberg. Ina Jo Specification Language Reference Manual. Systems Development Group, Unisys Corporation, September 1988.

....is specified using pre and post conditions, the logical interpretation of the specification is an implication: pre ) post When the pre condition is false then the implication is vacuously true, so any behavior should be allowed. However, a stronger interpretation (e.g. taken by InaJo [18] and I O automata [14] is that a pre condition should be interpreted as a guard. No state transition should occur if the pre condition guard is not met. Here the interpretation of a pre post condition specification is conjunction: pre post The difference is that under the disclaimer ....

John Scheid and Steven Holtsberg. Ina Jo specification language reference manual. Technical Report TM-6021/001/06, Paramax Systems Corporation, A Unisys Company, June 1992.

No context found.

John Scheid and Steven Holtsberg. Ina Jo Specification Language Reference Manual. Technical Report TM-6021/001/06, Paramax Systems Corporation, A Unisys Company, June, 1992.

No context found.

R. Locasso, J. Scheid, D. V. Schorre, and P. R. Eggert. The Ina Jo Specification Language Reference Manual. System Development Corporation (now Paramax), Santa Monica, CA, November 1980. TM6889 /000/01.

No context found.

SCHE89 Scheid, J. and S. Holtsberg, Ina Jo Specification Language Reference Manual, Unisys Corporation, Culver City, CA 90230, May 1989.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC