This paper presents a methodology to facilitate the design and analysis of secure cryptographic protocols. This work is based on a novel notion of a fail-stop protocol, which automatically halts in response to any active attack. This paper suggests types of protocols that are fail-stop, outlines some proof techniques for them, and uses examples to illustrate how the notion of a failstop protocol can make protocol design easier and can provide a more solid basis for some proposed protocol analysis methods.

This paper describes two case studies in which requirements for new flight-software subsystems on NASA's Space Shuttle were analyzed, one using standard formal specification techniques, the other using state exploration. These applications serve to illustrate three main theses: (1) formal methods can complement conventional requirements analysis processes effectively, (2) formal methods confer benefits regardless of how extensively they are adopted and applied, and (3) formal methods are most effective when they are judiciously tailored to the application. 1 Introduction Although Space Shuttle flight software is generally considered exemplary among NASA software development projects, requirements analysis and quality assurance in early lifecycle phases still use products and tools dating from the late 1970s and early 1980s. As a result, these analysis and assurance activities remain largely manual exercises lacking well-defined methods or techniques. At the same time, Shuttle flight s...

We review the various arguments which have been advanced for and against the use of executable specifications. Examples are given of the problems which may arise in applying this technique and of the benefits which may accrue. A case study is reported in which execution is used to validate the published specification of a commercially available package. We conclude that there are circumstances when executable specifications can be of high value but that execution must be used together with, and as a supplement to, other methods of validating specifications such as inspection and proof. 1 Introduction Formal specifications have been accepted as having value in a number of areas, including critical systems. A specification that does not correctly capture requirements, however, is of dubious benefit. Validating a specification, whether formal or informal, is known to be difficult. With a formal specification there are a number of techniques available for validation, including r...

Developers of modern software systems are increasingly employing concurrency to meet demanding system requirements. To deal with the inherent complexity that results from concurrency, developers require cost-effective automated analysis techniques to gain confidence in the quality of their concurrent software. We present an approach, called FLAVERS, that is able to provide cost-effective analysis of concurrent programs with respect to a rich class of explicitly stated correctness properties. FLAVERS is based on a family of polynomial-time, conservative data flow analysis algorithms. Unlike existing analysis approaches for concurrent software, FLAVERS allows developers to control the tradeoff between analysis cost an...

“The hardest single part of building a software system is deciding precisely what to build. No other part of the conceptual work is as difficult as establishing the detailed technical requirements...No other part of the work so cripples the resulting system if done wrong. No other part is as difficult to rectify later. ” [Brooks 87] Deciding precisely what to build and documenting the results is the goal of the requirements phase of software development. For many developers of large, complex

. Based on a compositional framework for the formal specification of distributed real-time systems, we present a method for protocol verification. To be able to deal with realistic examples, the method is supported by the interactive proof checker PVS. In this paper we illustrate our approach by a protocol of the ACCESS.bus which is used for the communication between a computer host and its peripheral devices (e.g., keyboards, mice, joysticks, etc.). The bus supports dynamic reconfiguration while the system is operating. We specify and verify a safety property and a real-time progress property of this industrial example. 1 Introduction In previous work we have addressed the formal specification and verification of distributed real-time systems (see, e.g., [Hoo91]). A framework based on Hoare triples has been applied to several examples such as a water level monitoring system [Hoo93] and a chemical batch processing system [Hoo94c]. In the current paper we only consider the bas...

The traditional use of formal methods has been for the verification of algorithms or protocols. Given the high cost and limitations in state space coverage provided by conventional validation techniques, we introduce a novel approach to utilize formal verification procedures to drive fault injection based validation of dependable protocols. The paper develops graph structures for representation of information generated through formal processes, as well as a formal framework that facilitates the formulation of specific fault injection experiments for validation. 1 Introduction As computers for critical applications increasingly depend on dependable and real-time protocols to deliver the specified services, the high, and often unacceptable, costs of incurring operational disruptions becomes a significant consideration. Thus, following the design of protocols, an important objective is to verify the correctness of the design and validate the correctness of its actual implementation in t...

Computer simulations of physical processes are being relied on to an increasing degree for design, performance, reliability, and safety of engineered systems. Computational analyses have addressed the operation of systems at design conditions, off-design conditions, and accident scenarios. For example, the safety aspects of products or systems can represent an important, sometimes dominant, element of numerical simulations. The potential legal and liability costs of hardware failures can be staggering to a company, the environment, or the public. This consideration is especially crucial, given that we may be interested in high-consequence systems that cannot ever be physically tested, including the catastrophic failure of a full-scale containment building for a nuclear power plant, explosive damage to a high-rise office building, ballistic missile defense systems, and a nuclear weapon involved in a transportation accident. Developers of computer codes, analysts who use the codes, and decision makers who rely on the results of the analyses face a critical question: How should confidence in modeling and simulation be critically assessed? Verification and validation (V&V) of computational simulations are the primary methods for building and quantifying this confidence. Briefly, verification is the assessment of the accuracy of the solution to a computational model. Validation is the assessment

This paper describes the specification-based testing and analysis tools, and associated processes, that were used to develop and certify safety-critical avionics systems in an industrial organization. These tools comprise an integrated development environment supporting specification acquisition and analysis, requirement-based automatic test vector generation, test coverage analysis, test driver generation, and test results analysis. The paper describes the specification model, method, development environment, and tool qualification approach. The capabilities of the automatic test generator are compared with foundational concepts and related testing strategies and mechanisms. 1.

This paper considers the specification of graphical and multimodal presentations, and develops a theory of presentations that extends the scope of rigorous software development to encompass human factors in the interface. 1 Introduction