Formal Analysis of Fault-Tolerant Algorithms in the Time-Triggered Architecture

[1]  Bernadette Charron-Bost,et al.  On the impossibility of group membership , 1996, PODC '96.

[2]  Yair Amir,et al.  Membership Algorithms for Multicast Communication Groups , 1992, WDAG.

[3]  Natarajan Shankar Mechanical Verification of a Schematic Byzantine Clock Synchronization Algorithm , 1991 .

[4]  Marieke Huisman,et al.  A Comparison of PVS and Isabelle/HOL , 1998, TPHOLs.

[5]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[6]  Doron A. Peled,et al.  Specification and Verification of Message Sequence Charts , 2000, FORTE.

[7]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[8]  Michael Paulitsch,et al.  The transition from asynchronous to synchronous system operation: an approach for distributed fault-tolerant systems , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[9]  C. A. R. Hoare,et al.  Communicating Sequential Processes (Reprint) , 1983, Commun. ACM.

[10]  John M. Rushby Verification Diagrams Revisited: Disjunctive Invariants for Easy Verification , 2000, CAV.

[11]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[12]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[13]  Matti A. Hiltunen,et al.  Properties of membership services , 1995, Proceedings ISADS 95. Second International Symposium on Autonomous Decentralized Systems.

[14]  William H. Sanders,et al.  Formal specification and verification of a group membership protocol for an intrusion-tolerant group communication system , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[15]  Danny Dolev,et al.  Fault-tolerant clock synchronization , 1984, PODC '84.

[16]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[17]  Antonio Casimiro,et al.  CesiumSpray: a Precise and Accurate Global Time Service for Large-scale Systems , 1997, Real-Time Systems.

[18]  Nancy A. Lynch,et al.  Specifying and using a partitionable group communication service , 2001, TOCS.

[19]  Thomas Thurner,et al.  Time-triggered architecture for safety-related distributed real-time systems in transportation systems , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[20]  Hermann Kopetz,et al.  Distributed fault-tolerant real-time systems: the Mars approach , 1989, IEEE Micro.

[21]  Steve A. Schneider Verifying authentication protocols with CSP , 1997, Proceedings 10th Computer Security Foundations Workshop.

[22]  J. Strother Moore,et al.  An Industrial Strength Theorem Prover for a Logic Based on Common Lisp , 1997, IEEE Trans. Software Eng..

[23]  Ben L. Di Vito,et al.  Formal Techniques for Synchronized Fault-Tolerant Systems , 1992 .

[24]  Andrew S. Tanenbaum,et al.  Group communication in the Amoeba distributed operating system , 1991, [1991] Proceedings. 11th International Conference on Distributed Computing Systems.

[25]  Kenneth P. Birman,et al.  Using process groups to implement failure detection in asynchronous environments , 1991, PODC '91.

[26]  John M. Rushby,et al.  Systematic Formal Verification for Fault-Tolerant Time-Triggered Algorithms , 1999, IEEE Trans. Software Eng..

[27]  Hermann Kopetz,et al.  The time-triggered model of computation , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[28]  Felix C. Gärtner,et al.  Fundamentals of fault-tolerant distributed computing in asynchronous environments , 1999, CSUR.

[29]  Hermann Kopetz,et al.  Clock Synchronization in Distributed Real-Time Systems , 1987, IEEE Transactions on Computers.

[30]  Marius Bozga,et al.  IF-2.0: A Validation Environment for Component-Based Real-Time Systems , 2002, CAV.

[31]  Wilfried Elmenreich,et al.  A universal smart transducer interface: TTP/A , 2000, Proceedings Third IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC 2000) (Cat. No. PR00607).

[32]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[33]  Parameswaran Ramanathan,et al.  Hardware-Assisted Software Clock Synchronization for Homogeneous Distributed Systems , 1990, IEEE Trans. Computers.

[34]  Louise E. Moser,et al.  Processor Membership in Asynchronous Distributed Systems , 1994, IEEE Trans. Parallel Distributed Syst..

[35]  S Miner Paul,et al.  Verification of Fault-Tolerant Clock Synchronization Systems , 2003 .

[36]  John M. Rushby,et al.  Bus Architectures for Safety-Critical Embedded Systems , 2001, EMSOFT.

[37]  Nancy A. Lynch,et al.  A New Fault-Tolerance Algorithm for Clock Synchronization , 1988, Inf. Comput..

[38]  Flaviu Cristian,et al.  Reaching agreement on processor-group membrship in synchronous distributed systems , 1991, Distributed Computing.

[39]  Emmanuelle Anceaume,et al.  On the Formal Specification of Group Membership Services , 1994 .

[40]  Dennis Shasha,et al.  The many faces of consensus in distributed systems , 1992, Computer.

[41]  G. B. Finelli,et al.  The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software , 1993, IEEE Trans. Software Eng..

[42]  Shmuel Katz,et al.  Low-Overhead Time-Triggered Group Membership , 1997, WDAG.

[43]  Hermann Kopetz,et al.  TTP - A time-triggered protocol for fault-tolerant real-time systems , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[44]  Ragunathan Rajkumar,et al.  Processor group membership protocols: specification, design and implementation , 1993, Proceedings of 1993 IEEE 12th Symposium on Reliable Distributed Systems.

[45]  Danny Dolev,et al.  A framework for partitionable membership service , 1996, PODC '96.

[46]  John Rushby,et al.  Formal Methods and their Role in the Certification of Critical Systems , 1997 .

[47]  Roger J. Loader,et al.  The Agreement Problem Protocol Verification Environment , 2002, SPIN.

[48]  Nancy A. Lynch,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[49]  Tevfik Bultan,et al.  Action Language Verifier , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[50]  Jozef Hooman Verification of Distributed Real-Time and Fault-Tolerant Protocols , 1997, AMAST.

[51]  Stephan Merz,et al.  Model Checking - Timed UML State Machines and Collaborations , 2002, FTRTFT.

[52]  Robert Mores,et al.  FlexRay - The Communication System for Advanced Automotive Control Systems , 2001 .

[53]  P. M. Melliar-Smith,et al.  Synchronizing clocks in the presence of faults , 1985, JACM.

[54]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[55]  Parameswaran Ramanathan,et al.  Fault-tolerant clock synchronization in distributed systems , 1990, Computer.

[56]  Dániel Varró,et al.  VIATRA - visual automated transformations for formal verification and validation of UML models , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[57]  Ben L. Di Vito,et al.  Formalizing space shuttle software requirements: four case studies , 1998, TSEM.

[58]  Michael J. C. Gordon,et al.  Edinburgh LCF: A mechanised logic of computation , 1979 .

[59]  Natarajan Shankar Mechanical Verification of a Generalized Protocol for Byzantine Fault Tolerant Clock Synchronization , 1992, FTRTFT.

[60]  Fred B. Schneider,et al.  A Paradigm for Reliable Clock Synchronization , 1986 .

[61]  Günter Grünsteidl,et al.  TTP - A Protocol for Fault-Tolerant Real-Time Systems , 1994, Computer.

[62]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[63]  Friedrich W. von Henke,et al.  Formal Verification of Algorithms for Critical Systems , 1993, IEEE Trans. Software Eng..

[64]  Danny Dolev,et al.  On the Possibility and Impossibility of Achieving Clock Synchronization , 1986, J. Comput. Syst. Sci..

[65]  W. D. Young,et al.  Verifying the Interactive Convergence Clock Synchronization algorithm Using the Boyer-Moore Theorem Prover , 1992 .

[66]  Flaviu Cristian,et al.  The Timed Asynchronous Distributed System Model , 1999, IEEE Trans. Parallel Distributed Syst..

[67]  Fred B. Schneider,et al.  Understanding Protocols for Byzantine Clock Synchronization , 1987 .

[68]  Edmund M. Clarke,et al.  Symbolic model checking for sequential circuit verification , 1993, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[69]  Robbert van Renesse,et al.  Horus: a flexible group communication system , 1996, CACM.

[70]  H. Pfeifer,et al.  Formal verification for time-triggered clock synchronization , 1999, Dependable Computing for Critical Applications 7.

[71]  Andrew William Roscoe,et al.  Model-checking CSP , 1994 .

[72]  Nancy A. Lynch,et al.  An Overview of Clock Synchronization , 1986, Fault-Tolerant Distributed Computing.

[73]  Bill Roscoe TTP: A case study in combining induction and data independence , 1999 .

[74]  Hermann Kopetz,et al.  Fault-Tolerant Membership Service in a Synchronous Distributed Real-Time System , 1991 .

[75]  Holger Pfeifer Formal Verification of the TTP Group Membership Algorithm , 2000, FORTE.

[76]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[77]  Natarajan Shankar,et al.  PVS: An Experience Report , 1998, FM-Trends.

[78]  Weijia Jia,et al.  RMP: fault-tolerant group communication , 1996, IEEE Micro.

[79]  Franz Regensburger,et al.  Formal Verification of SDL Systems at the Siemens Mobile Phone Department , 1998, TACAS.

[80]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[81]  Özalp Babaoglu,et al.  RELACS: A communications infrastructure for constructing reliable applications in large-scale distributed systems , 1995, Proceedings of the Twenty-Eighth Annual Hawaii International Conference on System Sciences.

[82]  Patrick Lincoln,et al.  A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault Model , 1993, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[83]  Ahmed Bouajjani,et al.  Parametric Verification of a Group Membership Algorithm , 2002, FTRTFT.

[84]  Michael Paulitsch,et al.  An investigation of membership and clique avoidance in TTP/C , 2000, Proceedings 19th IEEE Symposium on Reliable Distributed Systems SRDS-2000.

[85]  Hermann Kopetz,et al.  THE ARCHITECTURE OF MARS , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[86]  Robert S. Boyer,et al.  A Theorem Prover for a Computational Logic , 1990, CADE.

[87]  Hermann Kopetz,et al.  The time-triggered architecture , 2003 .

[88]  Johan Lilius,et al.  vUML: a tool for verifying UML models , 1999, 14th IEEE International Conference on Automated Software Engineering.

[89]  Shivakant Mishra,et al.  A Membership Protocol Based on Partial Order , 1992 .

[90]  Diego Latella,et al.  Model checking UML Statechart diagrams using JACK , 1999, Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering.

[91]  Newtop: a fault-tolerant group communication protocol , 1995, Proceedings of 15th International Conference on Distributed Computing Systems.

[92]  Lawrence C. Paulson,et al.  Logic And Computation , 1987 .

[93]  Friedrich W. von Henke,et al.  Formal analysis for dependability properties: the time-triggered architecture example , 2001, ETFA 2001. 8th International Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.01TH8597).

[94]  William D. Young Comparing Verification Systems: Interactive Consistency in ACL2 , 1997, IEEE Trans. Software Eng..

[95]  Mahyar R. Malekpour,et al.  A conceptual design for a Reliable Optical Bus (ROBUS) , 2002, Proceedings. The 21st Digital Avionics Systems Conference.

[96]  Steve A. Schneider,et al.  Using a PVS Embedding of CSP to Verify Authentication Protocols , 1997, TPHOLs.