论文信息 - A Model-Based Approach to Combining Static and Dynamic Verification Techniques

A Model-Based Approach to Combining Static and Dynamic Verification Techniques

Given the complementary nature of static and dynamic analysis, there has been much work on identifying means of combining the two. In particular, the use of static analysis as a means of alleviating the overheads induced by dynamic analysis, typically by trying to prove parts of the properties, which would then not need to be verified at runtime. In this paper, we propose a novel framework which combines static with dynamic verification using a model-based approach. The approach allows the support of applications running on untrusted devices whilst using centralised sensitive services whose use is to be tightly regulated. In particular, we discuss how this approach is being adopted in the context of the Open Payments Ecosystem (OPE) — an ecosystem meant to support the development of payment and financial transaction applications with strong compliance verification to enable adoption by payment institutions.

[1] Tayssir Touili,et al. Abstract Error Projection , 2007, SAS.

[2] Gordon J. Pace,et al. Dynamic Event-Based Runtime Monitoring of Real-Time and Contextual Properties , 2009, FMICS.

[3] Bernhard Steffen,et al. Compositional Minimization of Finite State Systems , 1990, CAV.

[4] Eric Bodden,et al. Clara: A Framework for Partially Evaluating Finite-State Runtime Monitors Ahead of Time , 2010, RV.

[5] Gordon J. Pace,et al. A Specification Language for Static and Runtime Verification of Data and Control Properties , 2015, FM.

[6] Gordon J. Pace,et al. StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java , 2015, RV.

[7] Heike Wehrheim,et al. Zero Overhead Runtime Monitoring , 2013, SEFM.

[8] Aurélien Lemay,et al. Residual Finite State Automata , 2002, Fundam. Informaticae.

[9] Laurent Mounier,et al. Compositional State Space Generation from Lotos Programs , 1997, TACAS.

[10] Gordon J. Pace,et al. A Unified Approach for Static and Runtime Verification: Framework and Applications , 2012, ISoLA.

[11] Matthew B. Dwyer,et al. Residual dynamic typestate analysis exploiting static analysis: results to reformulate and reduce the cost of dynamic analysis , 2007, ASE.