Formal analysis of event-driven cyber physical systems

We propose a programming language (E#) that facilitates formal verification of security properties of event-driven cyberphysical systems. We describe the syntax of E# with the help of several illustrative examples. Since the environment plays a crucial role in cyberphysical systems, E# facilitates modeling of the environment processes abstractly using the novel 'causes' clauses. We show that event causality graphs (ECGs) may be constructed from causes clauses and handle specifications. We present how ECGs can be used to detect compute-bound event loops which are undesirable in event-driven systems and also to analyze response-style event liveness specifications. We show how safety properties can be inductively established by employing either theorem-proving or model checking. This technique facilitates compositional verification, allowing us to establish properties of each component separately. The technique also avoids state explosion that arises due to interleaving of the atomic blocks of concurrent event handlers. An interesting feature of our safety analysis is our use of model checking for safety properties in an inductive setting. We conclude that E# is a viable language for programming safety-critical event-driven cyberphysical systems.

[1]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[2]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[3]  永田 守男,et al.  Verifying Properties of Parallel Programs : An Axiomatic Approach , 1976 .

[4]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[5]  Leonor Prensa Nieto The Rely-Guarantee Method in Isabelle/HOL , 2003, ESOP.

[6]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[7]  Philip Levis,et al.  The nesC language: a holistic approach to networked embedded systems , 2003, SIGP.

[8]  Feng Zhao,et al.  TinyGALS: a programming model for event-driven embedded systems , 2003, SAC '03.

[9]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[10]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[11]  P Black Andrew,et al.  Timber: A Programming Language for Real-Time Embedded Systems , 2002 .

[12]  Eric Becker,et al.  An event driven framework for assistive CPS environments , 2009, SIGBED.

[13]  Frédéric Boussinot,et al.  The ESTEREL language , 1991, Proc. IEEE.

[14]  Krishna K. Venkatasubramanian,et al.  Security solutions for cyber-physical systems , 2009 .

[15]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[16]  Bruce M. McMillin,et al.  Model-Checking BNDC Properties in Cyber-Physical Systems , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[17]  Laura K. Dillon,et al.  Using symbolic execution for verification of Ada tasking programs , 1990, TOPL.

[18]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[19]  Wang Yi,et al.  UPPAAL - a Tool Suite for Automatic Verification of Real-Time Systems , 1996, Hybrid Systems.

[20]  Willem P. de Roever,et al.  A Proof System for Communicating Sequential Processes , 1980, ACM Trans. Program. Lang. Syst..

[21]  Todd Millstein,et al.  Automatic predicate abstraction of C programs , 2001, PLDI '01.

[22]  Jayaraj Poroor,et al.  DoS Attacks on Real-Time Media through Indirect Contention-in-Hosts , 2009, IEEE Internet Computing.