Aluminum: Principled scenario exploration through minimality

Scenario-finding tools such as Alloy are widely used to understand the consequences of specifications, with applications to software modeling, security analysis, and verification. This paper focuses on the exploration of scenarios: which scenarios are presented first, and how to traverse them in a well-defined way. We present Aluminum, a modification of Alloy that presents only minimal scenarios: those that contain no more than is necessary. Aluminum lets users explore the scenario space by adding to scenarios and backtracking. It also provides the ability to find what can consistently be used to extend each scenario. We describe the semantic basis of Aluminum in terms of minimal models of first-order logic formulas. We show how this theory can be implemented atop existing SAT-solvers and quantify both the benefits of minimality and its small computational overhead. Finally, we offer some qualitative observations about scenario exploration in Aluminum.

[1]  Emina Torlak,et al.  Kodkod: A Relational Model Finder , 2007, TACAS.

[2]  William McCune,et al.  MACE 2.0 Reference Manual and Guide , 2001, ArXiv.

[3]  Jorge Lobo,et al.  Foundations of disjunctive logic programming , 1992, Logic Programming.

[4]  Daniel Le Berre,et al.  The Sat4j library, release 2.2 , 2010, J. Satisf. Boolean Model. Comput..

[5]  Joshua D. Guttman,et al.  Searching for Shapes in Cryptographic Protocols , 2007, TACAS.

[6]  Kathi Fisler,et al.  Toward a More Complete Alloy , 2012, ABZ.

[7]  Ronald Fagin,et al.  On the semantics of updates in databases , 1983, PODS.

[8]  Hantao Zhang,et al.  SEM: a System for Enumerating Models , 1995, IJCAI.

[9]  Julia Kastner,et al.  Introduction to Robust Estimation and Hypothesis Testing , 2005 .

[10]  Nachum Dershowitz,et al.  In handbook of automated reasoning , 2001 .

[11]  Ilkka Niemelä,et al.  A Tableau Calculus for Minimal Model Reasoning , 1996, TABLEAUX.

[12]  François Bry,et al.  Positive Unit Hyperresolution Tableaux and Their Application to Minimal Model Generation , 2004, Journal of Automated Reasoning.

[13]  Kathi Fisler,et al.  The Margrave Tool for Firewall Analysis , 2010, LISA.

[14]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[15]  Ehab Al-Shaer,et al.  PolicyVis: Firewall Security Policy Visualization and Inspection , 2007, LISA.

[16]  James M. Crawford,et al.  Symmetry-Breaking Predicates for Search Problems , 1996, KR.

[17]  Dawn Xiaodong Song,et al.  Towards a Formal Foundation of Web Security , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[18]  Ilya Shlyakhter,et al.  Generating effective symmetry-breaking predicates for search problems , 2001, Discrete Applied Mathematics.

[19]  Graham J. Wills,et al.  Visualizing Network Data , 2009, Encyclopedia of Database Systems.

[20]  Michael Carl Tschantz,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[21]  Miyuki Koshimura,et al.  Minimal Model Generation with Respect to an Atom Set , 2009, FTP.