Abstraction Based Verification of a Parameterised Policy Controlled System

Safety critical and business critical systems are usually controlled by policies with the objective to guarantee a variety of safety, liveness and security properties. Traditional model checking techniques allow a verification of the required behaviour only for systems with very few components. To be able to verify entire families of systems, independent of the exact number of replicated components, we developed an abstraction based approach to extend our current tool supported verification techniques to such families of systems that are usually parameterised by a number of replicated identical components. We demonstrate our technique by an exemplary verification of security and liveness properties of a simple parameterised collaboration scenario. Verification results for configurations with fixed numbers of components are used to choose an appropriate property preserving abstraction that provides the basis for an inductive proof that generalises the results for a family of systems with arbitrary settings of parameters.

[1]  Tomás E. Uribe Combinations of Model Checking and Theorem Proving , 2000, FroCoS.

[2]  Matthew B. Dwyer Proceedings of the 8th international SPIN workshop on Model checking of software , 2001 .

[3]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[4]  Ulrich Ultes-Nitsche,et al.  Approximaely Satisfied Properties of Systems and Simple Language Homomorphisms , 1996, Inf. Process. Lett..

[5]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[6]  David L. Dill,et al.  Verifying Systems with Replicated Components in Murϕ , 1999, Formal Methods Syst. Des..

[7]  Samuel Eilenberg,et al.  Automata, languages, and machines. A , 1974, Pure and applied mathematics.

[8]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[9]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[10]  Colin Stirling,et al.  Modal Logics and mu-Calculi: An Introduction , 2001, Handbook of Process Algebra.

[11]  David L. Dill,et al.  Verifying Systems with Replicated Components in Murphi , 1996, CAV.

[12]  Paul Gastin,et al.  Model checking systems of replicated processes with spin , 2001, SPIN '01.

[13]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[14]  Joshua D. Guttman,et al.  Rigorous automated network security management , 2005, International Journal of Information Security.

[15]  C. R. Ramakrishnan,et al.  Compositional Analysis for Verification of Parameterized Systems , 2003, TACAS.

[16]  Carsten Rudolph,et al.  Abstractions Preserving Parameter Confidentiality , 2005, ESORICS.

[17]  Peter Ochsenschläger Verification of Cooperating Systems by Simple Homomorphisms Using the Product Net Machine , 2009 .

[18]  Roland Rieke Modelling and Analysing Network Security Policies in a Given Vulnerability Setting , 2006, CRITIS.

[19]  Carsten Rudolph,et al.  On a formal framework for security properties , 2005, Comput. Stand. Interfaces.

[20]  Ahmed Patel Formal methods, techniques and tools for secure and reliable applications , 2005, Comput. Stand. Interfaces.

[21]  Roland Rieke,et al.  Abstraction and composition: a verification method for co-operating systems , 2000, J. Exp. Theor. Artif. Intell..

[22]  Ulrich Ultes-Nitsche,et al.  The SH-Verification Tool — Abstraction-Based Verification of Co-operating Systems , 1998, Formal Aspects of Computing.

[23]  Joshua D. Guttman,et al.  Information Flow in Operating Systems: Eager Formal Methods , 2003 .

[24]  Yassine Lakhnech,et al.  Incremental Verification by Abstraction , 2001, TACAS.