Analyzing Network Management Effects with SPIN and cTLA

Rothmaier, Gerrit; Pohl, A.; Krumm, Heiko

doi:10.1007/1-4020-8143-x_5

Cited by 3 publications

(4 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We therefore plan to also formalize our semantics in Promela, so we can use the Spin [8] model checker, which implements partial order reduction. The formalisms are compatible, as there is already work for transforming another TLA derivative, cTLA, into Promela automatically [20]. For relatively simple blocks, where the contract must be verified for any number of instances, the TLA formalism allows for writing manual refinement proofs as well [16].…”

Section: Discussionmentioning

confidence: 99%

Contracts for Multi-instance UML Activities

Slåtten

Herrmann

2011

Formal Techniques for Distributed Systems

View full text Add to dashboard Cite

We present a novel way of encapsulating UML activities using interface contracts, which allows to verify functional properties that depend on the synchronization of parallel instances of software components. Encapsulated UML activities can be reused together with their verification results in SPACE, a model-driven engineering method for reactive systems. Such compositional verification significantly improves the scalability of the method. Employing a small example of a load balancing system, we explain the semantics of the contracts using the temporal logic TLA. Thereafter, we propose a more easily comprehensible graphical notation and clarify that the contracts are able to express the variants of multiplicity that we can encounter using UML activities. Finally, we give the results of verifying some properties of the example system using the TLC model checker.

show abstract

Section: Discussionmentioning

confidence: 99%

Contracts for Multi-instance UML Activities

Slåtten

Herrmann

2011

Formal Techniques for Distributed Systems

View full text Add to dashboard Cite

show abstract

“…Explicit notions of modules, process types and composition of process types [HK00] are added, however. The following section gives a short overview of the cTLA 2003 process types, a more detailed description is contained in [RK03].…”

Section: Ctlamentioning

confidence: 99%

“…If a process does not contribute to a system action, it performs a stuttering step. In cTLA 2003 [RK03] process stuttering steps do not have to be explicitly listed on the right hand side of system actions.…”

Section: Ctlamentioning

confidence: 99%

See 1 more Smart Citation

A Framework Based Approach for Formal Modeling and Analysis of Multi-level Attacks in Computer Networks

Rothmaier¹,

Krumm

2005

Formal Techniques for Networked and Distributed Systems - FORTE 2005

Self Cite

View full text Add to dashboard Cite

Abstract. Attacks on computer networks are moving away from simple vulnerability exploits. More sophisticated attack types combine and depend on aspects on multiple levels (e.g. protocol and network level). Furthermore attacker actions, regular protocol execution steps, and administrator actions may be interleaved. Analysis based on human reasoning and simulation only has a slim chance to reveal attack possibilities. Formal methods are in principle wellsuited in this situation. Since complex scenarios have to be considered, however, high efforts are needed for modeling. Furthermore, automated analysis tools usually fail due to state space explosion. We propose a novel approach for modeling and analyzing such scenarios. It combines the high-level specification language cTLA with a computer network framework, optimization strategies, a translation tool, and the SPIN model checker. As a proof of feasibility we apply our approach to a multi-LAN scenario.

show abstract