Formal Safety and Security Assessment of an Avionic Architecture with Alloy

Brunel, Julien; Rioux, Laurent; Paul, Stéphane; Faucogney, Anthony; Vallée, Frédérique

doi:10.4204/eptcs.150.2

Cited by 11 publications

(18 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this work, the security aspects are not developed (we have just considered three threats that have the same kind of effects as failures). However, recent works have showed the relevance of Alloy to assess more advanced security properties [10,11,6]. Moreover, it was shown that using AltaRica, one can specify the effect of richer security threats over a system architecture [2] and check related security properties.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Safety and Security Assessment of Behavioral Properties Using Alloy

Brunel

Chemouil

2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

In this paper, we propose a formal approach to supporting safety and security engineering, in the spirit of Model-Based Safety Assessment, using the Alloy language. We first implement a system modeling framework, called Coy, allowing to model system architectures and their behavior with respect to component failures. Then we illustrate the use of Coy by defining a fire detection system example and analyzing some safety and security requirements. An interesting aspect of this approach lies in the "declarative" style provided by Alloy, which allows the lean specification of both the model and its properties.

show abstract

Section: Discussionmentioning

confidence: 99%

“…Alloy has recently been used in the context of security assessment, for instance to model JVM security constraints [11], access control policies [12], or attacks in cryptographic protocols [10]. Besides, we proposed in earlier works a study of the safety and security assessment of an avionic system supporting an approach procedure [4,5,6].…”

Section: Introductionmentioning

confidence: 99%

Safety and Security Assessment of Behavioral Properties Using Alloy

Brunel

Chemouil

2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Alloy does support multiple levels of abstraction as well as recursively defined relations but not recursive functions. Concurrent systems can be modeled in Alloy (see, eg, the work of Brunel et al). As Alloy is based on relational logic and relational calculus, nondeterminism is already present .…”

Section: Assessment Of Selected Formal Methodsmentioning

confidence: 99%

“…On the other hand, this can be much more powerful than most explicit mechanisms, because one can write a fully relational postcondition, which is not possible in many other methods. Alloy has been used for designing systems where global system properties of correctness , such as safety, security, and reliability, have played an important role (see, eg, the work of Brunel et al). Alloy has no direct notion of time .…”

Section: Assessment Of Selected Formal Methodsmentioning

confidence: 99%

Evaluating the suitability of state‐based formal methods for industrial deployment

2018

View full text Add to dashboard Cite

After a number of success stories in safety-critical domains, we are starting to witness applications of formal methods in contemporary systems and software engineering. However, one thing that is still missing is the evaluation criteria that help software practitioners choose the right formal method for the problem at hand. In this paper, we present the criteria for evaluating and comparing different formal methods. The criteria were chosen through a literature review, discussions with experts from academia and practitioners from industry, and decade-long personal experience with the application of formal methods in industrial and academic projects. The criteria were then evaluated on several model-oriented state-based formal methods. Our research shows that besides technical grounds (eg, modeling capabilities and supported development phases), formal methods should also be evaluated from social and industrial perspectives. We also found out that it is not possible to generate a matrix that renders the selection of the right formal method an automatic process. However, we can generate several pointers, which make this selection process a lot less cumbersome.

show abstract

“…If the major part of the paper contributions relates to adaptations, there are also some novel and/or disruptive approaches, e.g. Sommerville [41], Olive et al [42], Knorreck and Apvrille [43], Pedroza et al [44], Apvrille and Roudier [45] and Brunel et al [46,47].…”

Section: Improving Safety Engineering With Security Considerationsmentioning

confidence: 99%