Reusable Formal Models for Threat Specification, Detection, and Treatment

Rouland, Quentin; Hamid, Brahim; Jaskolka, Jason

doi:10.1007/978-3-030-64694-3_4

Cited by 2 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A metamodel for enabling the specification of component-based software architectures as hierarchical structures of components organized into logical groups. The metamodel extends the one described in et al [13,14] by introducing Composite…”

Section: Contributionsmentioning

confidence: 99%

“…Rouland et al [14,28] continue their metamodel definition with the addition of a component action-based specification, and a component and connector property specification metamodel. They describe possible actions of components by using messages in the system and then verify the absence of threats, defined by Microsoft's STRIDE methodology, in the modelled system's communication scheme.…”

Section: Metamodel Originsmentioning

confidence: 99%

“…The Alloy Analyzer tool also includes a visualizer for inspecting instances of an Alloy Alloy was also chosen for the metamodel presented in [13,14], on which we based our work, so it was a clear choice for continuing the work laid out by Rouland et al…”

Section: Justification Of Suitabilitymentioning

confidence: 99%

See 2 more Smart Citations

Modular Verification of Hierarchical Component-Based Software Systems

Baak¹

View full text Add to dashboard Cite

Using Component-based Software Engineering approaches with Formal Methods has seen an influx of interest in the recent decades. The joining of these two disciplines have been stifled though due to unclear component specifications and expensive formal verification techniques, which hurt the reusability and scalability of complex software systems. In this work, we expand on current component-port-connector metamodels for formally specifying a system's architectural and behavioural requirements into a hierarchical component system structure by using abstract Composite Components.The Composite Components of a system model can then utilize modular verification for isolating the verification process into modules surrounding Composite Components and generating higher level properties. We formalize our metamodel in Alloy 6 and present a template for specifying system properties for modular verification which enables the reuse of previous verification efforts on satisfied modules. We conclude with an example case study system and analysis of the modular verification strategy.iii I would like to express my sincere gratitude to Professor Jason Jaskolka whose continuous encouragement and support in this project, academic journey, and pandemic enabled me to explore my own ideas while building off of the shoulders of giants before me. I thank the members of the CyberSEA Lab at Carleton for listening and providing valuable feedback on my work and ideas that further improved my research.I would especially like to thank Quentin Rouland whose vision and support propelled the project.Of course, I wouldn't have been able to begin or finish this journey without the constant love and support from my family and friends whose encouragement drove me through this difficult yet rewarding process. I would also like to thank Ericsson and Carleton for their Fellowship opportunity which supported the project financially and provided me the chance to present my work and ideas on formal methods to Ericsson employees and fellow scholars.

show abstract

Section: Contributionsmentioning

confidence: 99%

Section: Metamodel Originsmentioning

confidence: 99%