In today’s world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety-critical systems and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends and directions of research within this field.
Development of distributed software systems is complex due to the distribution of resources, which complicates validation of system-wide functionality. Such systems include various facets like functionality and distribution, each of which must be validated and integrated in the final software solution. Model-based techniques advocate various abstraction approaches to cope with such challenges. To enhance model-based development, this paper proposes (1) guidelines for development of distributed systems, where the different facets are introduced gradually through systematic modeling extensions, (2) code generation capabilities supporting technology specific realizations, and (3) demonstration of the applicability of our approach using an industrial case study involving the development of a harvest planning system, where the communication infrastructure paradigm changed late in the project. When developing this system, we spent most time validating system-wide functionality. The model extensions allowed an easier change of the underlying communication paradigm and code generation supported realization of the different system representations.
Formal Methods tools will never have as many users as tools for popular
programming languages and so the effort spent on constructing Integrated
Development Environments (IDEs) will be orders of magnitudes lower than that of
programming languages such as Java. This means newcomers to formal methods do
not get the same user experience as with their favourite programming IDE. In
order to improve this situation it is essential that efforts are combined so it
is possible to reuse common features and thus not start from scratch every
time. This paper presents the Overture platform where such a reuse philosophy
is present. We give an overview of the platform itself as well as the
extensibility principles that enable much of the reuse. The paper also contains
several examples platform extensions, both in the form of new features and a
new IDE supporting a new language.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.