A Specification Language for Static and Runtime Verification of Data and Control Properties

Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques

2016

Abstract. Given the complementary nature of static and dynamic analysis, there has been much work on identifying means of combining the two. In particular, the use of static analysis as a means of alleviating the overheads induced by dynamic analysis, typically by trying to prove parts of the properties, which would then not need to be verified at runtime. In this paper, we propose a novel framework which combines static with dynamic verification using a model-based approach. The approach allows the support of applications running on untrusted devices whilst using centralised sensitive services whose use is to be tightly regulated. In particular, we discuss how this approach is being adopted in the context of the Open Payments Ecosystem (OPE) -an ecosystem meant to support the development of payment and financial transaction applications with strong compliance verification to enable adoption by payment institutions.

Section: Combining Static and Dynamic Verification Techniquesmentioning

confidence: 99%

A Model-Based Approach to Combining Static and Dynamic Verification Techniques

Azzopardi

Colombo

Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques

2016

“…2. We envisage adopting techniques from recent work combining these two forms of verification [1,2,8,4]. One of the major challenges is the diverse nature of compliance it attempts to address.…”

Section: Compliance Enginementioning

confidence: 99%

Compliance Checking in the Open Payments Ecosystem

Azzopardi

Colombo

Software Engineering and Formal Methods

et al. 2016

Self Cite

Abstract. Given the strict legal frameworks which regulate the movements and management of funds, building financial applications typically proves to be prohibitively expensive for small companies. Not only is it the case that understanding legal requirements and building a framework of compliance checks to ensure that such legislation is adhered to is a complex process, but also, service providers such as banks require certification and reporting before they are willing to take on the risks associated with the adoption of applications from small application developers. In this paper, we propose a solution which provides a centralised Open Payments Ecosystem which supports compliance checking and allows for the matching of financial applications with service providers and programme managers, automatically providing risk analysis and reporting. The solution proposed combines static and dynamic verification in a real-life use case, which can shed new insights on the use of formal methods on large complex systems. We also report on the software engineering challenges encountered when analysing formal requirements arising from the needs of compliance to applicable legislation.

“…A detailed motivation for the combination along these two dimensions (data-vs. control-oriented, and static vs. dynamic verification) has been reported in [3,4] and will not be repeated here. For this paper, we only emphasise that this combination allows us to get a richer specification language able to express both data-and control-oriented properties, proving some properties once and for all statically, letting others to be checked at runtime.…”

Section: Introductionmentioning

confidence: 99%

“…The tool is a fully automated implementation of the theoretical results presented in [3,4]. Given a property specification and the original program, our tool chain produces a statically optimised monitor and the weaved program to be monitored.…”

Section: Introductionmentioning

confidence: 99%

StaRVOOrS : A Tool for Combined Static and Runtime Verification of Java

Chimento

Ahrendt

et al. 2015

Runtime Verification

Self Cite

Abstract. We present the tool StaRVOOrS (Static and Runtime Verification of Object-Oriented Software), which combines static and runtime verification (RV) of Java programs. The tool automates a framework which uses partial results extracted from static verification to optimise the runtime monitoring process. StaRVOOrs combines the deductive theorem prover KeY and the RV tool LARVA, and uses properties written using the ppDATE specification language which combines the control-flow property language DATE used in LARVA with Hoare triples assigned to states. We demonstrate the effectiveness of the tool by applying it to the electronic purse application Mondex.