research-article

Undertaking the tokeneer challenge in event-b

Authors:

Víctor Rivera,

Sukriti Bhattacharya,

Néstor CatañoAuthors Info & Claims

FormaliSE '16: Proceedings of the 4th FME Workshop on Formal Methods in Software Engineering

Pages 8 - 14

https://doi.org/10.1145/2897667.2897671

Published: 14 May 2016 Publication History

Abstract

This paper describes a case study on the use of a formal methods tool for checking security properties of Tokeneer, a U.S. National Security Agency (NSA) project developed by Praxis, and released in 2008. We modelled Tokeneer as a series of abstract mathematical models related refinement steps in Event-B. We used the Rodin toolset for modelling Tokeneer in Event-B and for discharging associated proof obligations, and we used the EventB2Java code generator to generate Java code for the Event-B model of Tokeneer. After that, we wrote a series of JUnit tests to validate if the Java implementation of Tokeneer adhered to the security properties of Tokeneer described in the documentation provided by Praxis. To the best of our knowledge, modelling Tokeneer in Event-B and checking that its implementation adheres to those security properties is something that hasn't been attempted before.

References

[1]

J.-R. Abrial. Modeling in Event-B: System and Software Design. Cambridge University Press, New York, NY, USA, 2010.

Digital Library

[2]

J.-R. Abrial, M. Butler, S. Hallerstede, T. Hoang, F. Mehta, and L. Voisin. Rodin: an open toolset for modelling and reasoning in Event-B. STTT, 12(6):447--466, 2010.

Digital Library

[3]

J.-R. Abrial, S. Schuman, and B. Meyer. Specification Language. In On the Construction of Programs, R. M. McKeag and A. M. Macnaghten, editors, pages 343--410. Cambridge University Press, 1980.

[4]

P. Ammann, P. Black, and W. Majurski. Using model checking to generate tests from specifications. In Proceedings of the Second IEEE ICFEM98, pages 46--54. IEEE Computer Society, 1998.

Digital Library

[5]

H. Baumeister. Combining Formal Specifications with Test Driven Development. In C. Zannier and H. Erdogmus and L. Lindstrom, editor, Extreme Programming and Agile Methods - XP/Agile Universe 2004, volume 3134 of LNCS, pages 1--12. Springer Berlin Heidelberg, 2004.

[6]

M. Benveniste. A Proved "Correct by Construction" Realistic Digital Circuit. RIAB, FMWeek 2009, (2009).

[7]

G. Bernot, M.-C. Gaudel, and B. Marre. Software testing based on formal specifications: a theory and a tool. SE, 6(6):387--405, 1991.

Digital Library

[8]

A. Cavalcanti, F. Zeyda, A. Wellings, J. Woodcock, and K. Wei. Safety-critical Java programs from Circus models. REAL-TIME SYST, 49(5):614--667, 2013.

Digital Library

[9]

Ada Core. Tokeneer. http://www.adacore.com/sparkpro/tokeneer/download, accessed in Jan 2016.

[10]

D. Hamlet. Checking Formal Specifications by Testing. In IW-FM'99 Proceedings of the 3rd Irish conference on Formal Methods, pages 103--112, 1999.

Digital Library

[11]

R. Hierons, K. Bogdanov, J. Bowen, R. Cleaveland, J. Derrick, J. Dick, M. Gheorghe, M. Harman, K. Kapoor, P. Krause, G. Lüttgen, A. Simons, S. Vilkomir, M. Woodward, and H. Zedan. Using Formal Specifications to Support Testing. ACM Comput. Surv., 41(2):9:1--9:76, February 2009.

Digital Library

[12]

D. Locke, B. Andersen, B. Brosgoal, M. Fulton, T. Henties, J. Hunt, J. Nielsen, M. Schoeberl, J. Tokar, J. Vitek, and A. Weillings. Safety Critical Java Specification, version 0.78. Technical report, The Open Group, http://jcp.org/aboutJava/communityprocess/edr/jsr302/index.html, 2010.

[13]

S. Padidar. A study in the use of Event-B from system development from a software engineering point of view. Master's thesis, University of Edinburgh, 2010.

[14]

V. Rivera and N. Cataño. Translating Event-B to JML-Specified Java programs. In 29th ACM SAC, Gyeongju, South Korea, March 24--28 2014.

Digital Library

[15]

V. Rivera, N. Cataño, T. Wahls, and C. Rueda. Code generation for Event-B. To appear in International Journal on STTT, 2015.

[16]

Victor Rivera, Nestor Catano, Tim Wahls, and Camilo Rueda. Code generation for Event-B. International Journal on Software Tools for Technology Transfer (STTT), pages 1--22, 2015.

[17]

J. Tretmans and A.l Belinfante. Automatic testing with formal methods. CTIT technical report series, Enschede, the Netherlands, December 2000. University of Twente, CTIT.

[18]

A. Wellings. Concurrent and Real-Time Programming in Java. John Wiley & Sons, 2004.

Digital Library

[19]

M. Yusufu and G. Yusufu. Comparison of software specification methods using a case study. In CSSE, 2008, Volume 2: Software Engineering, December 12--14, 2008, Wuhan, China, pages 784--787, 2008.

Digital Library

Cited By

Fathabadi ASnook CDghaym DHoang TAlotaibi FButler M(2024)Systematic hierarchical analysis of requirements for critical systemsInnovations in Systems and Software Engineering10.1007/s11334-024-00551-8Online publication date: 12-Mar-2024
https://doi.org/10.1007/s11334-024-00551-8
Stock SMashkoor AEgyed A(2022)Application of Validation Obligations to Security ConcernsDatabase and Expert Systems Applications - DEXA 2022 Workshops10.1007/978-3-031-14343-4_31(337-346)Online publication date: 15-Aug-2022
https://doi.org/10.1007/978-3-031-14343-4_31
Cristiá MRossi G(2021)An Automatically Verified Prototype of the Tokeneer ID Station SpecificationJournal of Automated Reasoning10.1007/s10817-021-09602-2Online publication date: 7-Sep-2021
https://doi.org/10.1007/s10817-021-09602-2
Show More Cited By

Recommendations

Code generation for Event-B

Event-B is a modelling language and a formal methods approach for correct construction of software. This paper presents our work on code generation for Event-B, including the definition of a syntactic translation from Event-B to JML-annotated Java ...
Towards the Composition of Specifications in Event-B

The development of a system can start with the creation of a specification. Following this viewpoint, we claim that often a specification can be constructed from the combination of specifications which can be seen as composition. Event-B is a formal ...
EventB2Java: A Code Generator for Event-B
NFM 2016: Proceedings of the 8th International Symposium on NASA Formal Methods - Volume 9690

Event-B is a formal specification language and a methodology used to build software systems. Formal specifications are more useful when they can be executed. An executable formal specification provides insight on the behaviour of the system being ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FormaliSE '16: Proceedings of the 4th FME Workshop on Formal Methods in Software Engineering

May 2016

61 pages

ISBN:9781450341592

DOI:10.1145/2897667

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering
IEEE-CS\DATC: IEEE Computer Society
TCSE: IEEE Computer Society's Tech. Council on Software Engin.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '16

Sponsor:

ACM
SIGSOFT
IEEE-CS\DATC
TCSE

ICSE '16: 38th International Conference on Software Engineering

May 14 - 22, 2016

Texas, Austin

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
112
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Fathabadi ASnook CDghaym DHoang TAlotaibi FButler M(2024)Systematic hierarchical analysis of requirements for critical systemsInnovations in Systems and Software Engineering10.1007/s11334-024-00551-8Online publication date: 12-Mar-2024
https://doi.org/10.1007/s11334-024-00551-8
Stock SMashkoor AEgyed A(2022)Application of Validation Obligations to Security ConcernsDatabase and Expert Systems Applications - DEXA 2022 Workshops10.1007/978-3-031-14343-4_31(337-346)Online publication date: 15-Aug-2022
https://doi.org/10.1007/978-3-031-14343-4_31
Cristiá MRossi G(2021)An Automatically Verified Prototype of the Tokeneer ID Station SpecificationJournal of Automated Reasoning10.1007/s10817-021-09602-2Online publication date: 7-Sep-2021
https://doi.org/10.1007/s10817-021-09602-2
Foster SNemouchi YGleirscher MWei RKelly T(2021)Integration of Formal Proof into Unified Assurance Cases with Isabelle/SACMFormal Aspects of Computing10.1007/s00165-021-00537-4Online publication date: 8-Jun-2021
https://doi.org/10.1007/s00165-021-00537-4
Rivera V(2020)Formal Verification of Access Control Model for My Health Record System2020 25th International Conference on Engineering of Complex Computer Systems (ICECCS)10.1109/ICECCS51672.2020.00010(21-30)Online publication date: Oct-2020
https://doi.org/10.1109/ICECCS51672.2020.00010
Nemouchi YFoster SGleirscher MKelly T(2019)Isabelle/SACM: Computer-Assisted Assurance Cases with Integrated Formal MethodsIntegrated Formal Methods10.1007/978-3-030-34968-4_21(379-398)Online publication date: 22-Nov-2019
https://doi.org/10.1007/978-3-030-34968-4_21
Pinzaru GRivera V(2019)Towards Static Verification of Clojure Contract-Based ProgramsSoftware Technology: Methods and Tools10.1007/978-3-030-29852-4_5(73-80)Online publication date: 8-Oct-2019
https://doi.org/10.1007/978-3-030-29852-4_5
Rivera VLee JMazzara M(2019)Mapping Event-B Machines into Eiffel Programming LanguageAutomated Deduction—CADE-1410.1007/978-3-030-14687-0_23(255-264)Online publication date: 19-Mar-2019
https://doi.org/10.1007/978-3-030-14687-0_23
Reznikova SRivera VLee JMazzara M(2018)Translation from Event-B into EiffelModeling and Analysis of Information Systems10.18255/1818-1015-2018-6-623-63625:6(623-636)Online publication date: 19-Dec-2018
https://doi.org/10.18255/1818-1015-2018-6-623-636

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents