DeepAI AI Chat
Log In Sign Up

Dependability Engineering in Isabelle

by   Florian Kammüller, et al.
Middlesex University London

In this paper, we introduce a process of formal system development supported by interactive theorem proving in a dedicated Isabelle framework. This Isabelle Infrastructure framework implements specification and verification in a cyclic process supported by attack tree analysis closely inter-connected with formal refinement of the specification. The process is cyclic: in a repeated iteration the refinement adds more detail to the system specification. It is a known hard problem how to find the next refinement step: this problem is addressed by the attack based analysis using Kripke structures and CTL logic. We call this cyclic process the Refinement-Risk cycle (RR-cycle). It has been developed for security and privacy of IoT healthcare systems initially but is more generally applicable for safety as well, that is, dependability in general. In this paper, we present the extensions to the Isabelle Infrastructure framework implementing a formal notion of property preserving refinement interleaved with attack tree analysis for the RR-cycle. The process is illustrated on the specification development and privacy analysis of the mobile Corona-virus warning app.


page 1

page 2

page 3

page 4


A Formal Development Cycle for Security Engineering in Isabelle

In this paper, we show a security engineering process based on a formal ...

Explanation by Automated Reasoning Using the Isabelle Infrastructure Framework

In this paper, we propose the use of interactive theorem proving for exp...

Proceedings 18th Refinement Workshop

Refinement is one of the cornerstones of a formal approach to software e...

Validation Obligations: A Novel Approach to Check Compliance between Requirements and their Formal Specification

Traditionally, practitioners use formal methods pre-dominately for one h...

Attack Trees in Isabelle

In this paper, we present a proof theory for attack trees. Attack trees ...

A Formal TLS Handshake Model in LNT

Testing of network services represents one of the biggest challenges in ...

SAT-hard Cyclic Logic Obfuscation for Protecting the IP in the Manufacturing Supply Chain

State-of-the-art attacks against cyclic logic obfuscation use satisfiabi...