Inna Pereverzeva

Formal Development of Critical Multi-agent Systems: A Refinement Approach

Multi-agent systems (MAS) are increasingly used in critical applications. To ensure dependability of MAS, we need powerful development techniques that would allow us to master complexity inherent to MAS and formally verify correctness and safety of collaborative agent activities. In this paper we present a development of hospital MAS by refinement in Event-B. We demonstrate that Event-B allows the developers to rigorously specify complex agent interactions and verify their correctness and safety.

A refinement-based approach to developing critical multi-agent systems

Multi-agent systems are increasingly used in critical applications. To ensure dependability of multi-agent systems, we need powerful development techniques that would allow us to master complexity inherent to such kind of systems and formally verify correctness and safety of collaborative agent activities. In this paper, we present a rigorous approach to the development and verification of critical multi-agent system in Event-B. We demonstrate how to formally specify complex agent interactions and verify their correctness and safety. We argue that the refinement approach facilitates structuring complex requirements and formal reasoning about system-level properties. We illustrate our approach by a case study: formal development of a hospital multi-agent system.

Formal development and assessment of a reconfigurable on-board satellite system

Ensuring fault tolerance of satellite systems is critical for achieving goals of the space mission. Since the use of redundancy is restricted by the size and the weight of the on-board equipments, the designers need to rely on dynamic reconfiguration in case of failures of some components. In this paper we propose a formal approach to development of dynamically reconfigurable systems in Event-B. Our approach allows us to build the system that can discover possible reconfiguration strategy and continue to provide its services despite failures of its vital components. We integrate probabilistic verification to evaluate reconfiguration alternatives. Our approach is illustrated by a case study from aerospace domain.

Formal goal-oriented development of resilient MAS in event-b

Goal-Oriented Development facilitates structuring complex requirements. To ensure resilience the designers should guarantee that the system achieves its goals despite changes, e.g., caused by failures of system components. In this paper we propose a formal goal-oriented approach to development of resilient MAS. We formalize the notion of goal and goal achievement in Event-B and propose the specification and refinement patterns that allow us to guarantee that the targeted goals are reached despite agent failures. We illustrate our approach by a case study --- development of an autonomous multi-robotic system.

The Formal Derivation of Mode Logic for Autonomous Satellite Flight Formation

Satellite formation flying is an example of an autonomous distributed system that relies on complex coordinated mode transitions to accomplish its mission. While the technology promises significant economical and scientific benefits, it also poses a major verification challenge since testing the system on the ground is impossible. In this paper, we experiment with formal modelling and proof-based verification to derive mode logic for autonomous flight formation. We rely on refinement in Event-B and proof-based verification to create a detailed specification of the autonomic actions implementing the coordinated mode transitions. By decomposing system-level model, we derive the interfaces of the satellites and guarantee that their communication supports correct mode transitions despite unreliability of the communication channel. We argue that a formal systems approach advocated in this paper constitutes a solid basis for designing complex autonomic systems.

Formal Derivation of Distributed MapReduce

MapReduce is a powerful distributed data processing model that is currently adopted in a wide range of domains to efficiently handle large volumes of data, i.e., cope with the big data surge. In this paper, we propose an approach to formal derivation of the MapReduce framework. Our approach relies on stepwise refinement in Event-B and, in particular, the event refinement structure approach --- a diagrammatic notation facilitating formal development. Our approach allows us to derive the system architecture in a systematic and well-structured way. The main principle of MapReduce is to parallelise processing of data by first mapping them to multiple processing nodes and then merging the results. To facilitate this, we formally define interdependencies between the map and reduce stages of MapReduce. This formalisation allows us to propose an alternative architectural solution that weakens blocking between the stages and, as a result, achieves a higher degree of parallelisation of MapReduce computations.

Formal Modelling of Resilient Data Storage in Cloud

Reliable and highly performant handling of large data stores constitutes one of the major challenges of cloud computing. In this paper, we propose a formalisation of a cloud solution implemented by F-Secure – a provider of secure data storage services. The solution is based on massive replication and the write-ahead logging mechanism. To achieve high performance, the company has abandoned a transactional model. We formally derive a model of the proposed architectural solution and verify data integrity and consistency properties under possible failure scenarios. The proposed approach allows the designers to formally define and verify essential characteristics of architectures for handling large data stores.

Formal reasoning about resilient goal-oriented multi-agent systems

Abstract In this paper we present our formalisation of a resilient goal-oriented multi-agent system and its essential properties. The formalisation covers the notions of system goals and agents, various formal structures (functions and relations) defining different interrelationships between these notions, as well as constraints on the system dynamics allowing a multi-agent system to become more reconfigurable and thus resilient in order to achieve the system goals. The formalisation results in establishing connections between goals at different levels of abstraction, system architecture and agent responsibilities. The proposed formal systematisation of the involved concepts can be seen as generic guidelines for formal development of reconfigurable systems. Moreover, we demonstrate how such guidelines can be interpreted within the Event-B framework.

Towards Security-Explicit Formal Modelling of Safety-Critical Systems

Modern industrial control systems become increasingly interconnected and rely on external networks to provide their services. Hence they become vulnerable to security attacks that might directly jeopardise their safety. The growing understanding that if the system is not secure then it is not safe calls for novel development and verification techniques weaving security consideration into the safety-driven design. In this paper, we demonstrate how to make explicit the relationships between safety and security in the formal system development by refinement. The proposed approach allows the designers to identify at early design states mutual interdependencies between the mechanisms ensuring safety and security and build robust system architecture.

A Formal Approach to Identifying Security Vulnerabilities in Telecommunication Networks

The number of security attacks on the telecommunication networks is constantly increasing. To prevent them, the telecom sector is looking for new automated techniques facilitating a discovery of potential network vulnerabilities and rectification of them. In this paper, we propose an approach for identifying potential attack scenarios and defining recommendations for preventing them. The approach is formalised in the Event-B framework. It allows us to not only formalise the analysed part of the network architecture and verify consistency of the control and data flow of the associated services but also employ model checking to generate and analyse attack scenarios. By applying the proposed approach, the designers can systematically explore network vulnerabilities and propose recommendations for attack prevention.