Lilian Burdy
French Institute for Research in Computer Science and Automation
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Lilian Burdy.
formal methods for industrial critical systems | 2005
Lilian Burdy; Yoonsik Cheon; David R. Cok; Michael D. Ernst; Joseph R. Kiniry; Gary T. Leavens; K. Rustan M. Leino; Erik Poll
The Java Modeling Language (JML) can be used to specify the detailed design of Java classes and interfaces by adding annotations to Java source files. The aim of JML is to provide a specification language that is easy to use for Java programmers and that is supported by a wide range of tools for specification typechecking, runtime debugging, static analysis, and verification.This paper gives an overview of the main ideas behind JML, details about JML’s wide range of tools, and a glimpse into existing applications of JML.
formal methods | 2006
Gilles Barthe; Lilian Burdy; Julien Charles; Benjamin Grégoire; Marieke Huisman; Jean-Louis Lanet; Mariela Pavlova; Antoine Requet
We describe the main features of JACK (Java Applet Correctness Kit), a tool for the validation of Java applications, annotated with JML specifications. JACK has been especially designed to improve the quality of trusted personal device applications. JACK is fully integrated with the IDE Eclipse, and provides an easily accessible user interface. In particular, it allows to inspect the generated proof obligations in a Java syntax, and to trace them back to the source code that gave rise to them. Further, JACK provides support for annotation generation, and for interactive verification. The whole platform works both for source code and for bytecode, which makes it particularly suitable for a proof carrying code scenario.
smart card research and advanced application conference | 2004
Mariela Pavlova; Gilles Barthe; Lilian Burdy; Marieke Huisman; Jean-Louis Lanet
Smart card applications often handle privacy-sensitive information, and therefore must obey certain security policies. Typically, such policies are described as high-level security properties, stating for example that no pin verification must take place within a transaction.
dependable systems and networks | 2002
Ludovic Casset; Lilian Burdy; Antoine Requet
The Java security policy is implemented by security components such as the Java Virtual Machine (JVM), the API, the verifier, the loader. It is of prime importance to ensure that the implementation of these components is in accordance with their specifications. Formal methods can be used to bring the mathematical proof that the implementation of these components corresponds to their specification. In the paper, a formal development is performed on the Java Card byte code verifier using the B method. The whole Java Card language is taken into account in order to provide realistic metrics on formal development. The architecture and the tricky points of the development are presented. This formalization leads to an embeddable implementation of the byte code verifier thanks to automatic code translation from formal implementation into C code. We present the formal models, discuss the integration into the card and the results of such an experiment.
fundamental approaches to software engineering | 2007
Lilian Burdy; Marieke Huisman; Mariela Pavlova
We present the Bytecode Modeling Language (BML), the Java bytecode cousin of JML. BML allows the application developer to specify the behaviour of an application in the form of annotations, directly at the level of the bytecode. An extension of the class file format is defined to store the specification directly with the bytecode. This is a first step towards the development of a platform for Proof Carrying Code, where applications come together with their specification and a proof of correctness. BML is designed to be closely related with JML. In particular, JML specifications can be compiled into BML specifications. We briefly discuss the tools that are currently being developed for BML, and that will result in a tool set where an application can be validated throughout its development, both at source code and at bytecode level.
acm symposium on applied computing | 2006
Lilian Burdy; Mariela Pavlova
We propose a framework for establishing the correctness of untrusted Java bytecode components w.r.t. to complex functional and/or security policies. To this end, we define a bytecode specification language (BCSL) and a weakest precondition calculus for sequential Java bytecode. BCSL and the calculus are expressive enough for verifying non-trivial properties of programs, and cover most of sequential Java bytecode, including exceptions, subroutines, references, object creation and method calls. Our approach does not require that bytecode components are provided with their source code. Nevertheless, we provide a means to compile JML annotations into BCSL annotations by defining a compiler from the Java Modeling Language (JML) to BCSL. Our compiler can be used in combination with most Java compilers to produce extended class files from JML-annotated Java source programs. All components, including the verification condition generator and the compiler are implemented and integrated in the Java Applet Correctness Kit (JACK).
ABZ'12 Proceedings of the Third international conference on Abstract State Machines, Alloy, B, VDM, and Z | 2012
Denis Sabatier; Lilian Burdy; Antoine Requet; Jérôme Guéry
The New York City Transit Authority has included formal proofs at system level as part of the safety assessment for its New York subway Line 7 modernization project, based on the CBTC from Thales Toronto. ClearSy carries out these proofs. In this paper, we describe the expected results and benefits of such proofs. We also discuss the methodology, in particular the importance of obtaining a natural language precursor for proofs. This step is paramount to find the simplest reasons why the design ensures the wanted properties.
Lecture Notes in Computer Science | 2007
Sarah Hoffmann; Germain Haugou; Sophie Gabriele; Lilian Burdy
Microkernels have been developed to minimize the size of software that needs to run in privileged CPU-Mode. They provide only a set of general hardware abstractions, which then can be used to implement an operating system with a high level of reliability and security on top. L4 is a second generation microkernel based on the principles of minimalism, flexibility and efficiency. Its small size (about 15,000 lines of C++) and its relevance for security make it a good candidate for formal analysis. This paper describes our approach to develop a formal model of the API of the L4 microkernel. The goal was to evaluate the possibility to model such software with formal techniques, moreover, the objectives were: – to describe precisely the mechanisms of L4, – to obtain a more extensive documentation of the microkernel, – to highlight the points where the specification was incomplete, – to prove some static properties on the kernel. The formalism used to model the system is the Event B formalism. Event B allows to describe a system through a set of data with properties and the events modifying that data: an event either describes an internal behavior of the system or how the system reacts to external actions. Finally, B provides automatic and interactive tools to help proving formally that each event always respects the properties.
Archive | 2005
Gilles Barthe; Lilian Burdy; Marieke Huisman; Jean-Louis Lanet; Traian Muntean
The Architecture of a Privacy-Aware Access Control Decision Component.- Mobile Resource Guarantees and Policies.- Information Flow Analysis for a Typed Assembly Language with Polymorphic Stacks.- Romization: Early Deployment and Customization of Java Systems for Constrained Devices.- Typed Compilation Against Non-manifest Base Classes.- The Design of Application-Tailorable Operating System Product Lines.- Bringing Ease and Adaptability to MPSoC Software Design: A Component-Based Approach.- Modular Proof Principles for Parameterised Concretizations.- Formalisation and Verification of the GlobalPlatform Card Specification Using the B Method.
Lecture Notes in Computer Science | 2003
Lilian Burdy; Antoine Requet
This paper describes extensions of the B language concerning control flow breaks in implementations and specification of operations with exceptional behaviors. It does not claim to define those extensions in a pure formal and complete way. It is rather a presentation of what could be done and how it could be done. A syntax is proposed and proof obligations are defined using a weakest precondition calculus extended to deal with abrupt termination. Examples emphasizing the advantages of these extensions are also given.
Collaboration
Dive into the Lilian Burdy's collaboration.
French Institute for Research in Computer Science and Automation
View shared research outputs