N. De Francesco

Modelling free flight with collision avoidance

Free flight has been proposed as a future alternative to the current policy in air traffic management (ATM) where aircraft follow predefined corridors. In free flight pilots can choose their own optimal routes, altitudes and velocities but are also responsible for the safe and fair resolution of trajectory conflicts. This would require a safe distributed control system were the trajectories that aircraft follow are as optimal as possible respecting sufficient safety distances. We model aircraft behaviour using non-determinism in such a way that reachability analysis provides the optimal trajectories of the aircraft. We compare the obtained results with the conflict resolution solutions proposed in the literature.

Development of a debugger for a concurrent language

This work discusses some issues in the debugging of concurrent programs. A set of desirable characteristics of a debugger for concurrent languages is deduced from an examination of the differences between the debugging of concurrent programs and that of sequential ones. A debugger for a concurrent language, derived from CSP, is then presented. It is based upon a semantic model of the supported language. The debugger enables to compare a description of the program behaviour to the actual behaviour as well as to valuate assertions on the process state. The description of the behaviuor is given by a formalism whose semantics is also specified. The formalism can specify program behaviuors at various abstraction levels. Lastly some guidelines for the implementation of the debugger are shown and a detailed example of program description is analyzed.

Checking secure information flow in java bytecode by code transformation and standard bytecode verification

A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type‐level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error detected by the Verifier on the transformed code corresponds to a possible illicit information flow in the original code. We present a prototype tool that implements the method and we show an example of application. Copyright

An Abstract Semantics Tool for Secure Information Flow of Stack-based Assembly Programs

Abstract We present a tool supporting the verification of programs written in stack-based assembly language against the secure information flow property. First, the tool builds the transition system, which corresponds to an abstract execution of the program, embodying security information and abstracting from the actual values. Then the states of the abstract transition system are checked to detect the satisfaction of the secure information flow property. The tool offers a windows user interface, through which the user can control the verification process, and observe the intermediate and final results.

Abstract interpretation to check secure information flow in programs with input-output security annotations

We present a method based on abstract interpretation to check secure information flow in programs with dynamic structures where input and output channels are associated with security levels. In the concrete operational semantics each value is annotated with a security level dynamically taking into account both the explicit and the implicit information flows. We define a collecting semantics associating to each program point the set of concrete states of the machine when the point is reached. The abstract domains are obtained from the concrete ones by keeping the security levels and forgetting the actual values. An element of the abstract domain of states is a table whose rows correspond to the instructions of the program. An abstract operational semantics is defined on the abstract domain, and an efficient implementation is shown, operating a fixpoint iteration similar to that of the Java bytecode verification. The approach allows certifying a larger set of programs with respect to the typing approaches to check secure information flow.

Shared abstract data type: an algebraic methodology for their specification

In this paper a methodology for specifying data in a transaction system is proposed. We present the outline of a style of shared data definition, by which it is possible to avoid the unnecessary constraints on concurrency usually imposed by traditional transaction management approaches. The used method is based on the definition of the data as abstract data types in the well known algebraic method. The semantics of the data is given in two steps: the usual semantics of the operations and the specification of concurrency constraints among them. Uniformity in the semantics definition allows the user to employ semantic knowledge needed to exploit the maximum level of parallelism permitted by the expected notion of consistency on data.

Modular verification of correctness properties in environment for concurrent systems specifications: deadlock case

Abstract A methodology is described to build up specification language environments for concurrent systems, combining static and dynamic tools to support checks on specification properties. To reduce the complexity of the proving procedure, static tools do not prove correctness totally, but only in a reasonable set of cases. The excluded cases are managed by dynamic tools, which in turn work on a simplified situation with respect to a dynamic environment. Moreover, particular characteristics of the specification language, the ability to structure communication patterns and modularity, can be exploited to improve efficiency of the static tools. Among static properties, deadlock freeness is checked for the language using the methodology. Different approximations of such a property are defined in such a way that a progressive refinement of the static correctness can be obtained. For each subproperty, a tool that proves it is described. The dynamic deadlock checker is also sketched only for the parts influenced by the proposed methodology.

Decomposing bytecode verification by abstract interpretation

Bytecode verification is a key point in the security chain of the Java platform. This feature is only optional in many embedded devices since the memory requirements of the verification process are too high. In this article we propose an approach that significantly reduces the use of memory by a serial/parallel decomposition of the verification into multiple specialized passes. The algorithm reduces the type encoding space by operating on different abstractions of the domain of types. The results of our evaluation show that this bytecode verification can be performed directly on small memory systems. The method is formalized in the framework of abstract interpretation.

An approach to system design based on P/T net simulation

Abstract This work presents a technique of early simulation in the design phase of concurrent and distributed systems. A P/T net is used to model the system whose behavior is simulated by the net execution; the truly concurrent semantics of P/T nets establishes a partial order among the system events. The designer can interact with the simulator asking for measures about the system behavior that concern all executions respecting the same partial order. Some measures, such as the degree of parallelism exploited, are not easily obtainable from an interleaving semantics. Moreover, the designer can force the system behavior to reflect resource-constrained environments.