Results 1  10
of
38
A Theorem Proving Approach to Analysis of Secure Information Flow
, 2003
"... Most attempts at analysing secure information flow in programs are based on domainspecific logics. Though computationally feasible, these approaches suffer from the need for abstraction and the high cost of building dedicated tools for real programming languages. We recast the information flow prob ..."
Abstract

Cited by 80 (10 self)
 Add to MetaCart
Most attempts at analysing secure information flow in programs are based on domainspecific logics. Though computationally feasible, these approaches suffer from the need for abstraction and the high cost of building dedicated tools for real programming languages. We recast the information flow problem in a general program logic rather than a problemspecific one. We investigate the feasibility of this approach by showing how a general purpose tool for software verification can be used to perform information ow analyses. We are able to handle phenomena like method calls, loops, and object types for the target language Java Card. We are also able to prove insecurity of programs.
The Rewriting Logic Semantics Project
 SOS 2005 PRELIMINARY VERSION
, 2005
"... Rewriting logic is a flexible and expressive logical framework that unifies denotational semantics and SOS in a novel way, avoiding their respective limitations and allowing very succinct semantic definitions. The fact that a rewrite theory’s axioms include both equations and rewrite rules provides ..."
Abstract

Cited by 39 (11 self)
 Add to MetaCart
Rewriting logic is a flexible and expressive logical framework that unifies denotational semantics and SOS in a novel way, avoiding their respective limitations and allowing very succinct semantic definitions. The fact that a rewrite theory’s axioms include both equations and rewrite rules provides a very useful “abstraction knob” to find the right balance between abstraction and observability in semantic definitions. Such semantic definitions are directly executable as interpreters in a rewriting logic language such as Maude, whose generic formal tools can be used to endow those interpreters with powerful program analysis capabilities.
Taclets: A New Paradigm for Constructing Interactive Theorem Provers
 CIENCIAS EXACTAS, FÍSICAS Y NATURALES, SERIE A: MATEMÁTICAS, 98(1), 2004. SPECIAL ISSUE ON SYMBOLIC COMPUTATION IN LOGIC AND ARTIFICIAL INTELLIGENCE
, 2004
"... Frameworks for interactive theorem proving give the user explicit control over the construction of proofs based on meta languages that contain dedicated control structures for describing proof construction. Such languages are not easy to master and thus contribute to the already long list of skill ..."
Abstract

Cited by 22 (8 self)
 Add to MetaCart
Frameworks for interactive theorem proving give the user explicit control over the construction of proofs based on meta languages that contain dedicated control structures for describing proof construction. Such languages are not easy to master and thus contribute to the already long list of skills required by prospective users of interactive theorem provers. Most users, however, only need a convenient formalism that allows to introduce new rules with minimal overhead. On the the other hand, rules of calculi have not only purely logical content, but contain restrictions on the expected context of rule applications and heuristic information. We suggest a new and minimalist concept for implementing interactive theorem provers called taclet. Their usage can be mastered in a matter of hours, and they are efficiently compiled into the GUI of a prover. We implemented the KeY system, an interactive theorem prover for the full JAVA CARD language based on taclets.
A Program Logic for Handling JAVA CARD's Transaction Mechanism
, 2002
"... In this paper we extend a program logic for verifying JAVA CARD applications by introducing a \throughout" operator that allows us to prove \strong" invariants. Strong invariants can be used to ensure \rip out" properties of JAVACARD programs (properties that are to be maintained in case of unex ..."
Abstract

Cited by 22 (12 self)
 Add to MetaCart
In this paper we extend a program logic for verifying JAVA CARD applications by introducing a \throughout" operator that allows us to prove \strong" invariants. Strong invariants can be used to ensure \rip out" properties of JAVACARD programs (properties that are to be maintained in case of unexpected termination of the program). Along with introducing the \throughout" operator, we show how to handle the JAVACARD transaction mechanism (and, thus, conditional assignments) in our logic. We present sequent calculus rules for the extended logic.
A formally verified calculus for full Java Card
 AMAST 2004. LNCS
, 2004
"... We present a calculus for the verification of sequential Java programs. It supports all Java language constructs and has additional support for Java Card. The calculus is formally proved correct with respect to a natural semantics. It is implemented in the KIV system and used for smart card applica ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
We present a calculus for the verification of sequential Java programs. It supports all Java language constructs and has additional support for Java Card. The calculus is formally proved correct with respect to a natural semantics. It is implemented in the KIV system and used for smart card applications.
Dynamic logic with nonrigid functions: A basis for objectoriented program verification
 IJCAR, volume 4130 of LNCS
, 2006
"... Abstract. We introduce a dynamic logic that is enriched by nonrigid functions, i.e., functions that may change their value from state to state (during program execution), and we present a (relatively) complete sequent calculus for this logic. In conjunction with dynamically typed object enumerators ..."
Abstract

Cited by 20 (9 self)
 Add to MetaCart
Abstract. We introduce a dynamic logic that is enriched by nonrigid functions, i.e., functions that may change their value from state to state (during program execution), and we present a (relatively) complete sequent calculus for this logic. In conjunction with dynamically typed object enumerators, nonrigid functions allow to embed notions of objectorientation in dynamic logic, thereby forming a basis for verification of objectoriented programs. A semantical generalisation of substitutions, called state update, which we add to the logic, constitutes the central technical device for dealing with object aliasing during function modification. With these few extensions, our dynamic logic captures the essential aspects of the complex verification system KeY and, hence, constitutes a foundation for objectoriented verification with the principles of reasoning that underly the successful KeY case studies.
The KeY Tool
, 2003
"... KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and objectoriented development techniques are applied in an integrated manner. Formal specification is per ..."
Abstract

Cited by 18 (4 self)
 Add to MetaCart
KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development. Using the KeY tool, formal methods and objectoriented development techniques are applied in an integrated manner. Formal specification is performed using the Object Constraint Language (OCL), which is part of the UML standard. KeY provides support for the authoring and formal analysis of OCL constraints. The target language of KeY based development is JAVA CARD, a proper subset of JAVA for smart card applications and embedded systems. KeY uses a dynamic logic for JAVA CARD to express proof obligations, and provides a stateoftheart theorem prover for interactive and automated verification. Apart from its integration into UML based software development, a characteristic feature of KeY is that formal specification and verification can be introduced incrementally.
Software Verification with Integrated Data Type Refinement for Integer Arithmetic
, 2004
"... We present an approach to integrating the refinement relation between infinite integer types (used in specification languages) and finite integer types (used in programming languages) into software verification calculi. Since integer types in programming languages have finite ranges, in general they ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
We present an approach to integrating the refinement relation between infinite integer types (used in specification languages) and finite integer types (used in programming languages) into software verification calculi. Since integer types in programming languages have finite ranges, in general they are not a correct data refinement of the mathematical integers usually used in specification languages. Ensuring the correctness of such a refinement requires generating and verifying additional proof obligations. We tackle this problem considering Java and UML/OCL as example. We present a sequent calculus for Java integer arithmetic with integrated generation of refinement proof obligations. Thus, there is no explicit...
The KeY system: Integrating objectoriented design and formal methods
 In RalfDetlef Kutsche and
, 2002
"... Abstract. This paper gives a brief description of the KeY system, a tool written as part of the ongoing KeY project 1, which is aimed at bridging the gap between (a) OO software engineering methods and tools and (b) deductive verification. The KeY system consists of a commercial CASE tool enhanced w ..."
Abstract

Cited by 15 (11 self)
 Add to MetaCart
Abstract. This paper gives a brief description of the KeY system, a tool written as part of the ongoing KeY project 1, which is aimed at bridging the gap between (a) OO software engineering methods and tools and (b) deductive verification. The KeY system consists of a commercial CASE tool enhanced with functionality for formal specification and deductive verification. 1
Program Verification Using Change Information
 In Proceedings, Software Engineering and Formal Methods (SEFM
, 2003
"... We propose an extension of the designbycontract approach. In addition to preconditions, postconditions, and invariants as the basis for proving properties of a program, also information is provided on which parts of the state are not changed by running the program. This is done in the form of modi ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
We propose an extension of the designbycontract approach. In addition to preconditions, postconditions, and invariants as the basis for proving properties of a program, also information is provided on which parts of the state are not changed by running the program. This is done in the form of modifier sets. We present a precise semantics of modifier sets and theorems on how to use them in programcorrectness proofs. This technique has been implemented as part of the KeY system.