Skip to main content
Springer Nature Link
Log in

Application of Validation Obligations to Security Concerns

  • Conference paper
  • First Online:
Database and Expert Systems Applications - DEXA 2022 Workshops (DEXA 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1633))

Included in the following conference series:

  • 844 Accesses

Abstract

Our lives become increasingly dependent on safety- and security-critical systems, so formal techniques are advocated for engineering such systems. One of such techniques is validation obligations that enable formalizing requirements early in development to ensure their correctness. Furthermore, validation obligations help hold requirements consistent in an evolving model and create assurances about the model’s completeness. Although initially proposed for safety properties, this paper shows how the technique of validation obligations enables us to also reason about security concerns through an example from the medical domain.

The research presented in this paper has been conducted within the IVOIRE project, which is funded by “Deutsche Forschungsgemeinschaft” (DFG) and the Austrian Science Fund (FWF) grant # I 4744-N. The work of Sebastian Stock and Atif Mashkoor has been partly funded by the LIT Secure and Correct Systems Lab sponsored by the province of Upper Austria.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
eBook
USD 109.00
Price excludes VAT (USA)
Softcover Book
USD 139.99
Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    \(e(\texttt {startSystem})\) means that this event is enabled because its guard is true.

  2. 2.

    We omitted parts of the graphic for space reasons.

References

  1. Abrial, J.R.: Modeling in Event-B: system and software engineering. Cambridge University Press (2010)

    Google Scholar 

  2. Abrial, J.R., Butler, M., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. Int. J. Softw. Tools Technol. Transfer 12(6), 447–466 (2010)

    Article  Google Scholar 

  3. Biró, M., Mashkoor, A., Sametinger, J., Seker, R.: Software safety and security risk mitigation in cyber-physical systems. IEEE Softw. 35(1), 24–29 (2018)

    Article  Google Scholar 

  4. Copper, D., Barnes, J.: Tokeneer id station eal5 demonstrator: Summary report. Tech. Rep., Augugst, Altran Praxis Limited (2008)

    Google Scholar 

  5. Cristiá, M., Rossi, G.: An automatically verified prototype of the tokeneer id station specification. J. Autom. Reason. 65(8), 1125–1151 (2021)

    Article  MathSciNet  Google Scholar 

  6. Fitzgerald, J.S., Tjell, S., Larsen, P.G., Verhoef, M.: Validation support for distributed real-time embedded systems in vdm++. In: 10th IEEE High Assurance Systems Engineering Symposium (HASE 2007). pp. 331–340. IEEE (2007)

    Google Scholar 

  7. Leuschel, M., Butler, M.: ProB: a model checker for B. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 855–874. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45236-2_46

    Chapter  Google Scholar 

  8. Mashkoor, A.: The hemodialysis machine case study. In: Butler, M., Schewe, K.-D., Mashkoor, A., Biro, M. (eds.) ABZ 2016. LNCS, vol. 9675, pp. 329–343. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33600-8_29

    Chapter  Google Scholar 

  9. Mashkoor, A., Kossak, F., Egyed, A.: Evaluating the suitability of state-based formal methods for industrial deployment. Softw. Pract. Exp. 48(12), 2350–2379 (2018)

    Article  Google Scholar 

  10. Mashkoor, A., Leuschel, M., Egyed, A.: Validation obligations: a novel approach to check compliance between requirements and their formal specification. In: 2021 IEEE/ACM 43rd International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER), pp. 1–5. IEEE (2021)

    Google Scholar 

  11. Mashkoor, A., Sametinger, J., Biro, M., Egyed, A.: Security- and safety-critical cyber-physical systems. J. Soft. Evol. Process 32(2), e2239 (2020)

    Google Scholar 

  12. (NSA): The tokeneer case study. https://www.adacore.com/tokeneer, (Accessed 19 July 2022, 14:12:17)

  13. Rivera, V., Bhattacharya, S., Cataño, N.: Undertaking the tokeneer challenge in event-b. In: Proceedings of the 4th FME Workshop on Formal Methods in Software Engineering, pp. 8–14 (2016)

    Google Scholar 

  14. Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Johannes Kepler University, Linz, Austria

    Sebastian Stock, Atif Mashkoor & Alexander Egyed

Authors
  1. Sebastian Stock
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Atif Mashkoor
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexander Egyed
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sebastian Stock .

Editor information

Editors and Affiliations

  1. Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Gabriele Kotsis

  2. Technical University of Vienna, Vienna, Austria

    A Min Tjoa

  3. Johannes Kepler University of Linz, Linz, Austria

    Ismail Khalil

  4. Software Competence Center Hagenberg, Hagenberg, Austria

    Bernhard Moser

  5. (WU) Vienna University of Economics and Business, Vienna, Austria

    Alfred Taudes

  6. Johannes Kepler University of Linz, Linz, Austria

    Atif Mashkoor

  7. Johannes Kepler University of Linz, Linz, Austria

    Johannes Sametinger

  8. Software Competence Center Hagenberg, Hagenberg, Austria

    Jorge Martinez-Gil

  9. Software Competence Center Hagenberg, Hagenberg, Austria

    Florian Sobieczky

  10. Software Competence Center Hagenberg, Hagenberg, Austria

    Lukas Fischer

  11. Software Competence Center Hagenberg, Hagenberg, Austria

    Rudolf Ramler

  12. Pak-Austria Fachhochschule - Institute of Applied Sciences and Technology (PAF-IAST), Haripur, Pakistan

    Maqbool Khan

  13. Software Competence Center Hagenberg, Hagenberg, Austria

    Gerald Czech

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Stock, S., Mashkoor, A., Egyed, A. (2022). Application of Validation Obligations to Security Concerns. In: Kotsis, G., et al. Database and Expert Systems Applications - DEXA 2022 Workshops. DEXA 2022. Communications in Computer and Information Science, vol 1633. Springer, Cham. https://doi.org/10.1007/978-3-031-14343-4_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-14343-4_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-14342-7

  • Online ISBN: 978-3-031-14343-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation