Integration of Formal Proof into Unified Assurance Cases with Isabelle/SACM,Formal Aspects of Computing

当前位置： X-MOL 学术 › Form. Asp. Comput. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

Integration of Formal Proof into Unified Assurance Cases with Isabelle/SACM
Formal Aspects of Computing ( IF 1 ) Pub Date : 2021-06-08 , DOI: 10.1007/s00165-021-00537-4
Simon Foster ₁ , Yakoub Nemouchi ₁ , Mario Gleirscher ₁ , Ran Wei ₁ , Tim Kelly ₁

Affiliation

Abstract

Assurance cases are often required to certify critical systems. The use of formal methods in assurance can improve automation, increase confidence, and overcome errant reasoning. However, assurance cases can never be fully formalised, as the use of formal methods is contingent on models that are validated by informal processes. Consequently, assurance techniques should support both formal and informal artifacts, with explicated inferential links between them. In this paper, we contribute a formal machine-checked interactive language, called Isabelle/SACM, supporting the computer-assisted construction of assurance cases compliant with the OMG Structured Assurance Case Meta-Model. The use of Isabelle/SACM guarantees well-formedness, consistency, and traceability of assurance cases, and allows a tight integration of formal and informal evidence of various provenance. In particular, Isabelle brings a diverse range of automated verification techniques that can provide evidence. To validate our approach, we present a substantial case study based on the Tokeneer secure entry system benchmark. We embed its functional specification into Isabelle, verify its security requirements, and form a modular security case in Isabelle/SACM that combines the heterogeneous artifacts. We thus show that Isabelle is a suitable platform for critical systems assurance.

中文翻译：

使用 Isabelle/SACM 将形式证明集成到统一保证案例中

摘要

通常需要保证案例来验证关键系统。在保证中使用形式化方法可以提高自动化程度、增加信心并克服错误推理。然而，保证案例永远不可能完全正式化，因为正式方法的使用取决于通过非正式流程验证的模型。因此，保证技术应该支持正式和非正式的工件，并在它们之间具有明确的推理链接。在本文中，我们提供了一种正式的机器检查交互式语言，称为 Isabelle/SACM，支持计算机辅助构建符合 OMG 结构化保证案例元模型的保证案例。Isabelle/SACM 的使用保证了保证案例的格式良好、一致性和可追溯性，并允许将各种出处的正式和非正式证据紧密结合起来。特别是，伊莎贝尔带来了可以提供证据的各种自动验证技术。为了验证我们的方法，我们提出了一个基于 Tokeneer 安全进入系统基准的大量案例研究。我们将其功能规范嵌入到 Isabelle 中，验证其安全需求，并在 Isabelle/SACM 中形成一个组合异构工件的模块化安全案例。因此，我们表明 Isabelle 是关键系统保障的合适平台。我们将其功能规范嵌入到 Isabelle 中，验证其安全需求，并在 Isabelle/SACM 中形成一个组合异构工件的模块化安全案例。因此，我们表明 Isabelle 是关键系统保障的合适平台。我们将其功能规范嵌入到 Isabelle 中，验证其安全需求，并在 Isabelle/SACM 中形成一个组合异构工件的模块化安全案例。因此，我们表明 Isabelle 是关键系统保障的合适平台。

更新日期：2021-06-08

点击分享查看原文

点击收藏

公开下载

阅读更多本刊最新论文本刊介绍/投稿指南

全部期刊列表>>