Architectural tactics enable stakeholders to achieve cyber-resilience requirements. They permit systems to react, resist, detect, and recover from cyber incidents. This paper presents an approach to generate source code for architectural tactics typically used in safety and mission-critical systems. Our approach extensively relies on the use of the Event-B formal method and the EventB2Java code generation plugin of the Rodin platform. It leverages the modeling of architectural tactics in the Event-B formal language and uses a set of EventB2Java transformation rules to generate certified code implementations for the said tactics. Since resilience requirements are statements about a system over time, and because of the fact that the Event-B language does not provide (native) support for the writing of temporal specifications, we have implemented a novel Linear Temporal Logic (LTL) extension for Event-B . We support several architectural tactics for availability, performance, and security. The generated code is certified in the following sense: discharging proof obligations in Rodin - the platform we use for writing the Event-B models - attests to the soundness of the architectural tactics modelled in Event-B , and the soundness of the translation encoded by the EventB2Java tool attests to the code correctness. Finally, we demonstrate the usability of our resilience validation approach with the aid of an Autonomous Vehicle System. It further helped us increase our confidence in the soundness of our Event-B LTL extension.

中文翻译：

---

网络弹性程序综合

架构策略使利益相关者能够实现网络弹性要求。它们允许系统对网络事件做出反应、抵制、检测和恢复。本文介绍了一种为安全和关键任务系统中通常使用的架构策略生成源代码的方法。我们的方法广泛依赖于使用Event-B形式化方法和Rodin平台的EventB2Java代码生成插件。它利用了架构策略的建模Event-B形式语言并使用了一组EventB2Java 转换规则为上述策略生成经过认证的代码实现。由于弹性需求是关于系统随时间变化的陈述，并且由于事实上Event-B 语言不提供（本机）对时间规范编写的支持，我们已经实现了一种新颖的线性时间逻辑（LTL）扩展事件-B。我们支持多种可用性、性能和安全性的架构策略。生成的代码在以下意义上得到认证：在 Rodin 中履行证明义务——我们用于编写Event-B 模型 - 证明在中建模的架构策略的可靠性Event-B ，以及由EventB2Java 工具证明了代码的正确性。最后，我们在自动驾驶汽车系统的帮助下展示了我们的弹性验证方法的可用性。它进一步帮助我们增强了对 Event-B LTL 扩展的可靠性的信心。