TY - GEN
T1 - A formal framework to integrate timed security rules within a TEFSM-based system specification
AU - Mallouli, Wissam
AU - Mammar, Amel
AU - Cavalli, Ana
PY - 2009/12/1
Y1 - 2009/12/1
N2 - Formal methods are very useful in software industry and are becoming of paramount importance in practical engineering techniques. They involve the design and the modeling of various system aspects expressed usually through different paradigms. In this paper, we propose to combine two modeling formalisms in order to express both functional and security timed requirements of a system. First, the system behavior is specified based on its functional requirements using TEFSM (Timed Extended Finite State Machine) formalism. Second, this model is augmented by applying a set of dedicated algorithms to integrate timed security requirements specified in Nomad language. This language is well adapted to express security properties such as permissions, prohibitions and obligations with time considerations. The resulting secure model can be used for several purposes such as code generation, specification correctness proof, model checking or automatic test generation. In this paper, we applied our approach to a France Telecom( France Telecom is the main telecommunication company in France) Travel service in order to demonstrate its feasibility.
AB - Formal methods are very useful in software industry and are becoming of paramount importance in practical engineering techniques. They involve the design and the modeling of various system aspects expressed usually through different paradigms. In this paper, we propose to combine two modeling formalisms in order to express both functional and security timed requirements of a system. First, the system behavior is specified based on its functional requirements using TEFSM (Timed Extended Finite State Machine) formalism. Second, this model is augmented by applying a set of dedicated algorithms to integrate timed security requirements specified in Nomad language. This language is well adapted to express security properties such as permissions, prohibitions and obligations with time considerations. The resulting secure model can be used for several purposes such as code generation, specification correctness proof, model checking or automatic test generation. In this paper, we applied our approach to a France Telecom( France Telecom is the main telecommunication company in France) Travel service in order to demonstrate its feasibility.
KW - Formal methods
KW - Nomad language
KW - Test generation
KW - Timed extended finite state machines
U2 - 10.1109/APSEC.2009.52
DO - 10.1109/APSEC.2009.52
M3 - Conference contribution
AN - SCOPUS:76349108792
SN - 9780769539096
T3 - Proceedings - Asia-Pacific Software Engineering Conference, APSEC
SP - 489
EP - 496
BT - Proceedings - 16th Asia-Pacific Software Engineering Conference, APSEC 2009
T2 - 16th Asia-Pacific Software Engineering Conference, APSEC 2009
Y2 - 1 December 2009 through 3 December 2009
ER -