• Journal of KIISE:Software and Applications
• /
• v.35 no.12
• /
• pp.731-740
• /
• 2008

A railway control system is one of the typical safety-critical systems. It is required to use formal methods for the requirements specification and verification in order to develop the global-standard railway control systems based on the computer systems. In this paper, we develop a guideline for requirements specification using formal methods, and present a case study of the development of a computer-based railway control system through the application of the proposed guideline. We use the Statechart and the Z method for the formal requirements specifications and verify the consistency and completeness of the formal specifications of the requirements.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.533-537
• /
• 2003

보안 시스템의 안전성을 분석하기 위해서는, 정형적 방법론을 사용하여 보안 시스템에 대한 이론적인 수학적 모델을 정형적으로 설계하고, 보안 속성을 정확히 기술해야만 한다. 본 논문에서는 보안 시스템의 안전성을 검증하기 위한 보안모델의 구성요소와 안전성 검증방법을 설명한다. 그리고 보안모델을 설계하고 안전성을 분석하기 위한 SEW(Safety Evaluation Workshop)의 전체 구조와 SPR(Safety Problem Resolver) 정형검증도구의 검증방법 및 기능에 대해 소개하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.115-129
• /
• 2003

This paper presents a semi-automated formal verification method based on the famous SVO logic, and discusses its experimental results. We discuss several problems on automating the SVO logic and design its derivative, ASVO logic for automation. Also the proposed method is implemented by the Isabelle/Isar system. As a result, we verified the well-known weakness of the NSSK protocol that is vulnerable to the Denning-Sacco attack, using our Isabelle/ASVO system. Finally, we refined the protocol by following the logical consequence of the ASVO verification.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.387-396
• /
• 2014

Recently, there have been continuous efforts and progresses regarding the research on diverse network control and management platforms for SDN (Software Defined Networking). SDN is defined as a new technology to enable service providers/network operators easily to control and manage their networks by writing a simple application program. In SDN, incomplete or malicious programmable entities could cause break-down of underlying networks shared by heterogeneous devices and stake-holders. In this sense, any misunderstanding or diverse interpretations should be completely avoided. This paper proposes a new framework for SDN application verification and a prototype based on the formal method, especially with process algebra called pACSR which is an extended version of Algebra of Communicating Shared Resources (ACSR).

• The KIPS Transactions:PartD
• /
• v.8D no.1
• /
• pp.62-70
• /
• 2001

Correct descriptions for software component functions become a strong requirement in developing critical software especially on the area of real-time applications. In this paper, we introduce both formalization of software design using patterns and verification methods in order for the components to increase their understandability. In particular, the paper investigates into a means of formal description techniques based on VDM++ for the software components, and provides adequacy proof steps for a given functional descriptions.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.4
• /
• pp.21-27
• /
• 2003

In these paper, we define object models in order to represent a correct analysis model, propose translation method to formal specification necessary to uniform and standard. The translated model provide to correctness, consistency and completeness. If it is happen to error in the VDM specification, we can verify model to adapt initial object model step. It increase correctness to retrieval, reduce the costs and efforts of after development because of the verified model used to basic specification in design step.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10d
• /
• pp.19-21
• /
• 2002

Writing requirements in formal notation for a safety-critical system can improve software quality and reduce the errors that may arise later on in the software development life cycle. In this paper, we propose a formal specification approach used to describe the nuclear control system. The approach is based on the existing AECL approach that was the only formal specification technique applied to nuclear control systems in the past. Although the approach is AECL-based, the complex descriptions of certain requirements have been reduced by using different specification techniques. We discuss the differences and how the proposed approach provides not only specification but also verification environment.

• Journal of Communications and Networks
• /
• v.16 no.4
• /
• pp.385-396
• /
• 2014

In this paper, we present a formal method for modeling and checking an enhanced version of the carrier sense multiple access with collision avoidance protocol related to the IEEE 802.11 MAC layer, which has been proposed as the standard protocol for wireless local area networks. We deal mainly with the distributed coordination function (DCF) procedure of this protocol throughout a sequence of transformation steps. First, we use the unified modeling language state machines to thoroughly capture the behavior of wireless stations implementing a DCF, and then translate them into the input language of the UPPAAL model checking tool, which is a network of communicating timed automata. Finally, we proceed by checking of some of the safety and liveness properties, such as deadlock-freedom, using this tool.

• Journal of Appropriate Technology
• /
• v.7 no.2
• /
• pp.172-187
• /
• 2021

In remote villages without access to modern IT technology, simple devices such as smartcards can be used to carry out business transactions. These devices typically store multiple business applications from multiple vendors. Although devices must prevent malicious or accidental security breaches among the applications, a secure communication channel between two applications from different vendors is often required. In this paper, first, we propose a method of establishing secure communication channels between applications in embedded operating systems that run on multi-applet smart cards. Second, we enforce the high assurance using an intransitive noninterference security policy. Thirdly, we formalize the method through the Z language and create the formal specification of the proposed secure system. Finally, we verify its correctness using Rushby's unwinding theorem.

• International Journal of Safety
• /
• v.3 no.1
• /
• pp.38-46
• /
• 2004

This paper introduces the software life-cycle V&V (verification and validation) tasks for the KNICS (Korea nuclear instrumentation and control system) project. The objectives of the V&V tasks are mainly to develop a programmable logic controller (PLC) for safety critical instrumentation and control (I&C) systems, and then to apply the PLC to developing the prototype of an engineered safety features-component control system (ESF-CCS) in nuclear power plants. As preparative works for the software V&V, various kinds of software plans and V&V task procedures have been developed according to the software life-cycle management. A number of software V&V tools have been adopted or developed to efficiently support the V&V tasks. The V&V techniques employed in this work include a checklist-based review and inspection, a requirement traceability analysis, formal verification, and life-cycle based software testing.