• The KIPS Transactions:PartD
• /
• v.10D no.5
• /
• pp.813-820
• /
• 2003

This paper solves Push-Push game with the model checker NuSMY which exhaustively explores all search space to determine whether a model satisfies a property. In case a model doesn't satisfy properties to be checked, NuSMV generates a counterexample which tells where this unsatisfaction occurs. However, the algorithm for generating counterexample in NuSMV traverses a search space twice so that it is inefficient for solving the game we consider here. To save the time to be required to complete the game, we revise the part of counterexample generation so that it traverses a search space once. As a result, we obtain 62% time improvement and 11% space improvement in solving the game with modified NuSMV.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10b
• /
• pp.358-360
• /
• 2003

모델검사는 시스템과 그 시스템이 만족해야할 속성을 입력받아서 시스템이 속성을 만족하는지를 자동으로 보여주는 기술이다. 시스템이 속성을 만족한다면 참을, 만족하지 않는다면 왜 만족하지 않는지에 대한 반례를 보여준다. 모델검사에서 반례는 시스템의 오류를 발견하는데 중요하게 사용된다. 또한 모델검사를 이용해서 게임시스템을 모델링하고 반례를 이용해서 게임에 대한 풀이를 알 수 있게 되었다. 하지만 이런 반례가 최적의 풀이인지는 알 수 없었다. 이 논문은 모델검사에서 나온 게임 풀이가 최단 풀이 경로인지를 살펴본다. 그리고 최단 풀이경로를 출력하도록 NuSMV를 수정하여 원래 NuSMV에서 생성된 게임 풀이와 길이를 비교해 본다.

• The KIPS Transactions:PartD
• /
• v.12D no.1 s.97
• /
• pp.81-90
• /
• 2005

Given a model and a property, model checking determines whether the model satisfies the property. In case the model does not satisfy the property model checking gives a counterexample which explains where the violation occurs. Since counterexamples are useful for model debugging as well as model understanding, counterexample generation is one of the indispensable components in the model checking tool. This paper presents efficient counterexample generation techniques when a safety property is falsified. These techniques are used to solve Push Push games which consist of 50 games. As a result, all the games are solved with the proposed techniques. However, with the original NuSMV, 42 games are solved but 8 failed. In addition, we obtain $86{\%}$ time improvement and $62{\%}$ space improvement compared to the original NuSMV in solving the game.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.16 no.2
• /
• pp.95-103
• /
• 2016

In a dynamic environment autonomous robots often encounter unexpected situations that the robots have to deal with in order to continue proceeding their mission. We propose an adaptive goal-based model that allows cyber-physical systems (CPS) to update their environmental model and helps them analyze for attainment of their goals from current state using the updated environmental model and its capabilities. Information exchange approach utilizes Human-Agent-Robot-Machine-Sensor (HARMS) model to exchange messages between CPS. Model validation method uses NuSMV, which is one of Model Checking tools, to check whether the system can continue its mission toward the goal in the given environment. We explain a practical set up of the model in a situation in which homogeneous robots that has the same capability work in the same environment.

• The KIPS Transactions:PartD
• /
• v.11D no.6
• /
• pp.1295-1300
• /
• 2004

Although model checking has gained its popularity as one of the most effective approaches to the formal verification, it has to deal with the state explosion problem to be widely used in industry. In order to mitigate the problem, this paper proposes an ion technique to obtain a reduced model M' from a given original model M. Our technique Identifies the set of necessary variables for model checking and projects the state space onto them. The model M' is smaller in both size and behavior than the original model M, written M'$\leq$M. Since the result of reachability analysis with M' is preserved in M, we can do reachability analysis with model checking using M' instead of M. The abstraction technique is applied to Push Push games, and two model checkers - Cadence SMV and NuSMV - are used to solve the games. As a result, most of unsolved games with the usual model checking are solved with the ion technique. In addition, ion shows that there is much of time and space improvement. With Cadence SMV, there is 87% time improvement and 79% space one. And there is 83% time improvement and 56% space one with NuSMV.

• Proceedings of the Korean Nuclear Society Conference
• /
• 2005.10a
• /
• pp.1099-1100
• /
• 2005

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06c
• /
• pp.190-192
• /
• 2006

원자력 발전소의 제어 소프트웨어는 안전성이 중요시 되는 시스템이다. KNICS 컨소시엄의 APR-1400 RPS 개발 프로젝트에서는 시스템의 안전성과 품질을 높이기 위하여 요구사항을 NuSCR 정형명세로 기술하였다. 명세에 대한 분석을 위하여 SMV를 이용한 자동화된 정형검증 기법이 사용되는데, 본 논문에서는 테이블 형태의 명세인 SDT까지 그 범위를 확장하는 방법을 제안한다. 제안하는 방법의 효율성을 입증하기 위하여 실제 프로젝트에서 개발중인 시스템의 일부를 예제로 사용하였다.

• Journal of KIISE:Software and Applications
• /
• v.31 no.6
• /
• pp.773-783
• /
• 2004

This paper presents a method for real-time verification of Statecharts. Statecharts has been widely used for real-time reactive systems, and supports two time models: synchronous and asynchronous. However, existing real-time verification methods for them are incompatible with the asynchronous time model or increase state space by introducing new variables to the target models. We solved these problems by extending existing model checking algorithms. The extended algorithms can be used with both time models of Statecharts because they consider time increasing transitions only. In addition, they do not increase target state space since they count those transitions internally without additional variables. We extended an existing model checker, NuSMV, based on the proposed algorithms and conducted some experiments to show their advantage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.739-751
• /
• 2019

Security in embedded devices has become a significant issue. Threats on the sup-ply chain, like using counterfeit components or inserting backdoors intentionally are one of the most significant issues in embedded devices security. To mitigate these threats, high-level security evaluation and certification more than EAL (Evaluation Assurance Level) 5 on CC (Common Criteria) are necessary on hardware components, especially on the cryptographic module such as AES. High-level security evaluation and certification require detecting covert channel such as backdoors on the cryptographic module. However, previous studies have a limitation that they cannot detect some kinds of backdoors which leak the in-formation recovering a secret key on the cryptographic module. In this paper, we present an expanded definition of backdoor on hardware AES module and show how to detect the backdoor which is never detected in Verilog HDL using model checker NuSMV.

• Proceedings of the KIEE Conference
• /
• 2006.07a
• /
• pp.27-28
• /
• 2006

최근 변전소 자동화 시스템에서 가장 큰 관심사는 종래의 인간의 개입을 최소화 할 수 있는 통합화, 자동화, 원격 감시화이다. 즉 변전소를 구성하는 장비들은 서로 다른 구조와 통신방식에서 벗어나 IEC61850 표준규격에서 제안하는 객체 모델링 및 통신프로토콜을 이용한 마이크로프로세서 기반의 IED를 개발하여 상호운용성을 확보하는 것이다. 본 연구에서는 IEC61850기반의 간단한 과전류 계전 IED(OCR)를 개발하고 그 구현방법을 설명하였다. 구현을 위해 상용보드인 MVME5100에 실시간 운영체제인 VxWorks를 포팅하여 MMS(Manufacturing Message Specification), SMV(Sampled multicast value) GOOSE(Generic object oriented substation event) 통신모듈을 탑재하였고 과전류 계전 요소들을 논리장치 및 논리노드로 구현하였다. 또한 전력계통 시뮬레이터인 Hypersim을 이용하여 IEC61850기반의 리클로저, 액츄에이터, 병합장치를 구현하고 과전류 계전 IED의 성능을 검증하였다.