PVS: Combining Specification, Proof Checking, and Model Checking
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))
Specifying and checking method call sequences of Java programs
Software Quality Control
ConSpec -- A Formal Language for Policy Specification
Electronic Notes in Theoretical Computer Science (ENTCS)
Provably Correct Runtime Monitoring
FM '08 Proceedings of the 15th international symposium on Formal Methods
JAG: JML annotation generation for verifying temporal properties
FASE'06 Proceedings of the 9th international conference on Fundamental Approaches to Software Engineering
On the interplay between the semantics of Java's finally clauses and the JML run-time checker
Proceedings of the 11th International Workshop on Formal Techniques for Java-like Programs
Hi-index | 0.00 |
Security automata are a convenient way to describe security policies. Their typical use is to monitor the execution of an application, and to interrupt it as soon as the security policy is violated. However, run-time adherence checking is not always convenient. Instead, we aim at developing a technique to verify adherence to a security policy statically. To do this, we consider a security automaton as specification, and we generate JML annotations that inline the monitor --- as a specification --- into the application. We describe this translation and prove preservation of program behaviour, i.e. , if monitoring does not reveal a security violation, the generated annotations are respected by the program. The correctness proofs are formalised using the PVS theorem prover. This reveals several subtleties to be considered in the definition of the translation algorithm and in the program requirements.