By Topic

2008 Sixth IEEE International Conference on Software Engineering and Formal Methods

Date 10-14 Nov. 2008

Filter Results

Displaying Results 1 - 25 of 50
  • [Front cover]

    Publication Year: 2008, Page(s): C1
    Request permission for commercial reuse | PDF file iconPDF (545 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2008, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (45 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2008, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (96 KB)
    Freely Available from IEEE
  • [Title page iv]

    Publication Year: 2008, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (91 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2008, Page(s):v - viii
    Request permission for commercial reuse | PDF file iconPDF (134 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2008, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (99 KB) | HTML iconHTML
    Freely Available from IEEE
  • Committees

    Publication Year: 2008, Page(s):x - xi
    Request permission for commercial reuse | PDF file iconPDF (96 KB)
    Freely Available from IEEE
  • list-reviewer

    Publication Year: 2008, Page(s): xii
    Request permission for commercial reuse | PDF file iconPDF (105 KB)
    Freely Available from IEEE
  • Abstract Interpretation in Code Security

    Publication Year: 2008, Page(s): 3
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (222 KB) | HTML iconHTML

    In this tutorial we will consider abstract non-interference as a formal model for reasoning about language based security. Abstract non-interference generalises standard non-interference by modelling the information leaked as abstract properties of concrete computations. In this case abstractions model both the observational capabilities of attackers and the amount of information that may flow bet... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hiding Information in Completeness Holes: New Perspectives in Code Obfuscation and Watermarking

    Publication Year: 2008, Page(s):7 - 18
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (493 KB) | HTML iconHTML

    In this paper we show how abstract interpretation, and more specifically completeness, provides an adequate model for reasoning about code obfuscation and watermarking. The idea is that making a program obscure, or equivalently hiding information in it, corresponds to force an interpreter (the attacker) to become incomplete in its attempts to extract information about the program. Here abstract in... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Nullness Analysis in Boolean Form

    Publication Year: 2008, Page(s):21 - 30
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (369 KB) | HTML iconHTML

    Attempts to dereference null result in an exception or a segmentation fault. Hence it is important to know those program points where this might occur and prove the others (or the entire program) safe. Nullness analysis of computer programs checks or infers non-null annotations for variables and object fields. Most nullness analyses currently use run-time checks or are incorrect or only verify man... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Widening Operators for Abstract Interpretation

    Publication Year: 2008, Page(s):31 - 40
    Cited by:  Papers (6)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (322 KB) | HTML iconHTML

    Interpretation, one of the most applied techniques for semantics based static analysis of software, is based on two main key-concepts: the correspondence between concrete and abstract semantics through Galois connections/insertions, and the feasibility of a fixed point computation of the abstract semantics, through the fast convergence of widening operators. The latter point is crucial to ensure t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Static Analysis of the Determinism of Multithreaded Programs

    Publication Year: 2008, Page(s):41 - 50
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (369 KB) | HTML iconHTML

    Threads communicate implicitly through shared memory. Because of the random interleaving during their parallel execution, nondeterministic behaviors possibly arise that is why multithreaded programming is strictly more difficult than programming in sequential languages. Moreover the random interleaving may lead to subtle bugs, that are really hard to be detected and fixed. We propose a novel deter... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cheap and Small Counterexamples

    Publication Year: 2008, Page(s):53 - 62
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (364 KB) | HTML iconHTML

    Minimal counterexamples are desirable, but expensive to compute. We propose four algorithms for computing small counterexamples that approximate the shortest case. Three of these use a new algorithm for automata-theoretic linear-time model checking, based on an early algorithm by Dijkstra for detecting strongly connected components. All four of the approximation algorithms rely on transitions shuf... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Efficient Model Checking for Duration Calculus Based on Branching-Time Approximations

    Publication Year: 2008, Page(s):63 - 72
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (381 KB) | HTML iconHTML

    Duration Calculus (abbreviated to DC) is an interval-based, metric-time temporal logic designed for reasoning about embedded real-time systems at a high level of abstraction. But the complexity of model checking any decidable fragment featuring both negation and chop, DC's only modality, is non-elementary and thus impractical. We here investigate a similar approximation as frequently employed in m... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Flash-Efficient LTL Model Checking with Minimal Counterexamples

    Publication Year: 2008, Page(s):73 - 82
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (386 KB) | HTML iconHTML

    Solid state disks based on flash memory are an apparent alternative to hard disks for external memory search. Random reads are much faster, while random writes are generally not. In this paper, we illustrate how this influences the time-space trade-offs for scaling semi-external LTL model checking algorithms that request a constant number of bits per state in internal, and full state vectors on ex... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Algebraic View Reconciliation

    Publication Year: 2008, Page(s):85 - 94
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (319 KB) | HTML iconHTML

    Embedded systems such as automotive systems are very complex to specify. Since it is difficult to capture all their requirements or their design in one single model, approaches working with several system views are adopted. The main problem there is to keep these views coherent; the issue is known as view reconciliation. This paper proposes an algebraic solution. It uses sets of integration constr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Compositional Reasoning in Model-Based Verification of Adaptive Embedded Systems

    Publication Year: 2008, Page(s):95 - 104
    Cited by:  Papers (1)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (452 KB) | HTML iconHTML

    Formal verification of adaptive systems allows rigorously proving critical requirements. However, design-level models are in general too complex to be handled by verification tools directly. To counter this problem, we propose to reduce model complexity on design-model level in order to facilitate model-based verification. First, we transfer existing compositional reasoning techniques for foundati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extracting Conditional Confidentiality Policies

    Publication Year: 2008, Page(s):107 - 116
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (360 KB) | HTML iconHTML

    Programs should keep sensitive information, such as medical records, confidential. We present a static analysis that extracts from a program's source code a sound approximation of the most restrictive conditional confidentiality policy that the program obeys. To formalize conditional confidentiality policies, we present a modified definition of noninterference that accommodates runtime information... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Testing Privacy Policies Using Models

    Publication Year: 2008, Page(s):117 - 126
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (534 KB) | HTML iconHTML

    Privacy policies are usually expressed at a high level using languages such as P3P, EPAL, which are independent of applications. To check if a system satisfies a privacy policy requires to link it with the behaviour of the system and its environment. We propose a framework which is based on models to support the automation of testing if a software system meets a policy. In our framework, policies ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Preservation of Proof Pbligations for Hybrid Verification Methods

    Publication Year: 2008, Page(s):127 - 136
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (467 KB) | HTML iconHTML

    Program verification environments increasingly rely on hybrid methods that combine static analyses and verification condition generation. While such verification environments operate on source programs, it is often preferable to achieve guarantees about executable code. We show that, for a hybrid verification method based on numerical static analysis and verification condition generation, compilat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Generalized Model-Based Test Generation Method

    Publication Year: 2008, Page(s):139 - 148
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (370 KB) | HTML iconHTML

    In this paper we present a generalization to the W-method, which can be used for automatically generating test cases.In contrast to the W-method, this generalization allows for test case generation even in the absence of characterization sets for the specification.We give proofs of correctness for this generalization, and show how to derive the original W-method from it as a particular case.Proofs... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Speci?cation-Based Testing for Software Product Lines

    Publication Year: 2008, Page(s):149 - 158
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (526 KB) | HTML iconHTML

    In this paper, we develop a testing theory for specification-based software product line development. Starting with a framework for the evaluation of test cases with respect to formal specifications, we develop a notion of enhancement, which allows to re-use test cases in a horizontal systems development process. In such a process, more and more features are added to an existing software product. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verification-Based Test Case Generation for Full Feasible Branch Coverage

    Publication Year: 2008, Page(s):159 - 168
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (412 KB) | HTML iconHTML

    The goal of this work is to improve the testing of programs that contain loops and complex methods. We achieve this goal with verification-based testing, which is a technique that can generate test cases not only from source code but also from loop invariants and method specifications provided by the user. These test cases ensure the execution of interesting program paths that are likely to be mis... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tagging Make Local Testing of Message-Passing Systems Feasible

    Publication Year: 2008, Page(s):171 - 180
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (364 KB) | HTML iconHTML

    The only practical way to test distributed message-passing systems is to use local testing. In this approach, used in formalisms such as concurrent TTCN-3, some components are replaced by test processes. Local testing consists of monitoring the interactions between these test processes and the rest of the system and comparing these observations with the specification, typically described in terms ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.