Correctness of Service Components and Service Component Ensembles

  • Jacques Combaz
  • Saddek Bensalem
  • Francesco Tiezzi
  • Andrea Margheri
  • Rosario Pugliese
  • Jan Kofroň
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8998)


Nowadays, cyber-physical systems consist of a large and possibly unbounded number of nodes operating in a partially unknown environment to which they need to adapt. They also have strong requirements in terms of performances, resource usage, reliability, or security. To face this inherent complexity it is crucial to develop adequate tools and underlying models to analyze these properties at design time. Proposed models must be able to capture essential aspects of the behavior (e.g. interactions between the components, adaptive behavior, uncertain or changing environments), and the corresponding analysis techniques can only succeed if they exploit as much as possible the specific structure of the considered systems (e.g. large replication of the same component, hierarchical compositions). We consider qualitative analyses targeting boolean properties stating that the system behaves without any flaw, as well as quantitative analyses that evaluate expected performances according to predefined metrics (energy/memory consumption, average/maximum time to accomplish a task, probability to fulfil a goal, etc.). We also address security specific issues such as control policies and information flow.


Formal methods Verification Model-Checking 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Intelligent robots for improving the quality of life,
  2. 2.
  3. 3.
  4. 4.
  5. 5.
    Accorsi, R., Lehmann, A.: Automatic information flow analysis of business process models. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 172–187. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Alur, R.: Timed automata. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 8–22. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Alur, R., Courcoubetis, C., Dill, D.L., Halbwachs, N., Wong-Toi, H.: An implementation of three algorithms for timing verification based on automata emptiness. In: RTSS, pp. 157–166 (1992)Google Scholar
  8. 8.
    Alur, R., Dill, D.L.: A theory of timed automata. Theor. Comput. Sci. 126(2), 183–235 (1994)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    Astefanoaei, L., Rayana, S.B., Bensalem, S., Bozga, M., Combaz, J.: Compositional invariant generation for timed systems. Tech. Rep. TR-2013-5, Verimag Research ReportGoogle Scholar
  10. 10.
    Baier, C., Katoen, J.P.: Principles of Model Checking (Representation and Mind Series). MIT Press, Cambridge (2008)Google Scholar
  11. 11.
    Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from uml models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15 (2006)Google Scholar
  12. 12.
    Basu, A., Bensalem, S., Bozga, M., Combaz, J., Jaber, M., Nguyen, T.H., Sifakis, J.: Rigorous component-based design using the BIP framework. IEEE Software Special Edition – Software Components beyond Programming – from Routines to Services 28(3), 41–48 (2011)CrossRefGoogle Scholar
  13. 13.
    Bell, E.D., La Padula, J.L.: Secure computer system: Unified exposition and multics interpretation (1976)Google Scholar
  14. 14.
    Bensalem, S., Bozga, M., Sifakis, J., Nguyen, T.-H.: Compositional verification for component-based systems and application. In: Cha, S(S.), Choi, J.-Y., Kim, M., Lee, I., Viswanathan, M. (eds.) ATVA 2008. LNCS, vol. 5311, pp. 64–79. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Bensalem, S., Boyer, B., Bozga, M., Legay, A.: Incremental generation of linear invariants for component-based systems. Tech. Rep. TR-2012-15, Verimag Research Report (2012),
  16. 16.
    Bensalem, S., Bozga, M., Legay, A., Nguyen, T.H., Sifakis, J., Yan, R.: Incremental component-based construction and verification using invariants. In: FMCAD’10 (2010)Google Scholar
  17. 17.
    Bensalem, S., Bozga, M., Delahaye, B., Jegourel, C., Legay, A., Nouri, A.: Statistical model checking qoS properties of systems with SBIP. In: Margaria, T., Steffen, B. (eds.) ISoLA 2012, Part I. LNCS, vol. 7609, pp. 327–341. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Bensalem, S., Bozga, M., Sifakis, J., Nguyen, T.H.: Compositional verification for component-based systems and application. In: Cha, S(S.), Choi, J.-Y., Kim, M., Lee, I., Viswanathan, M. (eds.) ATVA 2008. LNCS, vol. 5311, pp. 64–79. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Bensalem, S., Griesmayer, A., Legay, A., Nguyen, T.-H., Sifakis, J., Yan, R.: D-finder 2: Towards efficient correctness of incremental design. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 453–458. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Bensalem, S., Legay, A., Nguyen, T.H., Sifakis, J., Yan, R.: Incremental invariant generation for compositional design. In: TASE (2010)Google Scholar
  21. 21.
    Bensalem, S., Bozga, M., Nguyen, T.-H., Sifakis, J.: D-Finder: A tool for compositional deadlock detection and verification. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 614–619. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Bertolino, A., Daoudagh, S., Lonetti, F., Marchetti, E.: The X-CREATE Framework - A Comparison of XACML Policy Testing Strategies. In: WEBIST, pp. 155–160. SciTePress (2012)Google Scholar
  23. 23.
    Bertuccelli, L.F., How, J.P.: Robust Markov decision processes using sigma point sampling. In: American Control Conference (ACC), 11-13 June 2008, pp. 5003–5008 (2008)Google Scholar
  24. 24.
    BIP – incremental component-based construction of real-time systems,
  25. 25.
    Bonakdarpour, B., Bozga, M., Quilbeuf, J.: Model-based implementation of distributed systems with priorities. Design Autom. for Emb. Sys. 17(2), 251–276 (2013), doi:10.1007/s10617-012-9091-0CrossRefGoogle Scholar
  26. 26.
    Bonani, M., Longchamp, V., Magnenat, S., R\’etornaz, P., Burnier, D., Roulet, G., Vaussard, F., Bleuler, H., Mondada, F.: The MarXbot, a Miniature Mobile Robot Opening new Perspectives for the Collective-robotic Research. In: International Conference on Intelligent Robots and Systems (IROS), 2010 IEEE/RSJ, pp. 4187–4193. IEEE Press, Los Alamitos (2010), CrossRefGoogle Scholar
  27. 27.
    Bozga, M., Jaber, M., Maris, N., Sifakis, J.: Modeling dynamic architectures using dy-bip. In: Gschwind, T., De Paoli, F., Gruhn, V., Book, M. (eds.) SC 2012. LNCS, vol. 7306, pp. 1–16. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  28. 28.
    Bozga, M., Jaber, M., Sifakis, J.: Source-to-source architecture transformation for performance optimization in BIP. IEEE Trans. Industrial Informatics 6(4), 708–718 (2010), doi:10.1109/TII.2010.2069102CrossRefGoogle Scholar
  29. 29.
    Bures, T., Gerostathopoulos, I., Horky, V., Keznikl, J., Kofron, J., Loreti, M., Plasil, F.: Language Extensions for Implementation-Level Conformance Checking. In: ASCENS Deliverable D1.5 (2012)Google Scholar
  30. 30.
    Clarke, E.M., Klieber, W., Nováček, M., Zuliani, P.: Model checking and the state explosion problem. In: Meyer, B., Nordio, M. (eds.) LASER 2011. LNCS, vol. 7682, pp. 1–30. Springer, Heidelberg (2012), doi:10.1007/978-3-642-35746-6_1CrossRefGoogle Scholar
  31. 31.
    Clarke, E., Grumberg, O., Peled, D.: Model checking. MIT Press, Cambridge (1999)Google Scholar
  32. 32.
    David, A., Larsen, K.G., Legay, A., Møller, M.H., Nyman, U., Ravn, A.P., Skou, A., Wasowski, A.: Compositional verification of real-time systems using Ecdar. STTT (2012)Google Scholar
  33. 33.
    De Nicola, R., Latella, D., Lafuente, A.L., Loreti, M., Margheri, A., Massink, M., Morichetta, A., Pugliese, R., Tiezzi, F., Vandin, A.: The SCEL Language: Design, Implementation, Verification. In: Wirsing, M., Hölzl, M., Koch, N., Mayer, P. (eds.) Software Engineering for Collective Autonomic Systems. LNCS, vol. 8998, pp. 3–71. Springer, Heidelberg (2015)Google Scholar
  34. 34.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM pp. 504–513 (1977)Google Scholar
  35. 35.
    FACPL Website (2013),
  36. 36.
    Focardi, R., Gorrieri, R., Martinelli, F.: Classification of security properties. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2001. LNCS, vol. 2946, pp. 139–185. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  37. 37.
    Forejt, V., Kwiatkowska, M., Parker, D.: Pareto curves for probabilistic model checking. In: Chakraborty, S., Mukund, M. (eds.) ATVA 2012. LNCS, vol. 7561, pp. 317–332. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  38. 38.
    Frau, S., Gorrieri, R., Ferigato, C.: Petri net security checker: Structural non-interference at work. In: Degano, P., Guttman, J.D., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 210–225. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  39. 39.
    Goguen, J.A., Meseguer, J.: Security policy and security models. In: Proceedings of 1982 Symposium on Security and Privecy, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)CrossRefGoogle Scholar
  40. 40.
    Henzinger, T.A., Nicollin, X., Sifakis, J., Yovine, S.: Symbolic model checking for real-time systems. Inf. Comput. 111(2), 193–244 (1994), doi:10.1006/inco.1994.1045CrossRefzbMATHMathSciNetGoogle Scholar
  41. 41.
    Hutter, D., Volkamer, M.: Information flow control to secure dynamic web service composition. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 196–210. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  42. 42.
    Jones, C.B.: Specification and design of (parallel) programs. pp. 321–332 (1983)Google Scholar
  43. 43.
  44. 44.
    JPF-LTL: An extension to JPF for checking LTL,
  45. 45.
    Kuhn, D.R.: Role based access control on mls systems without kernel changes. In: Proceedings of the ACM Workshop on Role Based Access Control, pp. 25–32 (1998)CrossRefGoogle Scholar
  46. 46.
    Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: Verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585–591. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  47. 47.
    Lin, S.-W., Liu, Y., Hsiung, P.-A., Sun, J., Dong, J.S.: Automatic generation of provably correct embedded systems. In: Aoki, T., Taguchi, K. (eds.) ICFEM 2012. LNCS, vol. 7635, pp. 214–229. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  48. 48.
    Mantel, H.: Possibilistic definitions of security - an assembly kit. In: Proceedings of the 13th IEEE workshop on Computer Security Foundations (CSFW ’00), p. 185. IEEE Computer Society Press, Los Alamitos (2000)CrossRefGoogle Scholar
  49. 49.
    Margheri, A., Masi, M., Pugliese, R., Tiezzi, F.: Developing and enforcing policies for access control, resource usage, and adaptation. In: Tuosto, E., Chun, O. (eds.) WS-FM 2013. LNCS, vol. 8379, pp. 85–105. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  50. 50.
    Margheri, A., Pugliese, R., Tiezzi, F.: Linguistic Abstractions for Programming and Policing Autonomic Computing Systems. In: UIC/ATC, pp. 404–409. IEEE Computer Society Press, Los Alamitos (2013)Google Scholar
  51. 51.
    McCullough, D.: Noninterference and the composability of security properties. In: Proceedings of the 1988 IEEE conference on Security and privacy (SP’88), pp. 177–186. IEEE Computer Society Press, Los Alamitos (1988)CrossRefGoogle Scholar
  52. 52.
    McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: Proceedings of the 1994 IEEE Symposium on Security and Privacy (SP ’94), p. 79. IEEE Computer Society Press, Los Alamitos (1994)CrossRefGoogle Scholar
  53. 53.
    Misra, J., Chandy, K.M.: Proofs of networks of processes. IEEE Transactions on Software Engineering 7(4), 417–426 (1981)CrossRefzbMATHMathSciNetGoogle Scholar
  54. 54.
    OASIS XACML TC: eXtensible Access Control Markup Language (XACML) version 3.0 - Candidate OASIS Standard (September 2012)Google Scholar
  55. 55.
    Pinciroli, C., Bonani, M., Mondada, F., Dorigo, M.: Adaptation and Awareness in Robot Ensembles: Scenarios and Algorithms. In: Wirsing, M., Hölzl, M., Koch, N., Mayer, P. (eds.) Software Engineering for Collective Autonomic Systems. LNCS, vol. 8998, pp. 471–494. Springer, Heidelberg (2015)Google Scholar
  56. 56.
    Pinciroli, C., Trianni, V., O’Grady, R., Pini, G., Brutschy, A., Brambilla, M., Mathews, N., Ferrante, E., Caro, G.D., Ducatelle, F., Birattari, M., Gambardella, L.M., Dorigo, M.: Argos: a modular, parallel, multi-engine simulator for multi-robot systems. Swarm Intelligence 6(4), 271–295 (2012)CrossRefGoogle Scholar
  57. 57.
    Pnueli, A.: In transition from global to modular temporal reasoning about programs. In: Apt, K. (ed.) Logics and Models of Concurrent Systems, pp. 123–144. Springer, New York (1984)Google Scholar
  58. 58.
    Queille, J.P., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol. 137, pp. 337–351. Springer, Heidelberg (1982)CrossRefGoogle Scholar
  59. 59.
    Rushby, J.: Noninterference, transitivity, and channel-control security policies. Tech. rep. (December 1992),
  60. 60.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on selected areas in communications 21(1) (2003)Google Scholar
  61. 61.
    Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. Higher Order Symbol. Comput. 14(1), 59–91 (2001)CrossRefzbMATHGoogle Scholar
  62. 62.
    Sandhu, R., Munawer, Q.: How to do discretionary access control using roles. In: RBAC ’98 Proceedings of the third ACM workshop on Role-based access control, pp. 47–54. ACM Press, New York (1998)CrossRefGoogle Scholar
  63. 63.
    Shen, J.-j., Qing, S., Shen, Q., Li, L.: Covert channel identification founded on information flow analysis. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3802, pp. 381–387. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  64. 64.
    Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages (POPL ’98), pp. 355–364. ACM Press, New York (1998)CrossRefGoogle Scholar
  65. 65.
    Verma, D.C.: Service level agreements on IP networks. Proceedings of the IEEE 92(9), 1382–1388 (2004)CrossRefGoogle Scholar
  66. 66.
    Yi, W., Pettersson, P., Daniels, M.: Automatic verification of real-time communicating systems by constraint-solving. In: FORTE, pp. 243–258 (1994)Google Scholar
  67. 67.
    Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy (SP ’97), p. 94. IEEE Computer Society Press, Los Alamitos (1997)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jacques Combaz
    • 1
  • Saddek Bensalem
    • 1
  • Francesco Tiezzi
    • 2
  • Andrea Margheri
    • 3
  • Rosario Pugliese
    • 3
  • Jan Kofroň
    • 4
  1. 1.UJF-VerimagGrenobleFrance
  2. 2.IMT Institute for Advanced Studies LuccaItaly
  3. 3.Università degli Studi di FirenzeItaly
  4. 4.Charles UniversityPragueCzech Republic

Personalised recommendations