Formal Verification of Tokeneer Behaviours Modelled in fUML Using CSP

  • Islam Abdelhalim
  • James Sharp
  • Steve Schneider
  • Helen Treharne
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6447)


Much research work has been done on formalizing UML diagrams, but less has focused on using this formalization to analyze the dynamic behaviours between formalized components. In this paper we propose using a subset of fUML (Foundational Subset for Executable UML) as a semi-formal language, and formalizing it to the process algebraic specification language CSP, to make use of FDR as a model checker. Our formalization includes modelling the asynchronous communication framework used within fUML. This allows different interpretations of the communications model to be evaluated. To illustrate the approach, we use the modelling of the Tokeneer ID Station specifications into fUML, and formalize them in CSP to check if the model is deadlock free.


Model Check Activity Diagram Mapping Rule Event Pool Asynchronous Communication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    OMG: Semantics of a foundational subset for executable UML models (fUML) - (Beta 2) (November 2009),
  2. 2.
    Schneider, S.: Concurrent and Real-Time Systems: the CSP Approach. Wiley, Chichester (1999)Google Scholar
  3. 3.
    Formal Systems Oxford: FDR 2.83 manual (2007)Google Scholar
  4. 4.
    Mellor, S.J., Balcer, M.J.: Executable UML, A Foundation for Model-Driven Architecture. Addison-Wesley, Reading (2002)Google Scholar
  5. 5.
    Turner, E., Treharne, H., Schneider, S., Evans, N.: Automatic generation of CSP∥B skeletons from xUML models. In: Fitzgerald, J.S., Haxthausen, A.E., Yenigun, H. (eds.) ICTAC 2008. LNCS, vol. 5160, pp. 364–379. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Wilkie, I., King, A., Clarke, M., Weaver, C., Raistrick, C., Francis, P.: UML ASL Reference Guide (ASL language level 2.5). Kennedy Carter Ltd. (2003)Google Scholar
  7. 7.
    Barnes, J., Chapman, R., Johnson, R., Widmaier, J., Cooper, D., Everett, B.: Engineering the tokeneer enclave protection software. In: 1st IEEE International Symposium on Secure Software Engineering (March 2006)Google Scholar
  8. 8.
    OMG: Unified modeling language (UML) superstructure (version 2.2) (2009)Google Scholar
  9. 9.
    Hoare, C., Misra, J., Leavens, G.T., Shankar, N.: The verified software initiative: A manifesto. ACM Comput. Surv. 41(4), 1–8 (2009)Google Scholar
  10. 10.
    Johnson, D.: Cost effective software engineering for security. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 607–611. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Woodcock, J., Larsen, P.G., Bicarregui, J., Fitzgerald, J.: Formal methods: Practice and experience. ACM Comput. Surv. 41(4), 1–36 (2009)CrossRefGoogle Scholar
  12. 12.
    Praxis, A.: The Tokeneer Project, (cited August 2009)
  13. 13.
    Barnes, J., Cooper, D.: Tokeneer ID station: Formal Specification. Technical Report S.P1229.41.2, Altran Praxis (August 2008)Google Scholar
  14. 14.
    Woodcock, J., Aydal, E.G.: A token experiment. Festschrifts in Computer Science, the BCS FAC Series, Festschrift for Tony Hoare (2009)Google Scholar
  15. 15.
    Xu, D., Philbert, N., Liu, Z., Liu, W.: Towards formalizing UML activity diagrams in CSP. In: ISCSCT 2008: Proceedings of the 2008 International Symposium on Computer Science and Computational Technology, Washington, DC, USA, pp. 450–453. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  16. 16.
    Xu, D., Miao, H., Philbert, N.: Model checking UML activity diagrams in FDR. In: ICIS 2009: Proceedings of the 2009 Eigth IEEE/ACIS International Conference on Computer and Information Science, Washington, DC, USA, pp. 1035–1040. IEEE Computer Society, Los Alamitos (2009)Google Scholar
  17. 17.
    Goldsmith, M., Armstrong, P.: Personal communication (February 2010)Google Scholar
  18. 18.
    Zakiuddin, I., Moffat, N., O’Halloran, C., Ryan, P.: Chasing events to certify a critical system. Technical report, UK DERA (1998)Google Scholar
  19. 19.
    Cooper, D., Barnes, J.: Tokeneer ID station: System Requirements Specification. Technical Report S.P1229.41.1, Altran Praxis (August 2008)Google Scholar
  20. 20.
    Amalio, N., Stepney, S., Polack, F.: Formal proof from UML models. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 418–433. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Zhao, X., Long, Q., Qiu, Z.: Model checking dynamic UML consistency. In: Liu, Z., He, J. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 440–459. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Ammar, B.B., Bhiri, M.T., Souquières, J.: Incremental development of UML specifications using operation refinements. ISSE 4(3), 259–266 (2008)Google Scholar
  23. 23.
    Cabot, J., Clarisó, R., Riera, D.: Verifying UML/OCL operation contracts. In: Leuschel, M., Wehrheim, H. (eds.) IFM 2009. LNCS, vol. 5423, pp. 40–55. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Pons, C.: Heuristics on the definition of UML refinement patterns. In: Wiedermann, J., Tel, G., Pokorný, J., Bieliková, M., Štuller, J. (eds.) SOFSEM 2006. LNCS, vol. 3831, pp. 461–470. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Ng, M.Y., Butler, M.J.: Tool support for visualizing CSP in UML. In: George, C.W., Miao, H. (eds.) ICFEM 2002. LNCS, vol. 2495, pp. 287–298. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  26. 26.
    Ng, M.Y., Butler, M.: Towards formalizing UML state diagrams in CSP. In: Cerone, A., Lindsay, P. (eds.) 1st IEEE International Conference on Software Engineering and Formal Methods, pp. 138–147. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  27. 27.
    Thierry-Mieg, Y., Hillah, L.M.: UML behavioral consistency checking using instantiable Petri nets. ISSE 4(3), 293–300 (2008)Google Scholar
  28. 28.
    Hansen, H.H., Ketema, J., Luttik, B., Mousavi, M., van de Pol, J.: Towards model checking Executable UML specifications in mCRL2. ISSE, 83–90 (2010)Google Scholar
  29. 29.
    Graw, G., Herrmann, P.: Transformation and verification of Executable UML models. Electron. Notes Theor. Comput. Sci. 101, 3–24 (2004)CrossRefzbMATHGoogle Scholar
  30. 30.
    Xie, F., Levin, V., Browne, J.C.: Model checking for an executable subset of UML. In: ASE 2001: Proceedings of the 16th IEEE International Conference on Automated Software Engineering, p. 333. IEEE Computer Society, Los Alamitos (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Islam Abdelhalim
    • 1
  • James Sharp
    • 1
  • Steve Schneider
    • 1
  • Helen Treharne
    • 1
  1. 1.Department of ComputingUniversity of SurreyUK

Personalised recommendations