The Journal of Logic and Algebraic Programming, May 1, 2009
The fast evolution of the Internet has popularized service-oriented architectures with their prom... more The fast evolution of the Internet has popularized service-oriented architectures with their promise of dynamic ITsupported inter-business collaborations. Realizing this promise involves integrating services which are geographically distant and are offered by a variety of organizations which do not fully trust each other. Indeed, collaboration presumes a minimum level of mutual trust. Wherever trust is perceived as insufficient, business people turn to contracts as a mechanism to reduce risks. The ability to negotiate contracts (e.g. with respect to quality of service, security, and distribution of information) and to provide services based on them is therefore one of the most pressing needs to make collaborations a reality. High-level models of contracts are slowly making their way into service-oriented architectures, but application developers are still left to their own devices when it comes to writing code that will comply with a contract concluded just before service provision. At the programming language level, contracts appear as separate concerns that crosscut through application logic. The aim of this workshop is to bring together researchers and practitioners working on language-based solutions to the above problem through the formalization of contracts, the design of appropriate abstraction mechanisms that would guide the developer in the production of contract-aware applications, and formal analysis of such contract languages/software. The scope of FLACOS'07 has been established around contracts and targets the following research directions: Formal languages for contracts; Contract-oriented software development; Formal analysis of contracts, including static analysis, runtime verification, and model checking techniques; Contract synthesis; Contract transformation and contract refinement; Contract negotiation, discovery and monitoring.
Late binding allows flexible code reuse but complicates formal reasoning significantly, as a meth... more Late binding allows flexible code reuse but complicates formal reasoning significantly, as a method call's receiver class is not statically known. This is especially true when programs are incrementally developed by extending class hierarchies. This report develops a novel method to reason about late bound method calls. In contrast to traditional behavioral subtyping, reverification is avoided without restricting method overriding to fully behavior-preserving redefinition. The approach ensures that when analyzing the methods of a class, it suffices to consider that class and its superclasses. Thus, the full class hierarchy is not needed, and incremental reasoning is supported. We formalize this approach as a calculus which lazily imposes context-dependent subtyping constraints on method definitions. The calculus ensures that all method specifications required by late bound calls remain satisfied when new classes extend a class hierarchy. The calculus does not depend on a specific program logic, but the examples in the report use a Hoare-style proof system. We show soundness of the analysis method.
The use of general descriptive names, registered names, trademarks, etc. in this publication does... more The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.
New distributed systems in computing technology are appearing on the market day by day. Consequen... more New distributed systems in computing technology are appearing on the market day by day. Consequently, new security and privacy challenges arise when designing these systems. These challenges demand a need to look for comprehensive and more precise approaches that can provide higher levels of security, privacy, and trust from the design phase in these systems. In order to develop systems including open distributed systems, we need techniques and tools for specification, design, and code generation. For the initial ideas of such systems, it is desirable to use graphical notations, so that ideas can easily be understood. This is relevant for the early design phase. Once the ideas are agreed upon, it is then desirable to have a formal basis for the specifications of the desired system, in order to support rigorous reasoning about specifications and designs. This can be done in the late design phase. Existing documents for security and privacy requirements and functionalities in IoT systems lack some of the security functionalities, and in particular, they do not focus on privacy issues or are presented only in textual form, without defining a framework. Structures of these documents are also complicated. Systems are often made without the help of security and privacy experts. So a comprehensive graphical representation framework is needed and should be easy to follow, even for non-experts. Formal methods have come into wide use in the design and verification of safety, security, and privacy of systems in the industry, because they are very effective in verifying safety, security, and privacy requirements of systems, requirements for which testing is mostly ineffective. Formal verification techniques can guarantee that a design is free of specific flaws. Provability of IoT and distributed systems depends on the language used to model the system, its semantics, and the kind of system properties to prove and the techniques used to verify them. One may take a bottom-up approach, starting with low level languages in use, or one i This thesis would have been impossible without the support and mentoring of my main supervisor Olaf Owe. I would like to express my deep gratitude to him for his priceless time and help whenever I needed. I am grateful for his continuous encouragement, inspiration, patient guidance, fruitful discussions, constructive and constant cooperations, and optimism throughout this work, and for all the knowledge I have learned from him. I am also grateful for his great friendship and for teaching me various things of life. I would like to express my special thanks to my cosupervisor Josef Noll for his great help and support, critical suggestions, patient guidance, and active collaboration in various papers. I would also like to thank Martin Steffen for his constructive and useful feedbacks, comments, discussions, interesting lectures, and for all his help whenever I needed. I would like to thank my graduate committee members, Jüri Vain, Svetlana Boudko, and Paal Engelstad for their great feedbacks, help, and encouragement. I also thank Toktam Ramezanifarkhani and Christian Johansen for their feedbacks and guidance during this research. I would like to thank everybody involved in the IOTSEC project, in particular I thank Habtamu Abie for his great help, support, encouragement, and constructive feedbacks. I am grateful for all the great assistance and facilities provided by the administration staff and the technical support at the
From Object-orientation To Formal Methods: Essays In Memory Of Ole-johan Dahl (LECTURE NOTES IN COMPUTER SCIENCE)
Springer eBooks, Apr 1, 2004
... 8 Olaf Owe, Stein Krogdahl, and Tom Lyche The Birth of Object Orientation: the Simula Languag... more ... 8 Olaf Owe, Stein Krogdahl, and Tom Lyche The Birth of Object Orientation: the Simula Languages..... ... 58 Dines Bjørner Distributed Concurrent Object-Oriented Software..... 83 Manfred Broy Composing Hidden Information Modules over Inclusive Institutions..... ...
We propose a new and systematic framework for proof reuse in the context of deductive software ve... more We propose a new and systematic framework for proof reuse in the context of deductive software verification. The framework generalizes abstract contracts into incremental proof repositories. Abstract contracts enable a separation of concern between called methods and their implementations, facilitating proof reuse. Proof repositories allow the systematic caching of partial proofs that can be adapted to different method implementations. The framework provides flexible support for verification-in-the-large in the context of, e.g., partly developed programs, evolution of programs and contracts, and product variability. Partly funded by the EU project H2020-644298 HyVar: Scalable Hybrid Variability for Distributed Evolving Software Systems (www.hyvar-project.eu), the EU project FP7-610582 Envisage: Engineering Virtualized Services (www.envisage-project.eu), the Ateneo/CSP project RunVar, and the ICT COST Actions IC1402 ARVI (www.cost-arvi.eu) and IC1201 BETTY (www.behavioural-types.eu).
We introduce Dynamic SOS as a framework for describing semantics of programming languages that in... more We introduce Dynamic SOS as a framework for describing semantics of programming languages that include dynamic software upgrades. Dynamic SOS is built on top of the Modular SOS of P. Mosses, with an underlying category theory formalization. Dynamic SOS wants to bring out the essential differences between dynamic upgrade constructs and execution constructs. The important feature of Modular SOS that we exploit in our framework is the sharp separation of the program code from the additional data structures needed at run-time. We exemplify Dynamic SOS on the C-like Proteus language and the concurrent object-oriented Creol language. On the way we introduce a construction on Modular SOS useful in the setting of the concurrent objects of Creol, where the executing code is running inside the object. This "encapsulating construction" may be used in any situation where a form of encapsulation of the execution is needed.
We propose a flexible framework for modeling of distributed systems, supporting evolution by mean... more We propose a flexible framework for modeling of distributed systems, supporting evolution by means of unrestricted modifications in such systems, and with support of verification and re-verification. We focus on the setting of concurrent and object-oriented programs, and consider a core high-level modeling language supporting active, concurrent objects. We show that our framework can deal with verification of software changes that are not possible to verify in comparable frameworks. We demonstrate the approach by variations over a simple example.
Selected papers from the 11th Workshop on Specification of Abstract Data Types Joint with the 8th COMPASS Workshop on Recent Trends in Data Type Specification
From object-orientation to formal methods : essays in memory of Ole-Johan Dahl
Springer eBooks, 2004
... 8 Olaf Owe, Stein Krogdahl, and Tom Lyche The Birth of Object Orientation: the Simula Languag... more ... 8 Olaf Owe, Stein Krogdahl, and Tom Lyche The Birth of Object Orientation: the Simula Languages..... ... 58 Dines Bjørner Distributed Concurrent Object-Oriented Software..... 83 Manfred Broy Composing Hidden Information Modules over Inclusive Institutions..... ...
Security and Privacy in IoT Systems: A Case Study of Healthcare Products
Internet of Things (IoT) is facilitated by heterogeneous technologies, which contribute to the pr... more Internet of Things (IoT) is facilitated by heterogeneous technologies, which contribute to the providing of innovative services in a large number of application domains. The satisfaction of security and privacy requirements in this scenario are becoming a main challenge for IoT systems and their developers. Nevertheless, most works on IoT security and privacy requirements look at these requirements from a high level view. Hence, important aspects of security and privacy functionalities will be disregarded, causing wrong design decisions. To combat this problem, in our previous work, we summarized the most current documents related to security and privacy functionalities in the setting of IoT and provided a new taxonomy framework that organizes all aspects of security and privacy baselines, guidelines and recommendations. To give an understanding of how the framework can help to improve security and privacy of IoT products, and help to facilitate developing and designing secure and privacy-aware IoT systems, in this paper we delve deeper and demonstrate the usefulness of the framework by a case study of healthcare products, in combination with a recent security classification method.
Journal of logical and algebraic methods in programming, Feb 1, 2019
Distributed systems are challenging to design properly and prove correctly due to their heterogen... more Distributed systems are challenging to design properly and prove correctly due to their heterogeneous and distributed nature. These challenges depend on the programming paradigms used and their semantics. The actor paradigm has the advantage of offering a modular semantics, which is useful for compositional design and analysis. Shared variable concurrency and race conditions are avoided by means of asynchronous message passing. The object-oriented paradigm is popular due to its facilities for program structuring and reuse of code. These paradigms have been combined by means of concurrent objects where remote method calls are transmitted by message passing and where low-level synchronization primitives are avoided. Such kinds of objects may exhibit active behavior and are often called active objects. In this setting the concept of futures is central and is used by a number of languages. Futures offer a flexible way of communicating and sharing computation results. However, futures come with a cost, for instance with respect to the underlying implementation support, including garbage collection. In particular this raises a problem for IoT systems. The purpose of this paper is to reconsider and discuss the future mechanism and compare this mechanism to other alternatives, evaluating factors such as expressiveness, efficiency, as well as syntactic and semantic complexity including ease of reasoning. We limit the discussion to the setting of imperative, active objects and explore the various mechanisms and their weaknesses and advantages. A surprising result (at least to the authors) is that the need of futures in this setting seems to be overrated.
The Journal of Logic and Algebraic Programming, Aug 1, 2009
This issue of JLAP is devoted to selected papers from the 19th Nordic Workshop on Programming The... more This issue of JLAP is devoted to selected papers from the 19th Nordic Workshop on Programming Theory (NWPT 2007). The workshop took place in Oslo, Norway, in the period 10-12 October 2007 and attracted 52 participants from eight countries. The NWPT series of annual workshops brings together researchers in programming theory from the Nordic and Baltic countries, but also from elsewhere. The papers in this volume reflect the range of contributions to NWPT 2007. They explore different areas of research in the theoretical underpinnings of the science of programming and in their applications. We thank the colleagues who submitted papers to the special issue, the expert referees who devoted their time and effort to the evaluation of the submissions and all of the participants in the workshop for their contributions to the meeting and to the special issue. NWPT'07 was partially supported by the EU project CREDO: Modeling and analysis of evolutionary structures for distributed services (IST-33826), and the Nordunet3 project COSoDIS. We further thank the Department of Informatics, University of Oslo, for financial support, and the members of the PMA group at the department for help in organizing the workshop.
Information-Flow Control by Means of Security Wrappers for Active Object Languages with Futures
Springer eBooks, 2021
This paper introduces a run-time mechanism for preventing leakage of secure information in distri... more This paper introduces a run-time mechanism for preventing leakage of secure information in distributed systems. We consider a general concurrency language model where concurrent objects interact by asynchronous method calls and futures. The aim is to prevent leakage of secure information to low-level viewers. The approach is based on a notion of security wrappers, where a wrapper encloses an object or a component and controls its interactions with the environment. Our run-time system automatically adds a wrapper to an insecure component.The wrappers are invisible such that a wrapped component and its environment are not aware of it. The security policies of a wrapper are formalized based on a notion of security levels. At run-time, future components will be wrapped upon need, and objects of unsafe classes will be wrapped, using static checking to limit the number of unsafe classes and thereby reducing run-time overhead. We define an operational semantics and sketch a proof of non-interference. A service provider may use wrappers to protect its services in an insecure environment, and vice-versa: a system platform may use wrappers to protect itself from insecure service providers
Summary of: An Evaluation of Interaction Paradigms for Active Objects
Lecture Notes in Computer Science, 2019
This short paper summarises the contributions published in [1]. The purpose of this paper is to c... more This short paper summarises the contributions published in [1]. The purpose of this paper is to compare communication paradigms of active object languages considering expressiveness, efficiency, syntactic and semantic complexity including ease of reasoning.
Uploads
Papers by Olaf Owe