885 lines
38 KiB
BibTeX
885 lines
38 KiB
BibTeX
|
@STRING{pub-springer={Springer} }
|
|||
|
@STRING{pub-springer:adr="" }
|
|||
|
@STRING{s-lncs = "LNCS" }
|
|||
|
|
|||
|
@Manual{ wenzel:isabelle-isar:2017,
|
|||
|
title = {The Isabelle/Isar Reference Manual},
|
|||
|
author = {Makarius Wenzel},
|
|||
|
year = 2017,
|
|||
|
note = {Part of the Isabelle distribution.}
|
|||
|
}
|
|||
|
|
|||
|
@Book{ adler:r:2010,
|
|||
|
abstract = {Presents a guide to the R computer language, covering such
|
|||
|
topics as the user interface, packages, syntax, objects,
|
|||
|
functions, object-oriented programming, data sets, lattice
|
|||
|
graphics, regression models, and bioconductor.},
|
|||
|
added-at = {2013-01-10T22:39:38.000+0100},
|
|||
|
address = {Sebastopol, CA},
|
|||
|
author = {Adler, Joseph},
|
|||
|
isbn = {9780596801700 059680170X},
|
|||
|
keywords = {R},
|
|||
|
publisher = {O'Reilly},
|
|||
|
refid = 432987461,
|
|||
|
title = {R in a nutshell},
|
|||
|
year = 2010
|
|||
|
}
|
|||
|
|
|||
|
@InCollection{ wenzel.ea:building:2007,
|
|||
|
abstract = {We present the generic system framework of
|
|||
|
Isabelle/Isarunderlying recent versions of Isabelle. Among
|
|||
|
other things, Isar provides an infrastructure for Isabelle
|
|||
|
plug-ins, comprising extensible state components and
|
|||
|
extensible syntax that can be bound to tactical ML
|
|||
|
programs. Thus the Isabelle/Isar architecture may be
|
|||
|
understood as an extension and refinement of the
|
|||
|
traditional LCF approach, with explicit infrastructure for
|
|||
|
building derivative systems. To demonstrate the technical
|
|||
|
potential of the framework, we apply it to a concrete
|
|||
|
formalmethods tool: the HOL-Z 3.0 environment, which is
|
|||
|
geared towards the analysis of Z specifications and formal
|
|||
|
proof of forward-refinements.},
|
|||
|
author = {Makarius Wenzel and Burkhart Wolff},
|
|||
|
booktitle = {TPHOLs 2007},
|
|||
|
editor = {Klaus Schneider and Jens Brandt},
|
|||
|
language = {USenglish},
|
|||
|
acknowledgement={none},
|
|||
|
pages = {352--367},
|
|||
|
publisher = pub-springer,
|
|||
|
address = pub-springer:adr,
|
|||
|
number = 4732,
|
|||
|
series = s-lncs,
|
|||
|
title = {Building Formal Method Tools in the {Isabelle}/{Isar}
|
|||
|
Framework},
|
|||
|
doi = {10.1007/978-3-540-74591-4_26},
|
|||
|
year = 2007
|
|||
|
}
|
|||
|
|
|||
|
@Misc{ w3c:ontologies:2015,
|
|||
|
title = {Ontologies},
|
|||
|
organisation = {W3c},
|
|||
|
url = {https://www.w3.org/standards/semanticweb/ontology},
|
|||
|
year = 2018
|
|||
|
}
|
|||
|
|
|||
|
@Book{ boulanger:cenelec-50128:2015,
|
|||
|
author = {Boulanger, Jean-Louis},
|
|||
|
title = {{CENELEC} 50128 and {IEC} 62279 Standards},
|
|||
|
publisher = {Wiley-ISTE},
|
|||
|
year = 2015,
|
|||
|
address = {Boston},
|
|||
|
note = {The reference on the standard.}
|
|||
|
}
|
|||
|
|
|||
|
@Booklet{ cc:cc-part3:2006,
|
|||
|
bibkey = {cc:cc-part3:2006},
|
|||
|
key = {Common Criteria},
|
|||
|
institution = {Common Criteria},
|
|||
|
language = {USenglish},
|
|||
|
month = sep,
|
|||
|
year = 2006,
|
|||
|
public = {yes},
|
|||
|
title = {Common Criteria for Information Technology Security
|
|||
|
Evaluation (Version 3.1), {Part} 3: Security assurance
|
|||
|
components},
|
|||
|
note = {Available as document
|
|||
|
\href{http://www.commoncriteriaportal.org/public/files/CCPART3V3.1R1.pdf}
|
|||
|
{CCMB-2006-09-003}},
|
|||
|
number = {CCMB-2006-09-003},
|
|||
|
acknowledgement={brucker, 2007-04-24}
|
|||
|
}
|
|||
|
|
|||
|
@Book{ nipkow.ea:isabelle:2002,
|
|||
|
author = {Tobias Nipkow and Lawrence C. Paulson and Markus Wenzel},
|
|||
|
title = {Isabelle/HOL---A Proof Assistant for Higher-Order Logic},
|
|||
|
publisher = pub-springer,
|
|||
|
address = pub-springer:adr,
|
|||
|
series = s-lncs,
|
|||
|
volume = 2283,
|
|||
|
doi = {10.1007/3-540-45949-9},
|
|||
|
abstract = {This book is a self-contained introduction to interactive
|
|||
|
proof in higher-order logic (\acs{hol}), using the proof
|
|||
|
assistant Isabelle2002. It is a tutorial for potential
|
|||
|
users rather than a monograph for researchers. The book has
|
|||
|
three parts.
|
|||
|
|
|||
|
1. Elementary Techniques shows how to model functional
|
|||
|
programs in higher-order logic. Early examples involve
|
|||
|
lists and the natural numbers. Most proofs are two steps
|
|||
|
long, consisting of induction on a chosen variable followed
|
|||
|
by the auto tactic. But even this elementary part covers
|
|||
|
such advanced topics as nested and mutual recursion. 2.
|
|||
|
Logic and Sets presents a collection of lower-level tactics
|
|||
|
that you can use to apply rules selectively. It also
|
|||
|
describes Isabelle/\acs{hol}'s treatment of sets, functions
|
|||
|
and relations and explains how to define sets inductively.
|
|||
|
One of the examples concerns the theory of model checking,
|
|||
|
and another is drawn from a classic textbook on formal
|
|||
|
languages. 3. Advanced Material describes a variety of
|
|||
|
other topics. Among these are the real numbers, records and
|
|||
|
overloading. Advanced techniques are described involving
|
|||
|
induction and recursion. A whole chapter is devoted to an
|
|||
|
extended example: the verification of a security protocol. },
|
|||
|
year = 2002,
|
|||
|
acknowledgement={brucker, 2007-02-19},
|
|||
|
bibkey = {nipkow.ea:isabelle:2002},
|
|||
|
tags = {noTAG},
|
|||
|
clearance = {unclassified},
|
|||
|
timestap = {2008-05-26}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ wenzel:asynchronous:2014,
|
|||
|
author = {Makarius Wenzel},
|
|||
|
title = {Asynchronous User Interaction and Tool Integration in
|
|||
|
Isabelle/{PIDE}},
|
|||
|
booktitle = {Interactive Theorem Proving (ITP)},
|
|||
|
pages = {515--530},
|
|||
|
year = 2014,
|
|||
|
crossref = {klein.ea:interactive:2014},
|
|||
|
doi = {10.1007/978-3-319-08970-6_33},
|
|||
|
timestamp = {Sun, 21 May 2017 00:18:59 +0200},
|
|||
|
abstract = { Historically, the LCF tradition of interactive theorem
|
|||
|
proving was tied to the read-eval-print loop, with
|
|||
|
sequential and synchronous evaluation of prover commands
|
|||
|
given on the command-line. This user-interface technology
|
|||
|
was adequate when R. Milner introduced his LCF proof
|
|||
|
assistant in the 1970-ies, but it severely limits the
|
|||
|
potential of current multicore hardware and advanced IDE
|
|||
|
front-ends.
|
|||
|
|
|||
|
Isabelle/PIDE breaks this loop and retrofits the
|
|||
|
read-eval-print phases into an asynchronous model of
|
|||
|
document-oriented proof processing. Instead of feeding a
|
|||
|
sequence of individual commands into the prover process,
|
|||
|
the primary interface works via edits over a family of
|
|||
|
document versions. Execution is implicit and managed by the
|
|||
|
prover on its own account in a timeless and stateless
|
|||
|
manner. Various aspects of interactive proof checking are
|
|||
|
scheduled according to requirements determined by the
|
|||
|
front-end perspective on the proof document, while making
|
|||
|
adequate use of the CPU resources on multicore hardware on
|
|||
|
the back-end.
|
|||
|
|
|||
|
Recent refinements of Isabelle/PIDE provide an explicit
|
|||
|
concept of asynchronous print functions over existing proof
|
|||
|
states. This allows to integrate long-running or
|
|||
|
potentially non-terminating tools into the document-model.
|
|||
|
Applications range from traditional proof state output
|
|||
|
(which may consume substantial time in interactive
|
|||
|
development) to automated provers and dis-provers that
|
|||
|
report on existing proof document content (e.g.
|
|||
|
Sledgehammer, Nitpick, Quickcheck in Isabelle/HOL).
|
|||
|
Moreover, it is possible to integrate query operations via
|
|||
|
additional GUI panels with separate input and output (e.g.
|
|||
|
for Sledgehammer or find-theorems). Thus the Prover IDE
|
|||
|
provides continuous proof processing, augmented by add-on
|
|||
|
tools that help the user to continue writing proofs. }
|
|||
|
}
|
|||
|
|
|||
|
@Proceedings{ klein.ea:interactive:2014,
|
|||
|
editor = {Gerwin Klein and Ruben Gamboa},
|
|||
|
title = {Interactive Theorem Proving - 5th International
|
|||
|
Conference, {ITP} 2014, Held as Part of the Vienna Summer
|
|||
|
of Logic, {VSL} 2014, Vienna, Austria, July 14-17, 2014.
|
|||
|
Proceedings},
|
|||
|
series = s-lncs,
|
|||
|
volume = 8558,
|
|||
|
publisher = pub-springer,
|
|||
|
year = 2014,
|
|||
|
doi = {10.1007/978-3-319-08970-6},
|
|||
|
isbn = {978-3-319-08969-0}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ bezzecchi.ea:making:2018,
|
|||
|
title = {Making Agile Development Processes fit for V-style
|
|||
|
Certification Procedures},
|
|||
|
author = {Bezzecchi, S. and Crisafulli, P. and Pichot, C. and Wolff,
|
|||
|
B.},
|
|||
|
booktitle = {{ERTS'18}},
|
|||
|
abstract = {We present a process for the development of safety and
|
|||
|
security critical components in transportation systems
|
|||
|
targeting a high-level certification (CENELEC 50126/50128,
|
|||
|
DO 178, CC ISO/IEC 15408).
|
|||
|
|
|||
|
The process adheres to the objectives of an ``agile
|
|||
|
development'' in terms of evolutionary flexibility and
|
|||
|
continuous improvement. Yet, it enforces the overall
|
|||
|
coherence of the development artifacts (ranging from proofs
|
|||
|
over tests to code) by a particular environment (CVCE).
|
|||
|
|
|||
|
In particular, the validation process is built around a
|
|||
|
formal development based on the interactive theorem proving
|
|||
|
system Isabelle/HOL, by linking the business logic of the
|
|||
|
application to the operating system model, down to code and
|
|||
|
concrete hardware models thanks to a series of refinement
|
|||
|
proofs.
|
|||
|
|
|||
|
We apply both the process and its support in CVCE to a
|
|||
|
case-study that comprises a model of an odometric service
|
|||
|
in a railway-system with its corresponding implementation
|
|||
|
integrated in seL4 (a secure kernel for which a
|
|||
|
comprehensive Isabelle development exists). Novel
|
|||
|
techniques implemented in Isabelle enforce the coherence of
|
|||
|
semi-formal and formal definitions within to specific
|
|||
|
certification processes in order to improve their
|
|||
|
cost-effectiveness. },
|
|||
|
pdf = {https://www.lri.fr/~wolff/papers/conf/2018erts-agile-fm.pdf},
|
|||
|
year = 2018,
|
|||
|
series = {ERTS Conference Proceedings},
|
|||
|
location = {Toulouse}
|
|||
|
}
|
|||
|
|
|||
|
@Misc{ owl2012,
|
|||
|
title = {OWL 2 Web Ontology Language},
|
|||
|
note = {\url{https://www.w3.org/TR/owl2-overview/}, Document
|
|||
|
Overview (Second Edition)},
|
|||
|
author = {World Wide Web Consortium}
|
|||
|
}
|
|||
|
|
|||
|
@Misc{ protege,
|
|||
|
title = {Prot{\'e}g{\'e}},
|
|||
|
note = {\url{https://protege.stanford.edu}},
|
|||
|
year = 2018
|
|||
|
}
|
|||
|
|
|||
|
@Misc{ cognitum,
|
|||
|
title = {Fluent Editor},
|
|||
|
note = {\url{http://www.cognitum.eu/Semantics/FluentEditor/}},
|
|||
|
year = 2018
|
|||
|
}
|
|||
|
|
|||
|
@Misc{ neon,
|
|||
|
title = {The NeOn Toolkit},
|
|||
|
note = {\url{http://neon-toolkit.org}},
|
|||
|
year = 2018
|
|||
|
}
|
|||
|
|
|||
|
@Misc{ owlgred,
|
|||
|
title = {OWLGrEd},
|
|||
|
note = {\url{http://owlgred.lumii.lv/}},
|
|||
|
year = 2018
|
|||
|
}
|
|||
|
|
|||
|
@Misc{ rontorium,
|
|||
|
title = {R Language Package for FLuent Editor (rOntorion)},
|
|||
|
note = {\url{http://www.cognitum.eu/semantics/FluentEditor/rOntorionFE.aspx}},
|
|||
|
year = 2018
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ DBLP:conf/mkm/BlanchetteHMN15,
|
|||
|
author = {Jasmin Christian Blanchette and Maximilian P. L. Haslbeck
|
|||
|
and Daniel Matichuk and Tobias Nipkow},
|
|||
|
title = {Mining the Archive of Formal Proofs},
|
|||
|
booktitle = {Intelligent Computer Mathematics - International
|
|||
|
Conference, {CICM} 2015, Washington, DC, USA, July 13-17,
|
|||
|
2015, Proceedings},
|
|||
|
pages = {3--17},
|
|||
|
year = 2015,
|
|||
|
url = {https://doi.org/10.1007/978-3-319-20615-8\_1},
|
|||
|
doi = {10.1007/978-3-319-20615-8\_1},
|
|||
|
timestamp = {Fri, 02 Nov 2018 09:40:47 +0100},
|
|||
|
biburl = {https://dblp.org/rec/bib/conf/mkm/BlanchetteHMN15},
|
|||
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|||
|
}
|
|||
|
|
|||
|
@InCollection{ brucker.ea:isabelle-ontologies:2018,
|
|||
|
abstract = {While Isabelle is mostly known as part of Isabelle/HOL (an
|
|||
|
interactive theorem prover), it actually provides a
|
|||
|
framework for developing a wide spectrum of applications. A
|
|||
|
particular strength of the Isabelle framework is the
|
|||
|
combination of text editing, formal verification, and code
|
|||
|
generation.\\\\Up to now, Isabelle's document preparation
|
|||
|
system lacks a mechanism for ensuring the structure of
|
|||
|
different document types (as, e.g., required in
|
|||
|
certification processes) in general and, in particular,
|
|||
|
mechanism for linking informal and formal parts of a
|
|||
|
document.\\\\In this paper, we present Isabelle/DOF, a
|
|||
|
novel Document Ontology Framework on top of Isabelle.
|
|||
|
Isabelle/DOF allows for conventional typesetting \emph{as
|
|||
|
well} as formal development. We show how to model document
|
|||
|
ontologies inside Isabelle/DOF, how to use the resulting
|
|||
|
meta-information for enforcing a certain document
|
|||
|
structure, and discuss ontology-specific IDE support.},
|
|||
|
address = {Heidelberg},
|
|||
|
author = {Achim D. Brucker and Idir Ait-Sadoune and Paolo Crisafulli
|
|||
|
and Burkhart Wolff},
|
|||
|
booktitle = {Conference on Intelligent Computer Mathematics (CICM)},
|
|||
|
doi = {10.1007/978-3-319-96812-4_3},
|
|||
|
keywords = {Isabelle/Isar, HOL, Ontologies},
|
|||
|
language = {USenglish},
|
|||
|
location = {Hagenberg, Austria},
|
|||
|
number = 11006,
|
|||
|
pdf = {https://www.brucker.ch/bibliography/download/2018/brucker.ea-isabelle-ontologies-2018.pdf},
|
|||
|
publisher = {Springer-Verlag},
|
|||
|
series = {Lecture Notes in Computer Science},
|
|||
|
title = {Using the {Isabelle} Ontology Framework: Linking the
|
|||
|
Formal with the Informal},
|
|||
|
url = {https://www.brucker.ch/bibliography/abstract/brucker.ea-isabelle-ontologies-2018},
|
|||
|
year = 2018
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
@InCollection{ brucker.wolff:isa_def-design-impl:2019,
|
|||
|
abstract = {DOF is a novel framework for defining ontologies and enforcing them during document
|
|||
|
development and evolution. A major goal of DOF the integrated development of formal
|
|||
|
certification documents (e.g., for Common Criteria or CENELEC 50128) that require
|
|||
|
consistency across both formal and informal arguments. To support a consistent
|
|||
|
development of formal and informal parts of a document, we implemented Isabelle/DOF,
|
|||
|
an implementation of DOF on top of the formal methods framework Isabelle/HOL. A
|
|||
|
particular emphasis is put on a deep integration into Isabelle’s IDE, which allows
|
|||
|
for smooth ontology development as well as immediate ontological feedback during
|
|||
|
the editing of a document.
|
|||
|
In this paper, we give an in-depth presentation of the design concepts of DOF’s
|
|||
|
Ontology Definition Language (ODL) and key aspects of the technology of its
|
|||
|
implementation. Isabelle/DOF is the first ontology lan- guage supporting
|
|||
|
machine-checked links between the formal and informal parts in an LCF-style
|
|||
|
interactive theorem proving environment. Sufficiently annotated, large documents
|
|||
|
can easily be developed collaboratively, while ensuring their consistency, and the
|
|||
|
impact of changes (in the formal and the semi-formal content) is tracked automatically.},
|
|||
|
address = {Heidelberg},
|
|||
|
author = {Achim D. Brucker and Burkhart Wolff},
|
|||
|
booktitle = {International Conference on Software Engineering and Formal Methods},
|
|||
|
keywords = {Isabelle/Isar, HOL, Ontologies, Documentation},
|
|||
|
language = {USenglish},
|
|||
|
location = {Oslo, Austria},
|
|||
|
number = "to appear",
|
|||
|
publisher = {Springer-Verlag},
|
|||
|
series = {Lecture Notes in Computer Science},
|
|||
|
title = {{I}sabelle/{DOF}: {D}esign and {I}mplementation},
|
|||
|
year = 2019
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ DBLP:conf/itp/Wenzel14,
|
|||
|
author = {Makarius Wenzel},
|
|||
|
title = {Asynchronous User Interaction and Tool Integration in Isabelle/PIDE},
|
|||
|
booktitle = {Interactive Theorem Proving (ITP)},
|
|||
|
pages = {515--530},
|
|||
|
year = 2014,
|
|||
|
doi = {10.1007/978-3-319-08970-6_33},
|
|||
|
timestamp = {Sun, 21 May 2017 00:18:59 +0200},
|
|||
|
biburl = {https://dblp.org/rec/bib/conf/itp/Wenzel14},
|
|||
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ DBLP:journals/corr/Wenzel14,
|
|||
|
author = {Makarius Wenzel},
|
|||
|
title = {System description: Isabelle/jEdit in 2014},
|
|||
|
booktitle = {Proceedings Eleventh Workshop on User Interfaces for
|
|||
|
Theorem Provers, {UITP} 2014, Vienna, Austria, 17th July
|
|||
|
2014.},
|
|||
|
pages = {84--94},
|
|||
|
year = 2014,
|
|||
|
doi = {10.4204/EPTCS.167.10},
|
|||
|
timestamp = {Wed, 03 May 2017 14:47:58 +0200},
|
|||
|
biburl = {https://dblp.org/rec/bib/journals/corr/Wenzel14},
|
|||
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ DBLP:conf/mkm/BarrasGHRTWW13,
|
|||
|
author = {Bruno Barras and Lourdes Del Carmen
|
|||
|
Gonz{\'{a}}lez{-}Huesca and Hugo Herbelin and Yann
|
|||
|
R{\'{e}}gis{-}Gianas and Enrico Tassi and Makarius Wenzel
|
|||
|
and Burkhart Wolff},
|
|||
|
title = {Pervasive Parallelism in Highly-Trustable Interactive
|
|||
|
Theorem Proving Systems},
|
|||
|
booktitle = {Intelligent Computer Mathematics - MKM, Calculemus, DML,
|
|||
|
and Systems and Projects},
|
|||
|
pages = {359--363},
|
|||
|
year = 2013,
|
|||
|
doi = {10.1007/978-3-642-39320-4_29},
|
|||
|
timestamp = {Sun, 04 Jun 2017 10:10:26 +0200},
|
|||
|
biburl = {https://dblp.org/rec/bib/conf/mkm/BarrasGHRTWW13},
|
|||
|
bibsource = {dblp computer science bibliography, https://dblp.org}
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
@TechReport{ bsi:50128:2014,
|
|||
|
type = {Standard},
|
|||
|
key = {BS EN 50128:2011},
|
|||
|
month = apr,
|
|||
|
year = 2014,
|
|||
|
series = {British Standards Publication},
|
|||
|
title = {BS EN 50128:2011: Railway applications -- Communication,
|
|||
|
signalling and processing systems -- Software for railway
|
|||
|
control and protecting systems},
|
|||
|
institution = {Britisch Standards Institute (BSI)},
|
|||
|
keywords = {CENELEC},
|
|||
|
abstract = {This European Standard is part of a group of related
|
|||
|
standards. The others are EN 50126-1:1999 "Railway
|
|||
|
applications -- The specification and demonstration of
|
|||
|
Reliability, Availability, Maintainability and Safety
|
|||
|
(RAMS) -- Part 1: Basic requirements and generic process --
|
|||
|
and EN 50129:2003 "Railway applications -- Communication,
|
|||
|
signalling and processing systems -- Safety related
|
|||
|
electronic systems for signalling". EN 50126-1 addresses
|
|||
|
system issues on the widest scale, while EN 50129 addresses
|
|||
|
the approval process for individual systems which can exist
|
|||
|
within the overall railway control and protection system.
|
|||
|
This European Standard concentrates on the methods which
|
|||
|
need to be used in order to provide software which meets
|
|||
|
the demands for safety integrity which are placed upon it
|
|||
|
by these wider considerations. This European Standard
|
|||
|
provides a set of requirements with which the development,
|
|||
|
deployment and maintenance of any safety-related software
|
|||
|
intended for railway control and protection applications
|
|||
|
shall comply. It defines requirements concerning
|
|||
|
organisational structure, the relationship between
|
|||
|
organisations and division of responsibility involved in
|
|||
|
the development, deployment and maintenanceactivities.}
|
|||
|
}
|
|||
|
|
|||
|
@TechReport{ ds:50126-1:2014,
|
|||
|
type = {Standard},
|
|||
|
key = {DS/EN 50126-1:1999},
|
|||
|
month = oct,
|
|||
|
year = 2014,
|
|||
|
series = {Dansk standard},
|
|||
|
title = {EN 50126-1:1999: Railway applications -- The specification
|
|||
|
and demonstration of Reliability, Availability,
|
|||
|
Maintainability and Safety (RAMS) -- Part 1: Basic
|
|||
|
requirements and generic process},
|
|||
|
institution = {Danish Standards Foundation},
|
|||
|
keywords = {CENELEC},
|
|||
|
abstract = {This European Standard provides Railway Authorities and
|
|||
|
the railway support industry, throughout the European
|
|||
|
Union, with a process which will enable the implementation
|
|||
|
of a consistent approach to the management of reliablity,
|
|||
|
availability, maintainability and safety, denoted by the
|
|||
|
acronym RAMS. Processes for the specification and
|
|||
|
demonstration of RAMS requirements are cornerstones of this
|
|||
|
standard. This European Standardc aims to promote a common
|
|||
|
understanding and approach to the management of RAMS.
|
|||
|
|
|||
|
This European Standard can be applied systematically by a
|
|||
|
railway authority and railway support industry,
|
|||
|
throughoutall phasesof thelifecycle of a railway
|
|||
|
application, to develop railway specific RAMS requirements
|
|||
|
and to achieve compliance with these requirements. The
|
|||
|
systems-level approach defined by this European Standard
|
|||
|
facilitates assessment of the RAMS interactions between
|
|||
|
elements of complex railway applications. This European
|
|||
|
Standard promotes co-operation between railway authority
|
|||
|
and railway support industry, within a variety of
|
|||
|
procurementstrategies, in the achievement of an optimal
|
|||
|
combination of RAMS and costfor railway applications.
|
|||
|
Adoption of this European Standard will support the
|
|||
|
|
|||
|
principles of the European Single Market andfacilitate
|
|||
|
Europeanrailway inter-operability. The process defined by
|
|||
|
this European Standard assumesthat railway authorities and
|
|||
|
railway support industry have business-level policies
|
|||
|
addressing Quality, Performance and Safety. The approach
|
|||
|
defined in this standard is consistent with the application
|
|||
|
of quality management requirements contained within the ISO
|
|||
|
9000 series of International standards.}
|
|||
|
}
|
|||
|
|
|||
|
@Book{ paulson:ml:1996,
|
|||
|
author = {Lawrence C. Paulson},
|
|||
|
title = {{ML} for the Working Programmer},
|
|||
|
publisher = {Cambridge Press},
|
|||
|
year = 1996,
|
|||
|
url = {http://www.cl.cam.ac.uk/~lp15/MLbook/pub-details.html},
|
|||
|
acknowledgement={none}
|
|||
|
}
|
|||
|
|
|||
|
@Book{ pollak:beginning:2009,
|
|||
|
title = {Beginning Scala},
|
|||
|
author = {David Pollak},
|
|||
|
publisher = {Apress},
|
|||
|
year = 2009,
|
|||
|
isbn = {978-1-4302-1989-7}
|
|||
|
}
|
|||
|
|
|||
|
@Article{ klein:operating:2009,
|
|||
|
author = {Gerwin Klein},
|
|||
|
title = {Operating System Verification --- An Overview},
|
|||
|
journal = {S\={a}dhan\={a}},
|
|||
|
publisher = pub-springer,
|
|||
|
year = 2009,
|
|||
|
volume = 34,
|
|||
|
number = 1,
|
|||
|
month = feb,
|
|||
|
pages = {27--69},
|
|||
|
abstract = {This paper gives a high-level introduction to the topic of
|
|||
|
formal, interactive, machine-checked software verification
|
|||
|
in general, and the verification of operating systems code
|
|||
|
in particular. We survey the state of the art, the
|
|||
|
advantages and limitations of machine-checked code proofs,
|
|||
|
and describe two specific ongoing larger-scale verification
|
|||
|
projects in more detail.}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ wenzel:system:2014,
|
|||
|
author = {Makarius Wenzel},
|
|||
|
title = {System description: Isabelle/jEdit in 2014},
|
|||
|
booktitle = {Workshop on User Interfaces for Theorem Provers, {UITP}},
|
|||
|
pages = {84--94},
|
|||
|
year = 2014,
|
|||
|
doi = {10.4204/EPTCS.167.10},
|
|||
|
timestamp = {Wed, 12 Sep 2018 01:05:15 +0200},
|
|||
|
editor = {Christoph Benzm{\"{u}}ller and Bruno {Woltzenlogel Paleo}},
|
|||
|
volume = 167
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ feliachi.ea:circus:2013,
|
|||
|
author = {Abderrahmane Feliachi and Marie{-}Claude Gaudel and
|
|||
|
Makarius Wenzel and Burkhart Wolff},
|
|||
|
title = {The Circus Testing Theory Revisited in Isabelle/HOL},
|
|||
|
booktitle = {{ICFEM}},
|
|||
|
series = {Lecture Notes in Computer Science},
|
|||
|
volume = 8144,
|
|||
|
pages = {131--147},
|
|||
|
publisher = {Springer},
|
|||
|
year = 2013
|
|||
|
}
|
|||
|
|
|||
|
@Article{ Klein2014,
|
|||
|
author = {Gerwin Klein and June Andronick and Kevin Elphinstone and
|
|||
|
Toby C. Murray and Thomas Sewell and Rafal Kolanski and
|
|||
|
Gernot Heiser},
|
|||
|
title = {Comprehensive formal verification of an {OS} microkernel},
|
|||
|
journal = {{ACM} Trans. Comput. Syst.},
|
|||
|
year = 2014,
|
|||
|
volume = 32,
|
|||
|
number = 1,
|
|||
|
pages = {2:1--2:70},
|
|||
|
bibsource = {dblp computer science bibliography, https://dblp.org},
|
|||
|
biburl = {https://dblp.org/rec/bib/journals/tocs/KleinAEMSKH14},
|
|||
|
doi = {10.1145/2560537},
|
|||
|
timestamp = {Tue, 03 Jan 2017 11:51:57 +0100},
|
|||
|
url = {http://doi.acm.org/10.1145/2560537}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ bicchierai.ea:using:2013,
|
|||
|
author = {Bicchierai, Irene and Bucci, Giacomo and Nocentini, Carlo
|
|||
|
and Vicario, Enrico},
|
|||
|
editor = {Keller, Hubert B. and Pl{\"o}dereder, Erhard and Dencker,
|
|||
|
Peter and Klenk, Herbert},
|
|||
|
title = {Using Ontologies in the Integration of Structural,
|
|||
|
Functional, and Process Perspectives in the Development of
|
|||
|
Safety Critical Systems},
|
|||
|
booktitle = {Reliable Software Technologies -- Ada-Europe 2013},
|
|||
|
year = 2013,
|
|||
|
publisher = {Springer Berlin Heidelberg},
|
|||
|
address = {Berlin, Heidelberg},
|
|||
|
pages = {95--108},
|
|||
|
abstract = {We present a systematic approach for the efficient
|
|||
|
management of the data involved in the development process
|
|||
|
of safety critical systems, illustrating how the activities
|
|||
|
performed during the life-cycle can be integrated in a
|
|||
|
common framework. Information needed in these activities
|
|||
|
reflects concepts that pertain to three different
|
|||
|
perspectives: i) structural elements of design and
|
|||
|
implementation; ii) functional requirements and quality
|
|||
|
attributes; iii) organization of the overall process. The
|
|||
|
integration of these concepts may considerably improve the
|
|||
|
trade-off between reward and effort spent in verification
|
|||
|
and quality-driven activities.},
|
|||
|
isbn = {978-3-642-38601-5}
|
|||
|
}
|
|||
|
|
|||
|
@Article{ zhao.ea:formal:2016,
|
|||
|
author = {Yongwang Zhao and David San{\'{a}}n and Fuyuan Zhang and
|
|||
|
Yang Liu},
|
|||
|
title = {Formal Specification and Analysis of Partitioning
|
|||
|
Operating Systems by Integrating Ontology and Refinement},
|
|||
|
journal = {{IEEE} Trans. Industrial Informatics},
|
|||
|
volume = 12,
|
|||
|
number = 4,
|
|||
|
pages = {1321--1331},
|
|||
|
year = 2016,
|
|||
|
abstract = {Partitioning operating systems (POSs) have been widely
|
|||
|
applied in safety-critical domains from aerospace to
|
|||
|
automotive. In order to improve the safety and the
|
|||
|
certification process of POSs, the ARINC 653 standard has
|
|||
|
been developed and complied with by the mainstream POSs.
|
|||
|
Rigorous formalization of ARINC 653 can reveal hidden
|
|||
|
errors in this standard and provide a necessary foundation
|
|||
|
for formal verification of POSs and ARINC 653 applica-
|
|||
|
tions. For the purpose of reusability and efficiency, a
|
|||
|
novel methodology by integrating ontology and refinement is
|
|||
|
proposed to formally specify and analyze POSs in this
|
|||
|
paper. An ontology of POSs is developed as an intermediate
|
|||
|
model between informal descriptions of ARINC 653 and the
|
|||
|
formal specification in Event-B. A semiautomatic
|
|||
|
translation from the ontology and ARINC 653 into Event-B is
|
|||
|
implemented, which leads to a complete Event-B
|
|||
|
specification for ARINC 653 compliant POSs. During the
|
|||
|
formal analysis, six hidden errors in ARINC 653 have been
|
|||
|
discovered and fixed in the Event-B specification. We also
|
|||
|
validate the existence of these errors in two open-source
|
|||
|
POSs, i.e., XtratuM and POK. By introducing the ontology,
|
|||
|
the degree of automatic verification of the Event-B
|
|||
|
specification reaches a higher level}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ denney.ea:evidence:2013,
|
|||
|
author = {E. {Denney} and G. {Pai}},
|
|||
|
booktitle = {2013 IEEE International Symposium on Software Reliability
|
|||
|
Engineering Workshops (ISSREW)},
|
|||
|
title = {Evidence arguments for using formal methods in software
|
|||
|
certification},
|
|||
|
year = 2013,
|
|||
|
pages = {375--380},
|
|||
|
abstract = {We describe a generic approach for automatically
|
|||
|
integrating the output generated from a formal method/tool
|
|||
|
into a software safety assurance case, as an evidence
|
|||
|
argument, by (a) encoding the underlying reasoning as a
|
|||
|
safety case pattern, and (b) instantiating it using the
|
|||
|
data produced from the method/tool. We believe this
|
|||
|
approach not only improves the trustworthiness of the
|
|||
|
evidence generated from a formal method/tool, by explicitly
|
|||
|
presenting the reasoning and mechanisms underlying its
|
|||
|
genesis, but also provides a way to gauge the suitability
|
|||
|
of the evidence in the context of the wider assurance case.
|
|||
|
We illustrate our work by application to a real example-an
|
|||
|
unmanned aircraft system - where we invoke a formal code
|
|||
|
analysis tool from its autopilot software safety case,
|
|||
|
automatically transform the verification output into an
|
|||
|
evidence argument, and then integrate it into the former.},
|
|||
|
keywords = {aircraft;autonomous aerial vehicles;formal
|
|||
|
verification;safety-critical software;evidence
|
|||
|
arguments;formal methods;software certification;software
|
|||
|
safety assurance case;safety case pattern;unmanned aircraft
|
|||
|
system;formal code analysis;autopilot software safety
|
|||
|
case;verification output;Safety;Software
|
|||
|
safety;Cognition;Computer
|
|||
|
architecture;Context;Encoding;Safety cases;Safety case
|
|||
|
patterns;Formal methods;Argumentation;Software
|
|||
|
certification},
|
|||
|
doi = {10.1109/ISSREW.2013.6688924},
|
|||
|
month = {Nov}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ kaluvuri.ea:quantitative:2014,
|
|||
|
author = {Kaluvuri, Samuel Paul and Bezzi, Michele and Roudier,
|
|||
|
Yves},
|
|||
|
editor = {Eckert, Claudia and Katsikas, Sokratis K. and Pernul,
|
|||
|
G{\"u}nther},
|
|||
|
title = {A Quantitative Analysis of Common Criteria Certification
|
|||
|
Practice},
|
|||
|
booktitle = {Trust, Privacy, and Security in Digital Business},
|
|||
|
year = 2014,
|
|||
|
publisher = {Springer International Publishing},
|
|||
|
address = {Cham},
|
|||
|
pages = {132--143},
|
|||
|
abstract = {The Common Criteria (CC) certification framework defines a
|
|||
|
widely recognized, multi-domain certification scheme that
|
|||
|
aims to provide security assurances about IT products to c\
|
|||
|
onsumers. However, the CC scheme does not prescribe a
|
|||
|
monitoring scheme for the CC practice, raising concerns
|
|||
|
about the quality of the security assurance provided by the
|
|||
|
certification a\ nd questions on its usefulness. In this
|
|||
|
paper, we present a critical analysis of the CC practice
|
|||
|
that concretely exposes the limitations of current
|
|||
|
approaches. We also provide direction\ s to improve the CC
|
|||
|
practice.},
|
|||
|
isbn = {978-3-319-09770-1}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ ekelhart.ea:ontological:2007,
|
|||
|
author = {Ekelhart, Andreas and Fenz, Stefan and Goluch, Gernot and
|
|||
|
Weippl, Edgar},
|
|||
|
editor = {Venter, Hein and Eloff, Mariki and Labuschagne, Les and
|
|||
|
Eloff, Jan and von Solms, Rossouw},
|
|||
|
title = {Ontological Mapping of Common Criteria's Security
|
|||
|
Assurance Requirements},
|
|||
|
booktitle = {New Approaches for Security, Privacy and Trust in Complex
|
|||
|
Environments},
|
|||
|
year = 2007,
|
|||
|
publisher = {Springer US},
|
|||
|
address = {Boston, MA},
|
|||
|
pages = {85--95},
|
|||
|
abstract = {The Common Criteria (CC) for Information Technology
|
|||
|
Security Evaluation provides comprehensive guidelines \ for
|
|||
|
the evaluation and certification of IT security regarding
|
|||
|
data security and data privacy. Due to the very comple\ x
|
|||
|
and time-consuming certification process a lot of companies
|
|||
|
abstain from a CC certification. We created the CC Ont\
|
|||
|
ology tool, which is based on an ontological representation
|
|||
|
of the CC catalog, to support the evaluator at the certi\
|
|||
|
fication process. Tasks such as the planning of an
|
|||
|
evaluation process, the review of relevant documents or the
|
|||
|
creat\ ing of reports are supported by the CC Ontology
|
|||
|
tool. With the development of this tool we reduce the time
|
|||
|
and costs\ needed to complete a certification.},
|
|||
|
isbn = {978-0-387-72367-9}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ fenz.ea:formalizing:2009,
|
|||
|
author = {Fenz, Stefan and Ekelhart, Andreas},
|
|||
|
title = {Formalizing Information Security Knowledge},
|
|||
|
booktitle = {Proceedings of the 4th International Symposium on
|
|||
|
Information, Computer, and Communications Security},
|
|||
|
series = {ASIACCS '09},
|
|||
|
year = 2009,
|
|||
|
isbn = {978-1-60558-394-5},
|
|||
|
location = {Sydney, Australia},
|
|||
|
pages = {183--194},
|
|||
|
numpages = 12,
|
|||
|
url = {http://doi.acm.org/10.1145/1533057.1533084},
|
|||
|
doi = {10.1145/1533057.1533084},
|
|||
|
acmid = 1533084,
|
|||
|
publisher = {ACM},
|
|||
|
address = {New York, NY, USA},
|
|||
|
keywords = {information security, risk management, security ontology},
|
|||
|
abstract = {Unified and formal knowledge models of the information
|
|||
|
security domain are fundamental requirements for supporting
|
|||
|
and enhancing existing risk management approaches. This
|
|||
|
paper describes a security ontology which provides an
|
|||
|
ontological structure for information security domain
|
|||
|
knowledge. Besides existing best-practice guidelines such
|
|||
|
as the German IT Grundschutz Manual also concrete knowledge
|
|||
|
of the considered organization is incorporated. An
|
|||
|
evaluation conducted by an information security expert team
|
|||
|
has shown that this knowledge model can be used to support
|
|||
|
a broad range of information security risk management
|
|||
|
approaches.}
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ gleirscher.ea:incremental:2007,
|
|||
|
author = {M. {Gleirscher} and D. {Ratiu} and B. {Schatz}},
|
|||
|
booktitle = {2007 International Conference on Systems Engineering and
|
|||
|
Modeling},
|
|||
|
title = {Incremental Integration of Heterogeneous Systems Views},
|
|||
|
year = 2007,
|
|||
|
pages = {50--59},
|
|||
|
abstract = {To master systems complexity, their industrial development
|
|||
|
requires specialized heterogeneous views and techniques and
|
|||
|
- correspondingly - engineering tools. These views
|
|||
|
generally cover only parts of the system under development,
|
|||
|
and critical development defects often occur at the gaps
|
|||
|
between them. To successfully achieve an integration that
|
|||
|
bridges these gaps, we must tackle it both from the
|
|||
|
methodical as well as from the tooling sides. The former
|
|||
|
requires answers to questions like: What are the views
|
|||
|
provided by the tools? How are they related and extended to
|
|||
|
achieve consistency or to form new views? - while the
|
|||
|
latter requires answers to: How are views extracted from
|
|||
|
the tools? How are they composed and provided to the user?
|
|||
|
Our approach, suitable for incremental integration, is
|
|||
|
demonstrated in the tool integration framework ToolNet.},
|
|||
|
keywords = {computer aided engineering;computer aided software
|
|||
|
engineering;software tools;heterogeneous systems
|
|||
|
views;systems complexity;tool integration
|
|||
|
framework;ToolNet;engineering tools;Systems engineering and
|
|||
|
theory;Certification;Integrated circuit
|
|||
|
modeling;Bridges;Software tools;Computer aided software
|
|||
|
engineering;Computer aided engineering;Costs;Natural
|
|||
|
languages;Formal specifications},
|
|||
|
doi = {10.1109/ICSEM.2007.373334},
|
|||
|
month = {March}
|
|||
|
}
|
|||
|
|
|||
|
@Booklet{ omg:sacm:2018,
|
|||
|
bibkey = {omg:sacm:2018},
|
|||
|
key = omg,
|
|||
|
abstract = {This specification defines a metamodel for representing
|
|||
|
structured assurance cases. An Assurance Case is a set of
|
|||
|
auditable claims, arguments, and evidence created to
|
|||
|
support the claim that a defined system/service will
|
|||
|
satisfy the particular requirements. An Assurance Case is a
|
|||
|
document that facilitates information exchange between
|
|||
|
various system stakeholders such as suppliers and
|
|||
|
acquirers, and between the operator and regulator, where
|
|||
|
the knowledge related to the safety and security of the
|
|||
|
system is communicated in a clear and defendable way. Each
|
|||
|
assurance case should communicate the scope of the system,
|
|||
|
the operational context, the claims, the safety and/or
|
|||
|
security arguments, along with the corresponding
|
|||
|
evidence.},
|
|||
|
publisher = omg,
|
|||
|
language = {USenglish},
|
|||
|
month = mar,
|
|||
|
keywords = {SACM},
|
|||
|
topic = {formalism},
|
|||
|
note = {Available as OMG document
|
|||
|
\href{http://www.omg.org/cgi-bin/doc?formal/2018-02-02}
|
|||
|
{formal/2018-02-02}},
|
|||
|
public = {yes},
|
|||
|
title = {Structured Assurance Case Metamodel (SACM)},
|
|||
|
year = 2018
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ kelly.ea:goal:2004,
|
|||
|
title = {The Goal Structuring Notation -- A Safety Argument
|
|||
|
Notation},
|
|||
|
booktitle = {Dependable Systems and Networks},
|
|||
|
year = 2004,
|
|||
|
month = jul,
|
|||
|
author = {Tim Kelly and Rob Weaver}
|
|||
|
}
|
|||
|
|
|||
|
@TechReport{ rushby:formal:1993,
|
|||
|
author = {John Rushby},
|
|||
|
title = {Formal Methods and the Certification of Critical Systems},
|
|||
|
institution = {Computer Science Laboratory, SRI International},
|
|||
|
year = 1993,
|
|||
|
number = {SRI-CSL-93-7},
|
|||
|
address = {Menlo Park, CA},
|
|||
|
note = {Also issued under the title {\em Formal Methods and
|
|||
|
Digital Systems Validation for Airborne Systems\/} as NASA
|
|||
|
Contractor Report 4551, December 1993},
|
|||
|
month = dec
|
|||
|
}
|
|||
|
|
|||
|
@InProceedings{ greenaway.ea:bridging:2012,
|
|||
|
author = {Greenaway, David and Andronick, June and Klein, Gerwin},
|
|||
|
editor = {Beringer, Lennart and Felty, Amy},
|
|||
|
title = {Bridging the Gap: Automatic Verified Abstraction of C},
|
|||
|
booktitle = {Interactive Theorem Proving},
|
|||
|
year = 2012,
|
|||
|
publisher = {Springer Berlin Heidelberg},
|
|||
|
address = {Berlin, Heidelberg},
|
|||
|
pages = {99--115},
|
|||
|
abstract = {Before low-level imperative code can be reasoned about in
|
|||
|
an interactive theorem prover, it must first be converted
|
|||
|
into a logical representation in that theorem prover.
|
|||
|
Accurate translations of such code should be conservative,
|
|||
|
choosing safe representations over representations
|
|||
|
convenient to reason about. This paper bridges the gap
|
|||
|
between conservative representation and convenient
|
|||
|
reasoning. We present a tool that automatically abstracts
|
|||
|
low-level C semantics into higher level specifications,
|
|||
|
while generating proofs of refinement in Isabelle/HOL for
|
|||
|
each translation step. The aim is to generate a verified,
|
|||
|
human-readable specification, convenient for further
|
|||
|
reasoning.},
|
|||
|
isbn = {978-3-642-32347-8}
|
|||
|
}
|
|||
|
|
|||
|
@inproceedings{BCPW2018,
|
|||
|
title = {Making Agile Development Processes fit for V-style Certification
|
|||
|
Procedures},
|
|||
|
author = {Bezzecchi, S. and Crisafulli, P. and Pichot, C. and Wolff, B.},
|
|||
|
booktitle = {{ERTS'18}},
|
|||
|
abstract = {We present a process for the development of safety and security
|
|||
|
critical components in transportation systems targeting a high-level
|
|||
|
certification (CENELEC 50126/50128, DO 178, CC ISO/IEC 15408).
|
|||
|
|
|||
|
The process adheres to the objectives of an ``agile development'' in
|
|||
|
terms of evolutionary flexibility and continuous improvement. Yet, it
|
|||
|
enforces the overall coherence of the development artifacts (ranging from
|
|||
|
proofs over tests to code) by a particular environment (CVCE).
|
|||
|
|
|||
|
In particular, the validation process is built around a formal development
|
|||
|
based on the interactive theorem proving system Isabelle/HOL, by linking the
|
|||
|
business logic of the application to the operating system model, down to
|
|||
|
code and concrete hardware models thanks to a series of refinement proofs.
|
|||
|
|
|||
|
We apply both the process and its support in CVCE to a case-study that
|
|||
|
comprises a model of an odometric service in a railway-system with its
|
|||
|
corresponding implementation integrated in seL4 (a secure kernel for
|
|||
|
which a comprehensive Isabelle development exists). Novel techniques
|
|||
|
implemented in Isabelle enforce the coherence of semi-formal
|
|||
|
and formal definitions within to specific certification processes
|
|||
|
in order to improve their cost-effectiveness.
|
|||
|
},
|
|||
|
pdf = {https://www.lri.fr/~wolff/papers/conf/2018erts-agile-fm.pdf},
|
|||
|
year = {2018},
|
|||
|
series = {ERTS Conference Proceedings},
|
|||
|
location = {Toulouse}
|
|||
|
}
|