Search For:

Displaying 1-14 out of 14 total
Formal Requirements Analysis of an Avionics Control System
Found in: IEEE Transactions on Software Engineering
By Bruno Dutertre, Victoria Stavridou
Issue Date:May 1997
pp. 267-278
<p><b>Abstract</b>—We report on a formal requirements analysis experiment involving an avionics control system. We describe a method for specifying and verifying real-time systems with PVS. The experiment involves the formalization of the...
Layered Diagnosis and Clock-Rate Correction for the TTEthernet Clock Synchronization Protocol
Found in: Pacific Rim International Symposium on Dependable Computing, IEEE
By Wilfried Steiner,Bruno Dutertre
Issue Date:December 2011
pp. 244-253
Fault-tolerant clock synchronization is the foundation of synchronous architectures such as the Time-Triggered Architecture (TTA) for dependable cyber-physical systems. Clocks are typically local counters that are increased with a given rate according to r...
Modeling and Verification of Time-Triggered Communication Protocols
Found in: Object-Oriented Real-Time Distributed Computing, IEEE International Symposium on
By Maria Sorea, Bruno Dutertre, Wilfried Steiner
Issue Date:May 2008
pp. 422-428
We give an introduction and survey of a formal modeling and verification approach that has been successfully applied to time-triggered protocols. This method allows us to capture and reason about real-time properties of distributed systems. It relies on th...
Using Model Checking to Assess the Dependability of Agent-Based Systems
Found in: IEEE Intelligent Systems
By Robert A. Riemenschneider, Hassen Saïdi, Bruno Dutertre
Issue Date:September 2004
pp. 62-70
Model checking, a formal approach to determining whether an abstract model of a system has some desired property, is useful in assessing the dependability of extremely complex agent-based systems. Model checking requires figuring out how systems are modele...
Forum Session: Security for Wireless Sensor Networks
Found in: Computer Security Applications Conference, Annual
By David Carman, Daniel Coffin, Bruno Dutertre, Vipin Swarup, Ronald Watro
Issue Date:December 2003
pp. 106
No summary available.
Dynamic Scan Scheduling
Found in: Real-Time Systems Symposium, IEEE International
By Bruno Dutertre
Issue Date:December 2002
pp. 327
We present an approach to computing cyclic schedules online and in real time, while attempting to maximize a quality-of-service metric. The motivation is the detection of RF emitters using a schedule that controls the scanning of disjoint frequency bands. ...
Intrusion-Tolerant Enclaves
Found in: Security and Privacy, IEEE Symposium on
By Bruno Dutertre, Valentin Crettaz, Victoria Stavridou
Issue Date:May 2002
pp. 216
Despite our best efforts, any sufficiently complex computer system has vulnerabilities. It is safe to assume that such vulnerabilities can be exploited by attackers who will be able to penetrate the system. Intrusion tolerance attempts to maintain acceptab...
Intrusion-Tolerant Group Management in Enclaves
Found in: Dependable Systems and Networks, International Conference on
By Bruno Dutertre, Hassen Saïdi, Victoria Stavridou
Issue Date:July 2001
pp. 0203
Abstract: Groupware applications require secure communication and group-management services. Participants in such applications may have divergent interests and may not fully trust each other. The services provided must then be designed to tolerate possibly...
A Model of Noninterference for Integrating Mixed Criticality Software Components
Found in: Dependable Computing for Critical Applications
By Bruno Dutertre, Victoria Stavridou
Issue Date:January 1999
pp. 301
This paper examines the problem of safely integrating independent software components, of different criticality levels, in a single system. We examine the risks of interference between independent software components which share common hardware resources. ...
From Security to Safety and Back
Found in: Computer Security, Dependability, and Assurance
By Victoria Stavridou, Bruno Dutertre
Issue Date:July 1998
pp. 182
Dependability encompasses different classes of system properties, related to security, reliability, or safety. This paper examines the relevance of the security concept of noninterference to safety-related properties, and, conversely, the applicability of ...
Complete Proof Systems for First Order Interval Temporal Logic
Found in: Logic in Computer Science, Symposium on
By Bruno Dutertre
Issue Date:June 1995
pp. 36
Different interval modal logics have been proposed for reasoning about the temporal behavior of digital systems. Some of them are purely propositional and only enable the specification of qualitative time requirements. Others, such as ITL and the duration ...
Dependable Intrusion Tolerance: Technology Demo
Found in: DARPA Information Survivability Conference and Exposition,
By Alfonso Valdes, Magnus Almgren, Steven Cheung, Yves Deswarte, Bruno Dutertre, Joshua Levy, Hassen Saïdi, Victoria Stavridou, Tomás E. Uribe
Issue Date:April 2003
pp. 128
The Dependable Intrusion Tolerance (DIT) architecture is a flexible, adaptive, and intrusion-tolerant server design. We briefly discuss its prototype implementation and validation, and demonstrate how it resists sample attacks.
Formal Analysis of the Priority Ceiling Protocol
Found in: Real-Time Systems Symposium, IEEE International
By Bruno Dutertre
Issue Date:November 2000
pp. 151
We present a case study in fond specijication and tool-assisted verification of real-time schedulers, based on the priority ceiling protocol. Starting from operational specifications of the protocol, we obtain rigorous proofs of both synchronization and ti...
Self-regenerative software components
Found in: Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security (SSRS '03)
By Alfonso Valdes, Bruno Dutertre, Hassen Saidi, Joshua Levy
Issue Date:October 2003
pp. 115-120
Self-regenerative capabilities are a new trend in survivable system design. Self-regeneration ensures the property that a system's vulnerabilities cannot be exploited to the extent that the mission objective is compromised, but instead that the vulnerabili...