Ramtin Khosravi's research while affiliated with University of Tehran and other places

People provide their information to distributed systems to receive the desired services. This information may be disclosed to the agents of the system as part of messages transmitted among them. As the agents of the system are smart, they can infer new information from their obtained information, that they may not be authorized to know. So preserving privacy in such systems is an important and yet challenging issue. We study the problem of analyzing the disclosure of private information in distributed asynchronous systems. Our approach to prevent private information disclosure is to require the system to follow knowledge-related policies defined for the system at design time. To achieve this, we construct a model of the system and assume the policies as the system properties and check whether these properties are satisfied in the system or not. In order to construct a model of the system, we extend the actor model, which is a well known reference model for distributed asynchronous systems, by enriching actors by the knowledge base and inference capability. As our knowledge-related policies should not be violated in any state of the system, we propose an efficient invariant model checking algorithm to verify the satisfaction of the policies in our actor model.

The Rebeca modeling language is designed as an imperative actor-based language with the goal of providing an easy-to-use language for modeling concurrent and distributed systems, with formal verification support. Rebeca has been extended to support time and probability. We extend Rebeca further with inheritance, polymorphism, interface declaration, and annotation mechanisms. These features allow us to handle variability within the model, support non-disruptive model evolution, and define method priorities. This enables Rebeca to be used more effectively in different domains, like in Software Product Lines, and holistic analysis of Cyber-Physical Systems. We develop specialized analysis techniques to support these extensions, partly integrated into Afra, the model checking tool of Rebeca.

Afra is an Eclipse-based tool for the modeling and model checking of Rebeca family models. Together with the standard enriched editor, easy to trace counter-example viewer, modular temporal property definition, exporting a model and its transition system to some other formats facilities are features of Afra. Rebeca family provides actor-based modeling languages which are designed to bridge the gap between formal methods and software engineering. Faithfulness to the system being modeled, and the usability of Rebeca family languages help in ease of modeling and analysis of the model, together with the synthesis of the system based on the model. In this paper, architectural decisions and design strategies we made in the development of Afra are presented. This makes Afra an extensible and reusable application for the modeling and analysis of Rebeca family models. Here, we show how different compilers can be developed for the family of languages which are the same in general language constructs but have some minor differences. Then we show how the model checking engine for these different languages is designed. Despite the fact that Afra has a layered object-oriented design and is developed in Java technology, we use C++ codes for developing its model checking for the performance purposes. This decision made the design of the application even harder.KeywordsActorsRebecaAfraModel CheckingEclipse

Developing an automatic functional testing solution for high-capability software systems is challenging as these systems often have a complex architecture, resulting from satisfying a wide range of non-functional requirements. In this paper, we show how a specification-based approach can be used to generate test cases for providing a high level of confidence about the functional correctness of these systems. In this approach, the domain logic of a high-capability software system is specified in the Gallina language. The developed specification is used for both measuring coverage metrics and as the test oracle. Test cases are generated using a search-based approach, having the fitness functions defined in terms of the structural coverage of the specification. To illustrate the applicability of the approach, we applied it on an industrial stock market matching engine. The experiment indicates promising results in the effectiveness of our proposed approach, which is finding critical bugs in the system, although it has an acceptable number of manually developed test cases.

Message-based systems are usually distributed in nature, and distributed components collaborate via asynchronous message passing. In some cases, particular ordering among the messages may lead to violation of the desired properties such as data confidentiality. Due to the absence of a global clock and usage of off-the-shelf components, such unwanted orderings can be neither statically inspected nor verified by revising their codes at design time. We propose a choreography-based runtime verification algorithm that given an automata-based specification of unwanted message sequences detects the formation of the unwanted sequences. Our algorithm is fully decentralized in the sense that each component is equipped with a monitor, as opposed to having a centralized monitor, and also the specification of the unwanted sequences is decomposed among monitors. In this way, when a component sends a message, its monitor inspects if there is a possibility for the formation of unwanted message sequences. As there is no global clock in message-based systems, monitors cannot determine the exact ordering among messages. In such cases, they decide conservatively and declare a sequence formation even if that sequence has not been formed. We prevent such conservative declarations in our algorithm as much as possible and then characterize its operational guarantees. We evaluate the efficiency and scalability of our algorithm in terms of the communication overhead, the memory consumption, and the latency of the result declaration through simulation.

Behavioral models enable the analysis of the functionality of software product lines (SPL), e.g., model checking and model-based testing. Model learning aims at constructing behavioral models for software systems in some form of a finite state machine. Due to the commonalities among the products of an SPL, it is possible to reuse the previously learned models during the model learning process. In this paper, an adaptive approach (the $\text{PL}^*$ method) for learning the product models of an SPL is presented based on the well-known $L^*$ algorithm. In this method, after model learning of each product, the sequences in the final observation table are stored in a repository which will be used to initialize the observation table of the remaining products to be learned. The proposed algorithm is evaluated on two open-source SPLs and the total learning cost is measured in terms of the number of rounds, the total number of resets and input symbols. The results show that for complex SPLs, the total learning cost for the $\text{PL}^*$ method is significantly lower than that of the non-adaptive learning method in terms of all three metrics. Furthermore, it is observed that the order in which the products are learned affects the efficiency of the $\text{PL}^*$ method. Based on this observation, we introduced a heuristic to determine an ordering which reduces the total cost of adaptive learning in both case studies.