Amel Mammar

Amel Mammar
Institut National des Télécommunications · Department of Computer Science

Professor

About

116
Publications
20,218
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,087
Citations

Publications

Publications (116)
Conference Paper
Full-text available
European Rail Traffic Management System (ERTMS) is a standard for the train control and signalling system whose application is spreading throughout Europe. The ETCS (European Train Control Sys-AQ1 tem) level 3 is attracting experts because it is still in the design phase. Many works provide formal models to the verification of ERTMS/ETCS using form...
Article
Full-text available
This paper presents an Event-B model of a speed control system, a part of the case study provided in the ABZ2020 conference. The case study describes how the system regulates the current speed of a car according to a set of criteria like the driver’s desired speed, the position of a possible preceding vehicle, but also a given speed limit that the...
Article
Full-text available
This paper introduces an Event-B formal model of the adaptive exterior light system for cars, a case study proposed in the context of the ABZ2020 conference. The system describes the different provided lights and the conditions under which they are switched on/off in order to improve the visibility of the driver without dazzling the oncoming ones....
Chapter
This paper proposes a formal approach for generating proof obligations to verify local invariants in an Algebraic State Transition Diagram (ASTD). ASTD is a graphical specification language that allows for the combination of extended hierarchical state machines using CSP-like process algebra operators. Invariants can be declared at any level in a s...
Chapter
Full-text available
The present paper describes an Event-B model of the Arrival MANager system (called AMAN), the case study provided by the ABZ’23 conference. The goal of this safety critical interactive system is to schedule the arrival times of aircraft at airports. This system includes two parts: an autonomous part which predicts the arrival time of an aircraft fr...
Article
Hybrid systems are one of the most common mathematical models for Cyber-Physical Systems (CPSs). They combine discrete dynamics represented by state machines or finite automata with continuous behaviors represented by differential equations. The measurement of continuous behaviors is performed by sensors. When these sensors have a continuous access...
Article
Many disciplines have adopted component-based principles to avail themselves of the many advantages they bring, especially component reusability. In a short time, the component-based architecture became a renown branch in the IT world and the center of interest of many researchers. Much work has been conducted in this context for the verification o...
Article
Reusability is a central concept of Web services as it allows for the construction of composite Web services at a lower cost/effort. Web services offer diverse functional capabilities (e.g., ticket purchase, hotel booking) and inherent transactional properties. However, due to the lack of an explicit and formal description of these functional and t...
Chapter
Full-text available
One way to build safe critical systems is to formally model the requirements formulated by stakeholders and to ensure their consistency with respect to domain properties. This paper describes a metamodel for a domain modeling language built from OWL and PLIB. The language is part of the SysML/KAOS requirements engineering method which also includes...
Article
Full-text available
This paper presents a specification of the hybrid ERTMS/ETCS level 3 standard in the framework of the case study proposed for ABZ2018. The specification is based on methods and tools, developed in the ANR FORMOSE project, for the modeling and formal verification of critical and complex system requirements. The requirements are specified with SysML/...
Article
Full-text available
This paper presents a formal model of the case study proposed for the ABZ2018 conference, which concerns the Hybrid ERTMS/ETCS Level 3 Standard. This standard allows trains to communicate with a train supervisor to report their integrity and positions, thanks to an onboard train integrity monitoring system. The supervisor assigns trains a movement...
Chapter
This paper introduces an Event-B formal model of the adaptive exterior light system for cars, a case study proposed in the context of the ABZ2020 conference. The system describes the different provided lights and the conditions under which they are switched on/off in order to improve the visibility of the driver without dazzling the oncoming ones....
Chapter
The present paper presents our proposal of an Event-B model of a speed control system, a part of the case study provided in the ABZ2020 conference. The case study describes how the system regulates the current speed of a car according to a set criteria like the speed desired by the driver, the position of a possible preceding vehicle but also a giv...
Chapter
Hybrid systems are one of the most common mathematical models for Cyber-Physical Systems (CPSs). They combine discrete dynamics represented by state machines or finite automata with continuous behaviors represented by differential equations. The measurement of continuous behaviors is performed by sensors. When these sensors have a continuous access...
Conference Paper
Full-text available
In this paper, we show the application of ASTDs to intrusion detection. ASTD is an executable, modular and graphical notation that allows for the composition of hierarchical state machines with process algebra operators to model complex attack phases. Overall, ASTD attack specifications are more concise than industrial tools like Snort, Zeek, and o...
Chapter
This paper describes a case study of the SysML/KAOS method for a road transportation system for the City of Montreal (VdM), the second-largest city in Canada. The transportation system was developed from unstructured requirements represented in textual and schematic documents. Therefore, the VdM wanted to investigate new ways of organising and anal...
Article
Nowadays, network technologies are essential for transferring and storing various information of users, companies, and industries. However, the growth of the information transfer rate expands the attack surface, offering a rich environment to intruders. Intrusion detection systems (IDSs) are widespread systems able to passively or actively control...
Article
This paper presents SGAC (Solution de Gestion Automatisée du Consentement / automated consent management solution), a new healthcare access control model and its support tool, which manages patient wishes regarding access to their electronic health records (EHR). This paper also presents the verification of access control policies for SGAC using tw...
Preprint
Full-text available
This paper is related to the generalised/generic version of the SysML/KAOS domain metamodel and on translation rules between the new domain models and B System specifications.
Article
Cloud computing is a new computing paradigm used for building on demand free and open source software (FOSS) applications. However, due to the lack of an explicit and formal description of the resource perspective in the existing FOSS applications, the correctness of Cloud resources management cannot be verified. The main objective of this paper is...
Article
In this paper, we study the information system verification problem as a parameterized verification one. Informations systems are modeled as multi-parameterized systems in a formal language based on the Algebraic State-Transition Diagrams (ASTD) notation. Then, we use the Well Structured Transition Systems (WSTS) theory to solve the coverability pr...
Article
Full-text available
In this paper, we use a combination of the SysML/KAOS requirements engineering method, an extension of SysML, with concepts of the KAOS goal model, and of the B System formal method. Translation rules from a goal model to a B System specification have been defined. They allow to obtain a skeleton of the formal specification. To complete it, we have...
Article
Full-text available
Nowadays, the usefulness of a formal language for ensuring the consistency of requirements is well established. The work presented here is part of the definition of a formally-grounded, model-based requirements engineering method for critical and complex systems. Requirements are captured through the SysML/KAOS method and the targeted formal specif...
Article
Full-text available
A means of building safe critical systems consists of formally modeling the requirements formulated by stakeholders and ensuring their consistency with respect to application domain properties. This paper proposes a metamodel for an ontology modeling formalism based on OWL and PLIB. This modeling formalism is part of a method for modeling the domai...
Article
Context: Nowadays, Information Systems (IS) are at the heart of most companies and constitute then a critical element that needs an adequate attention regarding security issues of sensitive data it manages. Objective: This paper presents a formal approach for the development of a filter to secure access to sensitive resources of information systems...
Article
Cloud environments are being increasingly used for the deployment and execution of complex applications and particularly component-based ones. They are expected to provide elasticity, among other characteristics, in order to allow a deployed application to rapidly change the amount of its allocated resources in order to meet the variation in demand...
Conference Paper
Full-text available
Configurable process models are recently gaining momentum as a basis for process design by reuse. Such models are designed in a generic manner to group common and variable parts of similar processes. Since these processes are usually large and complex, their configuration becomes manifestly a difficult task. This is why, an increasing attention is...
Conference Paper
Full-text available
When using formal methods, one of the main difficulties is to elaborate the initial formal specification from informal descriptions obtained during the requirements analysis phase. For that purpose, we propose a goal-based approach in which the building of an initial formal model (in Event-B) is driven by a goal-oriented requirements engineering mo...
Article
In the field of business process management, adopting efficient building strategies can improve the quality of companies’ business processes. The reuse of existing business processes or even fragments of them is a practical approach to build complete business processes or coarser-grained process fragments. In the present paper, we deal with the mer...
Article
Cloud environments are being increasingly used for deploying and executing business processes to provide a high level of performance with low operating cost. Nevertheless, due to the lack of an explicit and formal description of the resource perspective in the existing business processes, the correctness of Cloud resources management can not be ver...
Article
We validate the RBAC ANSI 2012 standard using the B method. Numerous problems are identified: logical errors, inconsistencies, ambiguities, typing errors, missing preconditions, invariant violation, inappropriate specification notation. A clean version of the standard written in the B notation is proposed. We argue that the ad hoc mathematical nota...
Article
Full-text available
This article describes the Event-B modeling of a landing gear system of an aircraft whose complete description can be found in Boniol and Wiels (The Landing Gear System Case Study, ABZ Case Study, Communications in Computer Information Science, vol 433, Springer, Berlin, 2014). This real-life case study has been proposed by the ABZ’2014 track that...
Article
This paper proposes a formal approach for generating necessary and sufficient proof obligations to demonstrate a set of dynamic properties using the B method. In particular, we consider reachability, non-interference and absence properties. Also, we show that these properties permit a wide range of property patterns introduced by Dwyer to be expres...
Conference Paper
Full-text available
In the present work, we propose an approach to merge business process fragments in order to facilitate the reuse of fragments in business process designs. The approach relies on the so-called adjacency matrices. Typically used to handle graphs, this concept represents a new way to systematically merge fragments through their corresponding matrices....
Article
Full-text available
Recent researches have proposed to retrieve relevant fragments out from whole business processes to build new ones. Although they avoid building business processes from scratch, this task has been performed independently for each process, thus, making resulting fragments handling complicated. In this paper, we propose to merge some given business p...
Conference Paper
This paper presents a tool for verifying dynamic properties using the B formal method. For example, in a library system, typical dynamic properties would be that a member has a possibility to borrow a book or make a reservation if it is already reserved by another member. Starting from a B specification and a dynamic property, this tool generates t...
Conference Paper
Full-text available
Recent researches have proposed to retrieve rel-evant fragments out from whole business processes to build new ones. Although they avoid building business processes from scratch, this task has been performed independently for each process, thus, making resulting fragments handling complicated. In this paper, we propose to merge some given business...
Article
This chapter presents the proof process used by Thales and Autonomous Operator of Parisian Transports (RATP) to demonstrate the safety of the signaling systems used for the RATP network in Paris. It introduces the rail application concerned by the author's proof activities, the Thales system used for the metro. The chapter then presents the models...
Conference Paper
We validate the RBAC ANSI 2012 standard using the B method. Numerous problems are identified: logical errors, inconsistencies, ambiguities, typing errors, missing preconditions, invariant violation, inappropriate specification notation. A clean version of the standard written in the B notation is proposed. We argue that the ad hoc mathematical nota...
Conference Paper
This paper presents an approach to proving a temporal property pattern of the form Prec(P_1, P_2) that expresses that if a state, presented by predicate P_2, is reached then there should exist a state, in the past, that verifies P_1. Such a property pattern is very useful in the specification of various systems such as Information Systems (IS) and...
Conference Paper
Full-text available
Two major concerns are emerging, while dealing with building new process functionalities: shortening the development periods and eliminating the risks related to sensitive information leakages and privacy breaches. Indeed, managing business processes in a modern fashion may increase their quality. An effective solution consists in reusing specific...
Article
Full-text available
The C language is widely used for developing tools in various application areas, and a number of C software tools are used for critical systems, such as medicine, transport, etc. Correspondingly, the security of such programs should be thoroughly tested, i.e., it is important to develop techniques for detecting vulnerabilities in C programs. In thi...
Conference Paper
Temporal properties are very common in various classes of systems, including information systems and security policies. This paper investigates two verification methods, proof and model checking, for one of the most frequent patterns of temporal property, the absence pattern. We explore two model-based specification techniques, B and Alloy, because...
Conference Paper
Dynamic properties are very useful in the specification of Information Systems (IS) and security policies. They allow the user to express properties that involve several states of a system. Indeed, invariance properties do not permit to cover such kind of properties. In this paper, we suggest a formal approach, based on the use of the B method, to...
Article
ContextPassive testing is a technique in which traces collected from the execution of a system under test are examined for evidence of flaws in the system.Objective In this paper we present a method for detecting the presence of security vulnerabilities by detecting evidence of their causes in execution traces. This is a new approach to security vu...
Article
Full-text available
This paper presents a formal approach to detect vulnerabilities in a C program using the B formal method. Vulnerabilities denote faults that may be introduced uninten-tionally into programs making them behave incorrectly. Such faults (or programing errors) may lead to unpredictable be-havior and even worse well-motivated attackers may exploit them...
Article
ContextFormal methods are very useful in the software industry and are becoming of paramount importance in practical engineering techniques. They involve the design and modeling of various system aspects expressed usually through different paradigms. These different formalisms make the verification of global developed systems more difficult.Objecti...
Book
Démonstration de la sécurité d'une application ferroviaire de signalisation en mode nominal et en modes dégradés par la preuve formelle
Conference Paper
Full-text available
This paper proposes an approach to prove interference freedom for a reach ability property of the form AG (ψ =>; EF Φ) in a B specification. Such properties frequently occur in security policies and information systems. Reach ability is proved by constructing using stepwise algorithmic refinement an abstract program that refines AG (ψ =>; EF Φ). We...
Article
Full-text available
This paper proposes an approach to prove reachability properties of the form AG ψ ⇒ EF φ using substitution refinement in classical B. Such properties denote that there exists an execution path for each state satisfying ψ to a state satisfying φ. These properties frequently occur in security policies and information systems. We show how to use Morg...
Conference Paper
Full-text available
This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called "Vulnerability Detection Conditions" (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis...
Conference Paper
Traditionally, a security policy is defined from an informal set of requirements, generally written using natural language. It is then difficult to appreciate the compatibility degree of the manually generated security policy with the informal requirements definition. The idea of this paper is to automate the process of deriving the formal security...
Conference Paper
Full-text available
This paper presents a formal approach to proving temporal reachability properties, expressed in CTL, on B systems. We are particularly interested in demonstrating that a system can reach a given state by executing a sequence of actions (or operation calls) called a path. Starting with a path, the proposed approach consists in calculating the proof...
Conference Paper
This paper gives an overview of a formal approach for detecting vulnerabilities in C programs using the B formal method. Vulnerabilities denote faults that may be introduced unintentionally into programs making them behave incorrectly. Such faults (or programing errors) may lead to unpredictable behavior and even worse well-motivated attackers may...
Article
Full-text available
Software is a common component of the devices or systems that form part of our actual life. These systems are usually complex and are developed by different programmers. Usually programmers make mistakes in the code which could generate software vulnerabilities. A software vulnerability is a flaw or defect in the software construction that can be e...
Chapter
Overview of the method Specification of case 1 Specification of case 2 Validation The natural-language description of the specifications Conclusion
Conference Paper
Full-text available
Formal methods are very useful in software industry and are becoming of paramount importance in practical engineering techniques. They involve the design and the modeling of various system aspects expressed usually through different paradigms. In this paper, we propose to combine two modeling formalisms in order to express both functional and secur...
Chapter
Full-text available
In modern networks, the heterogeneity and the increasing distribution of applications, such as telecommunication protocols,Web-based systems and real-time systems, make security management complex. These applications are more and more open and rely on networking parts of computer systems that generally make use of different solutions. In the contex...
Article
Full-text available
Dans cet article, nous proposons une approche formelle de modélisation conjointe des aspects fonc- tionnels et sécuritaires d'un système. Cette approche consiste à enrichir la spécification fonctionnelle d'un système, exprimée à l'aide d'une TEFSM (Timed Extended Finite State Machine), par des règles de sécurité temporelles modélisées en Nomad. Noma...
Article
Maintaining integrity constraints in information systems is a real issue. In our previous work, we have defined a formal approach that derives B formal specifications from a UML description of the system. Basically, the generated B specification is composed of a set of variables modeling data and a set of operations representing transactions. The i...
Article
Full-text available
L'utilisation de modélisations formelles est devenue une partie intégrante du processus de développement de logiciels sûrs. En effet, une bonne modélisation du système à développer permet d'améliorer la qualité des logiciels en détectant, par exemple, certaines vulnérabilités avant même leurs déploiements. Dans cette optique, ce papier propose une...
Chapter
UB2SQL is a tool for designing and developing database applications using UML and B formal method. The approach supported by UB2SQL consists of two successive phases. In the first phase, with the design of applications using class, state and collaboration diagrams, B specifications are automatically generated from UML diagrams; the diagrams are the...
Conference Paper
Full-text available
Security and reliability are of paramount importance in designing and building real-time systems because any secu- rity failure can put the public and the environment at risk. In this paper, we propose a framework to take timed secu- rity requirements into account from the design stage of the system building. Our approach consists of two main steps...
Article
Full-text available
UB2SQL is a tool for designing and developing database applications using UML and B formal method. The approach supported by UB2SQL consists of two successive phases. In the first phase, with the design of applications using class, state and collaboration diagrams, B specifications are automatically generated from UML diagrams; the diagrams are the...
Conference Paper
Full-text available
This paper describes the formal verification of an interlocking system. We have formally proved the non-derailing and non-collision safety properties for an existing interlocking system operating on Paris Metro's line 3Bis. These high-level properties have first been refined to an intermediate level permitting their expression in terms of the contr...
Article
This article describes a complete and tool-supported approach for the development of safe database applications. The starting point of our approach is a B specification obtained from UML diagrams for which a formal semantics, dedicated to information systems, is assigned. This specification is then refined by formal and proved rules to make the fin...
Book
Full-text available
UB2SQL is a tool for designing and developing database applications using UML and B formal method. The approach supported by UB2SQL consists of two successive phases. In the first phase, with the design of applications using class, state and collaboration diagrams, B specifications are automatically generated from UML diagrams; the diagrams are the...
Chapter
UB2SQL is a tool for designing and developing database applications using UML and B formal method. The approach supported by UB2SQL consists of two successive phases. In the first phase, with the design of applications using class, state and collaboration diagrams, B specifications are automatically generated from UML diagrams; the diagrams are the...
Chapter
UB2SQL is a tool for designing and developing database applications using UML and B formal method. The approach supported by UB2SQL consists of two successive phases. In the first phase, with the design of applications using class, state and collaboration diagrams, B specifications are automatically generated from UML diagrams; the diagrams are the...
Article
This article describes a formal approach to specify and develop database applications. This approach consists of two complementary phases. In the first phase, B specifications are automatically generated from UML class, state and collaboration diagrams describing the data and the transactions of the system we are developing. In the second phase, th...
Article
Full-text available
UB2SQL is a tool for designing and developing database applications using UML and B formal method. The approach supported by UB2SQL consists of two successive phases. In the first phase, with the design of applications using class, state and collaboration diagrams, B specifications are automatically generated from UML diagrams; the diagrams are the...