Amel Mammar - Academia.edu (original) (raw)
Papers by Amel Mammar
Моделирование и анализ информационных систем, Dec 20, 2011
This paper describes a case study of the SysML/KAOS method for a road transportation system for t... more This paper describes a case study of the SysML/KAOS method for a road transportation system for the City of Montreal (VdM), the second-largest city in Canada. The transportation system was developed from unstructured requirements represented in textual and schematic documents. Therefore, the VdM wanted to investigate new ways of organising and analysing the requirements of traffic projects, in order to increase the level of confidence in their safety, usability and reusability. This paper describes the formal specification, verification and validation of system requirements and provides an appraisal of the SysML/KAOS requirements engineering method on an industrial-scale case study. SysML/KAOS is designed within the ANR FORMOSE project to bridge the gap between stakeholder needs and the formal specification of system functionalities and domain constraints. The method has proven useful to deal with the seven refinement levels, twelve components (human, hardware, software and cyber-ph...
Je tiens à exprimer ma profonde gratitude et reconnaissance à toutes les personnes qui ont permis... more Je tiens à exprimer ma profonde gratitude et reconnaissance à toutes les personnes qui ont permis la réalisation et l'aboutissement de cette thèse. Mes premiers remerciements sont adressés à mes directeurs de thèse Mme. Amel Mammar (Télécom Sud Paris) et M.Marc Frappier (Université de Sherbrooke) qui m'ont encadrée et soutenue pendant toutes ces années. Je remercie également M.Jérémie Christian Attiogbe et M.Vincent Poirriez, rapporteurs de cette thèse, pour la minutieuse relecture du manuscrit, les corrections et commentaires. Mes remerciements vont ensuite à Mme. Régine Laleau, M.Richard St-Denis et M.Samir Tata pour avoir accepté de participer au jury de thèse.
2016 IEEE International Conference on Web Services (ICWS), 2016
A configurable process model captures a family of similar processes. Such models can be configure... more A configurable process model captures a family of similar processes. Such models can be configured to obtain a process variant according to specific requirements. With this aim, several approaches have been proposed for the configuration of process models. Nevertheless, an increasing attention is being paid to achieve this in a sound manner due to the complex inter-dependencies between the configuration decisions. In this work, we aim to guide the process analyst to easily configure process models while preserving soundness. To do so, we propose a formal approach for ensuring correctness of business process configurations while considering structural constraints they have to obey. Specifically, using the Event-B language, we formally define a configurable process model, its correctness-preserving conditions and its configuration constraints.
2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), 2017
This paper investigates the verification of access control policies for SGAC, a new healthcare ac... more This paper investigates the verification of access control policies for SGAC, a new healthcare access-control model, using Alloy and ProB, two firstorder logic model checkers based on distinct technologies. SGAC supports permission and prohibition, rule inheritance among subjects and resources and conflicts resolution. In order to protect patient privacy while ensuring effective caregiving in safety-critical situations, we check different properties such as accessibility, ineffective rule detection. Our performance results show that ProB performs two orders of magnitude better than Alloy. Results are promising enough to consider ProB for verifying patient policies in SGAC.
Proceedings of the 14th International Conference on Software Technologies, 2019
This paper is about the formal specification of requirements of a rail communication protocol cal... more This paper is about the formal specification of requirements of a rail communication protocol called Saturn, proposed by ClearSy systems engineering, a French company specialised in safety critical systems. The protocol was developed and implemented within a rail product, widely used, without modeling, verifying and even documenting its requirements. This paper outlines the formal specification, verification and validation of Saturn's requirements in order to guarantee its correct behavior and to allow the definition of slightly different product lines. The specification is performed according to SysML/KAOS, a formal requirements engineering method developed in the ANR FORMOSE project for critical and complex systems. System requirements, captured with a goal modeling language, give rise to the behavioral part of a B System specification. In addition, an ontology modeling language allows the specification of domain entities and properties. The domain models thus obtained are used to derive the structural part of the B System specification obtained from system requirements. The B System model, once completed with the body of events, can then be verified and validated using the whole range of tools that support the B method. Five refinement levels of the rail communication protocol were constructed. The method has proven useful. However, several missing features were identified. This paper also provides a formally defined extension of the modeling languages to fill the shortcomings.
In this paper, we use a combination of the SysML/KAOS requirements engineering method, an extensi... more In this paper, we use a combination of the SysML/KAOS requirements engineering method, an extension of SysML, with concepts of the KAOS goal model, and of the B System formal method. Translation rules from a SysML/KAOS goal model to a B System specification have been defined. They allow to obtain a skeleton of the B System specification. To complete it, we have defined a language to express the domain model associated to the goal model. The translation of this domain model gives the structural part of the B System specification. The contribution of this paper is the description of translation rules from SysML/KAOS domain models to B System specifications. We also present the formal verification of these rules and we describe an open source tool that implements the languages and the rules. Finally, we provide a review of the application of the SysML/KAOS method on case studies such as for the formal specification of the hybrid ERTMS/ETCS level 3 standard.
IEEE Transactions on Services Computing, 2021
2017 IEEE 25th International Requirements Engineering Conference Workshops (REW), 2017
Modeling the domain of a system to be implemented is a very critical and often neglected activity... more Modeling the domain of a system to be implemented is a very critical and often neglected activity during requirements engineering. In this paper, we set the scene for an approach to complement the SysML/KAOS goal model of a system by adding an ontological representation of its domain knowledge. We think that an Event-B formalization of that domain representation can be used to enrich the formal specifications obtained from the goal model. This paper describes the metamodel that we propose for the representation of domain knowledge and illustrates the proposal through a Landing Gear System case study.
Rigorous State-Based Methods, 2020
The present paper presents our proposal of an Event-B model of a speed control system, a part of ... more The present paper presents our proposal of an Event-B model of a speed control system, a part of the case study provided in the ABZ2020 conference. The case study describes how the system regulates the current speed of a car according to a set criteria like the speed desired by the driver, the position of a possible preceding vehicle but also a given speed limit that the driver must not exceed. For that purpose, this controller reads different information form the available sensors (key state, desired speed, etc.) and takes the adequate actions by acting on the actuators of the car's speed according to the read information. To formally model this system, we adopt a stepwise refinement approach with the Event-B method. We consider most features of the case study, all proof obligations have been discharged using the Rodin provers. Our model has been validated using ProB by applying the different provided scenarios. This validation has permitted us to point out and correct some mistakes, ambiguities and oversights contained in the first versions of the case study.
Rigorous State-Based Methods, 2020
This paper introduces an Event-B formal model of the adaptive exterior light system for cars, a c... more This paper introduces an Event-B formal model of the adaptive exterior light system for cars, a case study proposed in the context of the ABZ2020 conference. The system describes the different provided lights and the conditions under which they are switched on/off in order to improve the visibility of the driver without dazzling the oncoming ones. The system can be viewed as a lights controller that reads different information form the available sensors (key state, exterior luminosity, etc.) and takes the adequate actions by acting on the actuators of the lights in order to ensure a good visibility for the driver according to the information read. Our model is built using stepwise refinement with the Event-B method. We consider all the features of the case study, all proof obligations have been discharged using the Rodin provers. Our model has been validated using ProB by applying the different provided scenarios. This validation has permitted us to point out and correct some mistak...
A business process fragment is a portion of a business process, more commonly designed for reuse ... more A business process fragment is a portion of a business process, more commonly designed for reuse purposes. Fragments are intended to be declared as safe from a privacy perspective, when manipulated in an open context. Privacy is related to the authority to have a view on some sensitive information. A business process privacy-preserving fragmentation is the task of decomposing business processes into significant fragments, which can be reused in the future in order to build new business processes while preserving the sensitive information from leakage. This paper presents a design-time two-phases approach to decomposing existing business processes into significant fragments while preserving the integrity of data items that navigate within the process. The first phase is based on the so-called Formal Concept Analysis (FCA) technique handling semantic activity clustering according to designers requirements, while dealing with the privacy constraints. The second phase manipulates cluste...
2018 23rd International Conference on Engineering of Complex Computer Systems (ICECCS), 2018
Algebraic State-Transition Diagrams (ASTDs) are extensions of common automata and statecharts tha... more Algebraic State-Transition Diagrams (ASTDs) are extensions of common automata and statecharts that can be combined with process algebra operators like sequence, choice, guard and quantified synchronization. They were previously introduced for the graphical representation, specification and proof of information systems. In an attempt to use ASTDs to specify cyber-attack detection, we have identified a number of missing features in ASTDs. This paper extends the ASTD notation with state variables (attributes), actions on transitions, and a new operator called flow which corresponds to AND states in statecharts and is a compromise between interleaving and synchronization in process algebras. We provide a formal structured operational semantics of these extensions and illustrate its implementation in an OCaml-based interpreter called iASTD and the model checker ProB. Extended ASTDs are illustrated in a case study in cyber attack detection.
Rigorous State-Based Methods, 2020
Hybrid systems are one of the most common mathematical models for Cyber-Physical Systems (CPSs). ... more Hybrid systems are one of the most common mathematical models for Cyber-Physical Systems (CPSs). They combine discrete dynamics represented by state machines or finite automata with continuous behaviors represented by differential equations. The measurement of continuous behaviors is performed by sensors. When these sensors have a continuous access to these measurements, we call such model an Event-Triggered model. The properties of this model are easier to prove, while its implementation is difficult in practice. Therefore, it is preferable to introduce a more realistic model, called Time-Triggered model, where the sensors take periodic measurements. Contrary to Event-Triggered models, Time-Triggered models are much easier to implement, but much more difficult to verify. Based on the differential refinement logic (dR\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage...
A means of building safe critical systems consists of formally modeling the requirements formulat... more A means of building safe critical systems consists of formally modeling the requirements formulated by stakeholders and ensuring their consistency with respect to application domain properties. This paper proposes a metamodel for an ontology modeling formalism based on OWL and PLIB. This modeling formalism is part of a method for modeling the domain of systems whose requirements are captured through SysML/KAOS. The formal semantics of SysML/KAOS goals are represented using Event-B specifications. Goals provide the set of events, while domain models will provide the structure of the system state of the Event-B specification. Our proposal is illustrated through a case study dealing with a Cycab localization component specification. The case study deals with the specification of a localization software component that uses GPS,Wi-Fi and sensor technologies for the realtime localization of the Cycab vehicle, an autonomous ground transportation system designed to be robust and completely ...
This paper presents a specification of the hybrid ERTMS/ETCS level 3 implementation in the framew... more This paper presents a specification of the hybrid ERTMS/ETCS level 3 implementation in the framework of the case study proposed for the 6th edition of the ABZ conference. The specification is based on the methodology and tools, raised from the ANR FORMOSE project, for the modeling and formal validation of critical and complex system requirements. The requirements are captured as SysML/KAOS goal diagrams and are automatically translated into B System specifications, in order to obtain the backbone of the formal specification. Domain properties are captured as ontologies through the SysML/ KAOS domain modeling language, based on OWL and PLIB. From these ontologies is automatically extracted the structural part of the system formal specification that completes the result of the translation of goal diagrams. The system construction is thus incremental, based on refinement mechanisms existing within the involved methods and leads to a formally correct system, while eliminating any unnece...
ArXiv, 2018
This paper is related to the generalised/generic version of the SysML/KAOS domain metamodel and o... more This paper is related to the generalised/generic version of the SysML/KAOS domain metamodel and on translation and back propagation rules between the new domain models and B System specifications.
ArXiv, 2017
Nowadays, the usefulness of a formal language for ensuring the consistency of requirements is wel... more Nowadays, the usefulness of a formal language for ensuring the consistency of requirements is well established. The work presented here is part of the definition of a formally-grounded, model-based requirements engineering method for critical and complex systems. Requirements are captured through the SysML/KAOS method and the targeted formal specification is written using the Event-B method. Firstly, an Event-B skeleton is produced from the goal hierarchy provided by the SysML/KAOS goal model. This skeleton is then completed in a second step by the Event-B specification obtained from system application domain properties that gives rise to the system structure. Considering that the domain is represented using ontologies through the SysML/KAOS Domain Model method, is it possible to automatically produce the structural part of system Event-B models ? This paper proposes a set of generic rules that translate SysML/KAOS domain ontologies into an Event-B specification. The rules have been...
Lecture Notes in Computer Science, 2018
In this paper, we use a combination of the SysML/KAOS requirements engineering method, an extensi... more In this paper, we use a combination of the SysML/KAOS requirements engineering method, an extension of SysML, with concepts of the KAOS goal model, and of the B System formal method. Translation rules from a SysML/KAOS goal model to a B System specification have been defined. They allow to obtain a skeleton of the B System specification. To complete it, we have defined a language to express the domain model associated to the goal model. The translation of this domain model gives the structural part of the B System specification. The contribution of this paper is the description of translation rules from SysML/KAOS domain models to B System specifications. We also present the formal verification of these rules and we describe an open source tool that implements the languages and the rules. Finally, we provide a review of the application of the SysML/KAOS method on case studies such as for the formal specification of the hybrid ERTMS/ETCS level 3 standard.
Lecture Notes in Computer Science, 2018
The use of formal methods for verification and validation of critical and complex systems is impo... more The use of formal methods for verification and validation of critical and complex systems is important, but can be extremely tedious without modularisation mechanisms. SysML/KAOS is a requirements engineering method. It includes a goal modeling language to model requirements from stakeholder’s needs. It also contains a domain modeling language for the representation of system application domain using ontologies. Translation rules have been defined to automatically map SysML/KAOS models into B System specifications. Moreover, since the systems we are interested in naturally break down into subsystems (enabling the distribution of work between several agents: hardware, software and human), SysML/KAOS goal models allow the capture of assignments of requirements to agents responsible of their achievement. Each agent is associated with a subsystem. The contribution of this paper is an approach to ensure that a requirement assigned to a subsystem is well achieved by the subsystem. A particular emphasis is placed on ensuring that system invariants persist in subsystems specifications.
Моделирование и анализ информационных систем, Dec 20, 2011
This paper describes a case study of the SysML/KAOS method for a road transportation system for t... more This paper describes a case study of the SysML/KAOS method for a road transportation system for the City of Montreal (VdM), the second-largest city in Canada. The transportation system was developed from unstructured requirements represented in textual and schematic documents. Therefore, the VdM wanted to investigate new ways of organising and analysing the requirements of traffic projects, in order to increase the level of confidence in their safety, usability and reusability. This paper describes the formal specification, verification and validation of system requirements and provides an appraisal of the SysML/KAOS requirements engineering method on an industrial-scale case study. SysML/KAOS is designed within the ANR FORMOSE project to bridge the gap between stakeholder needs and the formal specification of system functionalities and domain constraints. The method has proven useful to deal with the seven refinement levels, twelve components (human, hardware, software and cyber-ph...
Je tiens à exprimer ma profonde gratitude et reconnaissance à toutes les personnes qui ont permis... more Je tiens à exprimer ma profonde gratitude et reconnaissance à toutes les personnes qui ont permis la réalisation et l'aboutissement de cette thèse. Mes premiers remerciements sont adressés à mes directeurs de thèse Mme. Amel Mammar (Télécom Sud Paris) et M.Marc Frappier (Université de Sherbrooke) qui m'ont encadrée et soutenue pendant toutes ces années. Je remercie également M.Jérémie Christian Attiogbe et M.Vincent Poirriez, rapporteurs de cette thèse, pour la minutieuse relecture du manuscrit, les corrections et commentaires. Mes remerciements vont ensuite à Mme. Régine Laleau, M.Richard St-Denis et M.Samir Tata pour avoir accepté de participer au jury de thèse.
2016 IEEE International Conference on Web Services (ICWS), 2016
A configurable process model captures a family of similar processes. Such models can be configure... more A configurable process model captures a family of similar processes. Such models can be configured to obtain a process variant according to specific requirements. With this aim, several approaches have been proposed for the configuration of process models. Nevertheless, an increasing attention is being paid to achieve this in a sound manner due to the complex inter-dependencies between the configuration decisions. In this work, we aim to guide the process analyst to easily configure process models while preserving soundness. To do so, we propose a formal approach for ensuring correctness of business process configurations while considering structural constraints they have to obey. Specifically, using the Event-B language, we formally define a configurable process model, its correctness-preserving conditions and its configuration constraints.
2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), 2017
This paper investigates the verification of access control policies for SGAC, a new healthcare ac... more This paper investigates the verification of access control policies for SGAC, a new healthcare access-control model, using Alloy and ProB, two firstorder logic model checkers based on distinct technologies. SGAC supports permission and prohibition, rule inheritance among subjects and resources and conflicts resolution. In order to protect patient privacy while ensuring effective caregiving in safety-critical situations, we check different properties such as accessibility, ineffective rule detection. Our performance results show that ProB performs two orders of magnitude better than Alloy. Results are promising enough to consider ProB for verifying patient policies in SGAC.
Proceedings of the 14th International Conference on Software Technologies, 2019
This paper is about the formal specification of requirements of a rail communication protocol cal... more This paper is about the formal specification of requirements of a rail communication protocol called Saturn, proposed by ClearSy systems engineering, a French company specialised in safety critical systems. The protocol was developed and implemented within a rail product, widely used, without modeling, verifying and even documenting its requirements. This paper outlines the formal specification, verification and validation of Saturn's requirements in order to guarantee its correct behavior and to allow the definition of slightly different product lines. The specification is performed according to SysML/KAOS, a formal requirements engineering method developed in the ANR FORMOSE project for critical and complex systems. System requirements, captured with a goal modeling language, give rise to the behavioral part of a B System specification. In addition, an ontology modeling language allows the specification of domain entities and properties. The domain models thus obtained are used to derive the structural part of the B System specification obtained from system requirements. The B System model, once completed with the body of events, can then be verified and validated using the whole range of tools that support the B method. Five refinement levels of the rail communication protocol were constructed. The method has proven useful. However, several missing features were identified. This paper also provides a formally defined extension of the modeling languages to fill the shortcomings.
In this paper, we use a combination of the SysML/KAOS requirements engineering method, an extensi... more In this paper, we use a combination of the SysML/KAOS requirements engineering method, an extension of SysML, with concepts of the KAOS goal model, and of the B System formal method. Translation rules from a SysML/KAOS goal model to a B System specification have been defined. They allow to obtain a skeleton of the B System specification. To complete it, we have defined a language to express the domain model associated to the goal model. The translation of this domain model gives the structural part of the B System specification. The contribution of this paper is the description of translation rules from SysML/KAOS domain models to B System specifications. We also present the formal verification of these rules and we describe an open source tool that implements the languages and the rules. Finally, we provide a review of the application of the SysML/KAOS method on case studies such as for the formal specification of the hybrid ERTMS/ETCS level 3 standard.
IEEE Transactions on Services Computing, 2021
2017 IEEE 25th International Requirements Engineering Conference Workshops (REW), 2017
Modeling the domain of a system to be implemented is a very critical and often neglected activity... more Modeling the domain of a system to be implemented is a very critical and often neglected activity during requirements engineering. In this paper, we set the scene for an approach to complement the SysML/KAOS goal model of a system by adding an ontological representation of its domain knowledge. We think that an Event-B formalization of that domain representation can be used to enrich the formal specifications obtained from the goal model. This paper describes the metamodel that we propose for the representation of domain knowledge and illustrates the proposal through a Landing Gear System case study.
Rigorous State-Based Methods, 2020
The present paper presents our proposal of an Event-B model of a speed control system, a part of ... more The present paper presents our proposal of an Event-B model of a speed control system, a part of the case study provided in the ABZ2020 conference. The case study describes how the system regulates the current speed of a car according to a set criteria like the speed desired by the driver, the position of a possible preceding vehicle but also a given speed limit that the driver must not exceed. For that purpose, this controller reads different information form the available sensors (key state, desired speed, etc.) and takes the adequate actions by acting on the actuators of the car's speed according to the read information. To formally model this system, we adopt a stepwise refinement approach with the Event-B method. We consider most features of the case study, all proof obligations have been discharged using the Rodin provers. Our model has been validated using ProB by applying the different provided scenarios. This validation has permitted us to point out and correct some mistakes, ambiguities and oversights contained in the first versions of the case study.
Rigorous State-Based Methods, 2020
This paper introduces an Event-B formal model of the adaptive exterior light system for cars, a c... more This paper introduces an Event-B formal model of the adaptive exterior light system for cars, a case study proposed in the context of the ABZ2020 conference. The system describes the different provided lights and the conditions under which they are switched on/off in order to improve the visibility of the driver without dazzling the oncoming ones. The system can be viewed as a lights controller that reads different information form the available sensors (key state, exterior luminosity, etc.) and takes the adequate actions by acting on the actuators of the lights in order to ensure a good visibility for the driver according to the information read. Our model is built using stepwise refinement with the Event-B method. We consider all the features of the case study, all proof obligations have been discharged using the Rodin provers. Our model has been validated using ProB by applying the different provided scenarios. This validation has permitted us to point out and correct some mistak...
A business process fragment is a portion of a business process, more commonly designed for reuse ... more A business process fragment is a portion of a business process, more commonly designed for reuse purposes. Fragments are intended to be declared as safe from a privacy perspective, when manipulated in an open context. Privacy is related to the authority to have a view on some sensitive information. A business process privacy-preserving fragmentation is the task of decomposing business processes into significant fragments, which can be reused in the future in order to build new business processes while preserving the sensitive information from leakage. This paper presents a design-time two-phases approach to decomposing existing business processes into significant fragments while preserving the integrity of data items that navigate within the process. The first phase is based on the so-called Formal Concept Analysis (FCA) technique handling semantic activity clustering according to designers requirements, while dealing with the privacy constraints. The second phase manipulates cluste...
2018 23rd International Conference on Engineering of Complex Computer Systems (ICECCS), 2018
Algebraic State-Transition Diagrams (ASTDs) are extensions of common automata and statecharts tha... more Algebraic State-Transition Diagrams (ASTDs) are extensions of common automata and statecharts that can be combined with process algebra operators like sequence, choice, guard and quantified synchronization. They were previously introduced for the graphical representation, specification and proof of information systems. In an attempt to use ASTDs to specify cyber-attack detection, we have identified a number of missing features in ASTDs. This paper extends the ASTD notation with state variables (attributes), actions on transitions, and a new operator called flow which corresponds to AND states in statecharts and is a compromise between interleaving and synchronization in process algebras. We provide a formal structured operational semantics of these extensions and illustrate its implementation in an OCaml-based interpreter called iASTD and the model checker ProB. Extended ASTDs are illustrated in a case study in cyber attack detection.
Rigorous State-Based Methods, 2020
Hybrid systems are one of the most common mathematical models for Cyber-Physical Systems (CPSs). ... more Hybrid systems are one of the most common mathematical models for Cyber-Physical Systems (CPSs). They combine discrete dynamics represented by state machines or finite automata with continuous behaviors represented by differential equations. The measurement of continuous behaviors is performed by sensors. When these sensors have a continuous access to these measurements, we call such model an Event-Triggered model. The properties of this model are easier to prove, while its implementation is difficult in practice. Therefore, it is preferable to introduce a more realistic model, called Time-Triggered model, where the sensors take periodic measurements. Contrary to Event-Triggered models, Time-Triggered models are much easier to implement, but much more difficult to verify. Based on the differential refinement logic (dR\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage...
A means of building safe critical systems consists of formally modeling the requirements formulat... more A means of building safe critical systems consists of formally modeling the requirements formulated by stakeholders and ensuring their consistency with respect to application domain properties. This paper proposes a metamodel for an ontology modeling formalism based on OWL and PLIB. This modeling formalism is part of a method for modeling the domain of systems whose requirements are captured through SysML/KAOS. The formal semantics of SysML/KAOS goals are represented using Event-B specifications. Goals provide the set of events, while domain models will provide the structure of the system state of the Event-B specification. Our proposal is illustrated through a case study dealing with a Cycab localization component specification. The case study deals with the specification of a localization software component that uses GPS,Wi-Fi and sensor technologies for the realtime localization of the Cycab vehicle, an autonomous ground transportation system designed to be robust and completely ...
This paper presents a specification of the hybrid ERTMS/ETCS level 3 implementation in the framew... more This paper presents a specification of the hybrid ERTMS/ETCS level 3 implementation in the framework of the case study proposed for the 6th edition of the ABZ conference. The specification is based on the methodology and tools, raised from the ANR FORMOSE project, for the modeling and formal validation of critical and complex system requirements. The requirements are captured as SysML/KAOS goal diagrams and are automatically translated into B System specifications, in order to obtain the backbone of the formal specification. Domain properties are captured as ontologies through the SysML/ KAOS domain modeling language, based on OWL and PLIB. From these ontologies is automatically extracted the structural part of the system formal specification that completes the result of the translation of goal diagrams. The system construction is thus incremental, based on refinement mechanisms existing within the involved methods and leads to a formally correct system, while eliminating any unnece...
ArXiv, 2018
This paper is related to the generalised/generic version of the SysML/KAOS domain metamodel and o... more This paper is related to the generalised/generic version of the SysML/KAOS domain metamodel and on translation and back propagation rules between the new domain models and B System specifications.
ArXiv, 2017
Nowadays, the usefulness of a formal language for ensuring the consistency of requirements is wel... more Nowadays, the usefulness of a formal language for ensuring the consistency of requirements is well established. The work presented here is part of the definition of a formally-grounded, model-based requirements engineering method for critical and complex systems. Requirements are captured through the SysML/KAOS method and the targeted formal specification is written using the Event-B method. Firstly, an Event-B skeleton is produced from the goal hierarchy provided by the SysML/KAOS goal model. This skeleton is then completed in a second step by the Event-B specification obtained from system application domain properties that gives rise to the system structure. Considering that the domain is represented using ontologies through the SysML/KAOS Domain Model method, is it possible to automatically produce the structural part of system Event-B models ? This paper proposes a set of generic rules that translate SysML/KAOS domain ontologies into an Event-B specification. The rules have been...
Lecture Notes in Computer Science, 2018
In this paper, we use a combination of the SysML/KAOS requirements engineering method, an extensi... more In this paper, we use a combination of the SysML/KAOS requirements engineering method, an extension of SysML, with concepts of the KAOS goal model, and of the B System formal method. Translation rules from a SysML/KAOS goal model to a B System specification have been defined. They allow to obtain a skeleton of the B System specification. To complete it, we have defined a language to express the domain model associated to the goal model. The translation of this domain model gives the structural part of the B System specification. The contribution of this paper is the description of translation rules from SysML/KAOS domain models to B System specifications. We also present the formal verification of these rules and we describe an open source tool that implements the languages and the rules. Finally, we provide a review of the application of the SysML/KAOS method on case studies such as for the formal specification of the hybrid ERTMS/ETCS level 3 standard.
Lecture Notes in Computer Science, 2018
The use of formal methods for verification and validation of critical and complex systems is impo... more The use of formal methods for verification and validation of critical and complex systems is important, but can be extremely tedious without modularisation mechanisms. SysML/KAOS is a requirements engineering method. It includes a goal modeling language to model requirements from stakeholder’s needs. It also contains a domain modeling language for the representation of system application domain using ontologies. Translation rules have been defined to automatically map SysML/KAOS models into B System specifications. Moreover, since the systems we are interested in naturally break down into subsystems (enabling the distribution of work between several agents: hardware, software and human), SysML/KAOS goal models allow the capture of assignments of requirements to agents responsible of their achievement. Each agent is associated with a subsystem. The contribution of this paper is an approach to ensure that a requirement assigned to a subsystem is well achieved by the subsystem. A particular emphasis is placed on ensuring that system invariants persist in subsystems specifications.