## Section: Other Grants and Activities

### National Actions

#### ANR DOTS

Participants : Benedikt Bollig, Thomas Chatain, Paul Gastin, Serge Haddad, Marc Zeitoun.

The DOTS project is a collaboration with researchers from IRCCyN, IRISA, LAMSADE, LaBRI and LSV.

The scientific context of the DOTS project is specification, verification and design of information systems. Complex systems, such as embedded systems that are widely used nowadays (telecommunication, transport, automation), are often distributed –composed of several components that communicate together–, timed –contain timing constraints–, and open –interact with their environment. Each of these aspects considered separately is now relatively well understood and corresponds to an active research area. The big challenge is to deal with systems which present several of these features.

The aim of the DOTS project is to associate researchers specialized in verification of different aspects mentioned above in order to tackle problems that emerge when considering several features simultaneously. In this way we plan to significantly advance both theory as well as algorithmics of design and verification of distributed, open and timed systems.

The research of *MExICo* about distributed control
(Section
3.2.2 ) and real time distributed systems
(Section
3.3.3 ) take place in the DOTS project.

#### ANR CHECKBOUND ANR-06-SETI-002

Participants : Hilal Djafri, Serge Haddad.

The increasing use of computerised systems in all aspects of our lives gives an increasing importance on the need for them to function correctly. The presence of such systems in safety-critical applications, coupled with their increasing complexity, makes indispensable their verification to see if they behaves as required . Thus the model checking which is the automated manner of formal verification techniques is of particular interest. Since verification techniques have becomemore efficient and more prevalent, the natural extension is to extend the range of models and specification formalisms to which model checking can be applied. Indeed the behaviour of many real-life processes is inherently stochastic, thus the formalism has been extended to probabilistic model checking. Therefore, different formalisms in which the underlying system has been modelled by Markovian models have been proposed.

Stochastic model checking can be performed by numerical or statistical methods. In model checking formalism, models are checked to see if the considered measures are guaranteed or not, bounding techniques become useful.We propose to apply Stochastic Comparison technique for numerical stochastic model checking. The main advantage of this approach is the possibility to derive transient and steady-state bounding distributions as well as the possibility to avoid the state space explosion problem. For the statistical model checking we propose to study the application of perfect simulation by coupling in the past. This method has been shown that to be efficient when the underlying system is monotonous for the exact steady-state distribution sampling. We consider to extend this approach for transient analysis and to model checking by means of bounding models and the stochastic monotonicity. One of difficult problems for model checking formalism, we envisage to study is when the state space is infinite. In some cases, it would be possible to consider bounding models defined in finite state space.

Indeed, formal verification using model checking and performance and dependability evaluation have a lot of things in common. We think that it would be interesting to apply the methods that we have a large experience in quantitative evaluation in the context of stochastic model checking.

#### DIGITEO 2009-27HD CoChaT: Covert Channels in Timed Systems

Participant : Serge Haddad.

Attacks with timing channels have been described and simulated for instance on TCP/IP protocols, Web communications or cryptographic operations. The scientific objective of the CoChaT project is to study the conditions underwhich such attacks can occur in timed systems, with two main directions. a. The first step consists in defining a theoretical framework, in which timing channels can be formally described. b. A second part of thework concerns the design of detection and verification algorithms, for which decidability issues are involved. Progress in both steps will have to take into account practical examples like the case studies mentionned above, in order to validate the formal approach.

#### Submissions: INRIA Associated teams

Participants : Serge Haddad, Stefan Haar.

Serge Haddad and Stefan Haar participate in the associated team
FOSSA led by the DistribCom team at INRIA Rennes, with the University of
Texas, Austin. The objective is *Formalizing Orchestration and Secure Services Analysis* ; see http://www.irisa.fr/distribcom/FOSSA2010/Fossa10.html .