Formal Modeling of Airport Security Regulations using the Focal Environment David Delahaye CEDRIC/CNAM, Paris, France David.Delahaye@cnam.fr Jean-Frédéric Étienne CEDRIC/CNAM, Paris, France etiennje@cnam.fr Véronique Viguié Donzeau-Gouge CEDRIC/CNAM, Paris, France donzeau@cnam.fr Abstract We present the formalization of regulations intended to ensure airport security in the framework of civil aviation. In particular, we describe the formal models of two stan- dards, one at the international level and the other at the European level. These models are expressed using the Fo- cal environment, which is an object-oriented specification and proof system. In addition, we show that these models are correct and complete thanks to the Zenon automated theorem prover, which is the dedicated reasoning support of Focal. Finally, we propose an automatic transformation of Focal specifications to UML class diagrams, in order to provide a graphical documentation of formal models for de- velopers, and in the long-term, for certification authorities. 1 Introduction Many human activities are controlled by regulations and standards. Regulations can be seen as a set of rules/spec- ifications and a key element to guarantee their effective enforcement is to assess the conformity of the procedures and artifacts they intend to regulate. However, the confor- mity assessment procedures are worthless if the correctness, completeness and consistency of the specifications are not established. Standards and recommended practices are usu- ally written in natural language in order to be easily un- derstood and adopted by a large number of stake-holders. Nevertheless, the normative documents are generally of vo- luminous size, ambiguous and often open to interpretation. Moreover, it is very difficult to automatically process nat- ural language documents in search for inconsistencies. All these problems highlight the lack of a formal drafting pro- cess and this is where modeling techniques can help. Recent work [4] has shown that there is an increased interest in pro- viding automated and systematic support to reason about regulations due to the growing complexity of safety and se- curity requirements. In this paper, we report on our experience of a 4 year study, which consists in building and analyzing the formal models of two standards related to airport security: the first one is the international standard Annex 17 [8], produced by the International Civil Aviation Organization (ICAO), an agency of the United Nations; the second one is the Eu- ropean Directive Doc 2320 [6], produced by the European Civil Aviation Conference (ECAC) and which is supposed to refine the Annex 17 at the European level. This for- malization was realized using the Focal [7] environment, within the framework of the EDEMOI 1 [5] project. The EDEMOI project aims to integrate and apply several re- quirements engineering and formal methods techniques to analyze regulations in the domain of airport security. In this project, we achieved several contributions. First, the formalization of the two standards (previously men- tioned) allowed us to improve the quality of the normative documents and hence to increase the efficiency of the con- formity assessment procedure. Second, thanks to this sig- nificant formalization, it was possible to validate the design features as well as the reasoning support offered by Focal. The specification environment was also extended to pro- vide an appropriate level of documentation for the formal models. This extension mainly supports the production of a graphical documentation for Focal specifications in the form of UML class diagrams. The documentation is in- tended to be used by developers, and in the long-term, to facilitate discussions with certification authorities. 1 The EDEMOI project is supported by the French National “Action Concertée Incitative Sécurité Informatique”.