An Alloy Verification Model for Consensus-Based Auction Protocols

Max Consensus-based Auction (MCA) protocols are an elegant approach to establish conflict-free distributed allocations in a wide range of network utility maximization problems. A set of agents independently bid on a set of items, and exchange their bids with their first hop-neighbors for a distributed (max-consensus) winner determination. The use of MCA protocols was proposed, $e.g.$, to solve the task allocation problem for a fleet of unmanned aerial vehicles, in smart grids, or in distributed virtual network management applications. Misconfigured or malicious agents participating in a MCA, or an incorrect instantiation of policies can lead to oscillations of the protocol, causing, $e.g.$, Service Level Agreement (SLA) violations. In this paper, we propose a formal, machine-readable, Max-Consensus Auction model, encoded in the Alloy lightweight modeling language. The model consists of a network of agents applying the MCA mechanisms, instantiated with potentially different policies, and a set of predicates to analyze its convergence properties. We were able to verify that MCA is not resilient against rebidding attacks, and that the protocol fails (to achieve a conflict-free resource allocation) for some specific combinations of policies. Our model can be used to verify, with a "push-button" analysis, the convergence of the MCA mechanism to a conflict-free allocation of a wide range of policy instantiations

Formal Model-Driven Analysis of Resilience of GossipSub to Attacks from Misbehaving Peers

GossipSub is a new peer-to-peer communication protocol designed to counter attacks from misbehaving peers by carefully controlling what information is disseminated and to whom, via a score function computed by each peer that captures positive and negative behaviors of its neighbors. The score function depends on several parameters (weights, caps, thresholds, etc.) that can be configured by applications using GossipSub. The specification for GossipSub is written in English and its resilience to attacks from misbehaving peers is supported empirically by emulation testing using an implementation in Golang. In this work we take a foundational approach to understanding the resilience of GossipSub to attacks from misbehaving peers. We build the first formal model of GossipSub, using the ACL2s theorem prover. Our model is officially endorsed by GossipSub developers. It can simulate GossipSub networks of arbitrary size and topology, with arbitrarily configured peers, and can be used to prove and disprove theorems about the protocol. We formalize fundamental security properties stating that the score function is fair, penalizes bad behavior and rewards good behavior. We prove that the score function is always fair, but can be configured in ways that either penalize good behavior or ignore bad behavior. Using our model, we run GossipSub with the specific configurations for two popular real-world applications: the FileCoin and Eth2.0 blockchains. We show that all properties hold for FileCoin. However, given any Eth2.0 network (of any topology and size) with any number of potentially misbehaving peers, we can synthesize attacks where these peers are able to continuously misbehave by never forwarding topic messages, while maintaining positive scores so that they are never pruned from the network by GossipSub.Comment: In revie

A policy-based architecture for virtual network embedding

Network virtualization is a technology that enables multiple virtual instances to coexist on a common physical network infrastructure. This paradigm fostered new business models, allowing infrastructure providers to lease or share their physical resources. Each virtual network is isolated and can be customized to support a new class of customers and applications. To this end, infrastructure providers need to embed virtual networks on their infrastructure. The virtual network embedding is the (NP-hard) problem of matching constrained virtual networks onto a physical network. Heuristics to solve the embedding problem have exploited several policies under different settings. For example, centralized solutions have been devised for small enterprise physical networks, while distributed solutions have been proposed over larger federated wide-area networks. In this thesis we present a policy-based architecture for the virtual network embedding problem. By policy, we mean a variant aspect of any of the three (invariant) embedding mechanisms: physical resource discovery, virtual network mapping, and allocation on the physical infrastructure. Our architecture adapts to different scenarios by instantiating appropriate policies, and has bounds on embedding efficiency, and on convergence embedding time, over a single provider, or across multiple federated providers. The performance of representative novel and existing policy configurations are compared via extensive simulations, and over a prototype implementation. We also present an object model as a foundation for a protocol specification, and we release a testbed to enable users to test their own embedding policies, and to run applications within their virtual networks. The testbed uses a Linux system architecture to reserve virtual node and link capacities

Computer Aided Verification

The open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency

Computer Aided Verification

The open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency

Principles of Security and Trust: 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings

authentication; computer science; computer software selection and evaluation; cryptography; data privacy; formal logic; formal methods; formal specification; internet; privacy; program compilers; programming languages; security analysis; security systems; semantics; separation logic; software engineering; specifications; verification; world wide we

A policy-based architecture for virtual network embedding (PhD thesis)

Network virtualization is a technology that enables multiple virtual instances to coexist on a common physical network infrastructure. This paradigm fostered new business models, allowing infrastructure providers to lease or share their physical resources. Each virtual network is isolated and can be customized to support a new class of customers and applications. To this end, infrastructure providers need to embed virtual networks on their infrastructure. The virtual network embedding is the (NP-hard) problem of matching constrained virtual networks onto a physical network. Heuristics to solve the embedding problem have exploited several policies under different settings. For example, centralized solutions have been devised for small enterprise physical networks, while distributed solutions have been proposed over larger federated wide-area networks. In this thesis we present a policy-based architecture for the virtual network embedding problem. By policy, we mean a variant aspect of any of the three (invariant) embedding mechanisms: physical resource discovery, virtual network mapping, and allocation on the physical infrastructure. Our architecture adapts to different scenarios by instantiating appropriate policies, and has bounds on embedding enablesciency, and on convergence embedding time, over a single provider, or across multiple federated providers. The performance of representative novel and existing policy configuration are compared via extensive simulations, and over a prototype implementation. We also present an object model as a foundation for a protocol specification, and we release a testbed to enable users to test their own embedding policies, and to run applications within their virtual networks. The testbed uses a Linux system architecture to reserve virtual node and link capacities

A Design-by-Contract based Approach for Architectural Modelling and Analysis

Research on software architectures has been active since the early nineties, leading to a number of different architecture description languages (ADL). Given their importance in facilitating the communication of crucial system properties to different stakeholders and their analysis early on in the development of a system this is understandable. However, practitioners rarely use ADLs, and, instead, they insist on using the Unified Modelling Language (UML) for specifying software architectures. I attribute this to three main issues that have not been addressed altogether by the existing ADLs. Firstly, in their attempt to support formal analysis, current ADLs employ formal notations (i.e., mostly process algebras) that are rarely used among practitioners. Secondly, many ADLs focus on components in specifying software architectures, neglecting the first-class specification of complex interaction protocols as connectors. They view connectors as simple interaction links that merely identify the communicating components and their basic communication style (e.g., procedure call). So, complex interaction protocols are specified as part of components, which however reduce the re-usability of both. Lastly, there are also some ADLs that do support complex connectors. However, these include a centralised glue element in their connector structure that imposes a global ordering of actions on the interacting components. Such global constraints are not always realisable in a decentralised manner by the components that participate in these protocols. In this PhD thesis, I introduce a new architecture description language called XCD that supports the formal specification of software architectures without employing a complex formal notation and offers first-class connectors for maximising the re-use of components and protocols. Furthermore, by omitting any units for specifying global constraints (i.e., glue), the architecture specifications in XCD are guaranteed to be realisable in a decentralised manner. I show in the thesis how XCD extends Design-by-Contract (DbC) for specifying (i) protocol-independent components and (ii) complex connectors, which can impose only local constraints to guarantee their realisability. Use of DbC will hopefully make it easier for practitioners to use the language, compared to languages using process algebras. I also show the precise translation of XCD into SPIN’s formal ProMeLa language for formally verifying software architectures that (i) services offered by components are always used correctly, (ii) the component behaviours are always complete, (iii)there are no race-conditions, (iv) there is no deadlock, and (v) for components having event communications, there is no overflow of event buffers. Finally, I evaluate XCD via five well-known case studies and illustrate XCD’s enhanced modularity, expressive DbC-based notation, and guaranteed realisability for architecture specifications

LIPIcs, Volume 251, ITCS 2023, Complete Volume

LIPIcs, Volume 251, ITCS 2023, Complete Volum

Towards the Methodology for the Reuse of Industrial Heritage in China

The theme of this dissertation is to reflect on the reuse methodology for the industrial heritage, through the analysis of different reuse ways used in the Chinese cities. A comparative perspective with typical methodologies and strategies used in Europe is barely sketched in order to illuminate the specificities of the Chinese situation. The discussion on the industrial heritage mainly focuses on the immovable tangible industrial heritage in modern and contemporary time (after 1860), including the industrial buildings and industrial sites. They are called Industrial Architecture Heritage, according to definition provided by the Architectural Society of China established in the Industrial Architecture Heritage Academic Committee (IAHAC), which is the first academic organization for industrial heritage preservation in China. The other types of industrial heritage, such as the industrial equipment, production technology and enterprise culture, are also significant and should not be ignored in the reuse. Based on the main question--what is the methodology for the reuse of industrial heritage in China--there are some sub-questions: What are the main characteristics of the industrial heritage in China? How can the industrial heritage be recognized and protected in China? What is the regulation for the industrial heritage in China? What are the operation mechanisms of current reuse approaches for the industrial heritage in China? What are the problems of the conventional reuse methodology in China? What can we learn from the management and reuse methodology in Europe? Where is the balance between preservation and transformation of industrial heritage in China? How is it possible to deal with the conflict between economic goals and the value enhancement of industrial heritage? The whole dissertation is divided into six chapters: (1) Identifying the Industrial Heritage in China: Dilemma and Opportunities; (2) Exploring the Reuse Ways of Industrial Heritage in China; (3) Industrial Heritage in the Context of Europe: Conceptual and Methodological Issues; (4) Methodology for the Reuse of Industrial Building --Case Study: 1933 Old Millfun, Shanghai; (5) Methodology for the Regeneration of Historic Area with Industrial Heritage--Case study: Tianzifang , Shanghai; (6) Distinguishing the Methodology for the Reuse of Industrial Heritage in China. Their first part has a brief review of the question of industrial heritage between demolition, protection and reuse under the background of distinctive situation in China. The Chinese definition of industrial heritage is discussed with the industrialization process and its particularity different from the western counterpart. Since the management and regulations of industrial heritage are under the cultural heritage protection system, therefore, it is inevitable to have a discuss on the cultural heritage in terms of conceptual dimension and the legal management system in order to explain the difficulty in the protection of industrial heritage. The second chapter focuses on the different reuse ways of industrial heritage in several Chinese cities. The main reason for such a regional perspective is that the practice of industrial heritage reuse has been largely a result of their unique industry development history accompanied by the uneven policies in protection and reuse. As a result, a total of five cities are selected in this part: two municipalities directly under the Central Government—Beijing and Shanghai, which are the biggest metropolis in China; another two cities in the eastern coastal region—Tianjin and Nanjing; and one city in the north-east region—Harbin, a typical city in China’s traditional industrial base. They all industrial cities and facing the problem of abandoned industrial buildings and facilities after the de-industrialization. By reading the different reuse ways and protection policies and implementation in these cities located in different regions, the big picture of industrial heritage reuse in China would be showed together. The main aim of the third chapter is to read the evolution of industrial heritage’s conceptual and methodology dimensions in the Europe context. The concepts of “industrial archeology”, “industrial heritage” and “industrial landscape” are discussed respectively. It could say that industrial heritage always plays a central role when the European countries are dealing with these industrial remains throughout the social and economic programs. Therefore, the innovation of methodologies and the diversification of strategies, including the “patrimonialization”, industrial heritage tourism, Ecomuseum and trans-border collaboration, are studied in order to give some useful experience for the conservation and reuse of industrial heritage in China In the fourth and fifth chapters, with the two case studies of 1933 old Millfun and Tianzifang area, the specific reuse methodology of industrial heritage is present in both architecture and urban level. In the first case, through the restoration and renovation from 2006 to 2008, the original abattoir is reused as spaces for creative industry, such as conference, exhibition, banquet and office. This study, including the historical research on the realization of architecture and the reuse methodology research, shows how the protected industrial heritage can be rehabilitated with the new uses. The aim of historical research is to reveal the original designs and construction process of architecture, such as the original function, original architectural space, original material and original technology, basing on architectural archives from Shanghai Municipal Archives. Meanwhile, through reading the drawings, interviewing the architects who design it and site investigation, the strategy and methodology used for 1933 old millfun are studied in details. In the second case of Tianzifang, the mixed industrial and residential area was transformed into art community and commercial space. The aim of this research is to explore that how did a decline historical block mingled with industrial and residential functions gradually become such a popular and vibrant place with community-initiated rehabilitation in the context of huge transform over the past twenty years. Through the literature review and fieldwork, the historical geography of this area and the transformation of this area are revealed. Then the particularities of Tianzifang’s dramatic regeneration process are identified in the aim of contributing industrial heritage in the rehabilitation of historic districts. The sixth chapter is trying to summarize the characters of the typical reuse modes, such as government-leading reuse, enterprise-leading, developer-leading and government-assisting reuse, “bottom-up” reuse, pointing out their operation mechanism and the existing problems. Finally, this study suggest the methodology for the reuse of industrial heritage by offering the protocols in investigation, assessment, feasibility study and design principles for reuse