A model checker for performance and dependability properties

Markov chains are widely used in the context of performance and reliability evaluation of systems of various nature. Model checking of such chains with respect to a given (branching) temporal logic formula has been proposed for both the discrete [8] and the continuous time setting [1], [3]. In this short paper, we describe the prototype model checker $E \vdash M C^2$ for discrete and continuous-time Markov chains, where properties are expressed in appropriate extensions of CTL.We illustrate the general benefits of this approach and discuss the structure of the tool

A Survey on Service Composition Middleware in Pervasive Environments

The development of pervasive computing has put the light on a challenging problem: how to dynamically compose services in heterogeneous and highly changing environments? We propose a survey that defines the service composition as a sequence of four steps: the translation, the generation, the evaluation, and finally the execution. With this powerful and simple model we describe the major service composition middleware. Then, a classification of these service composition middleware according to pervasive requirements - interoperability, discoverability, adaptability, context awareness, QoS management, security, spontaneous management, and autonomous management - is given. The classification highlights what has been done and what remains to do to develop the service composition in pervasive environments

A formalism for describing and simulating systems with interacting components.

This thesis addresses the problem of descriptive complexity presented by systems involving a high number of interacting components. It investigates the evaluation measure of performability and its application to such systems. A new description and simulation language, ICE and it's application to performability modelling is presented. ICE (Interacting ComponEnts) is based upon an earlier description language which was first proposed for defining reliability problems. ICE is declarative in style and has a limited number of keywords. The ethos in the development of the language has been to provide an intuitive formalism with a powerful descriptive space. The full syntax of the language is presented with discussion as to its philosophy. The implementation of a discrete event simulator using an ICE interface is described, with use being made of examples to illustrate the functionality of the code and the semantics of the language. Random numbers are used to provide the required stochastic behaviour within the simulator. The behaviour of an industry standard generator within the simulator and different methods of number allocation are shown. A new generator is proposed that is a development of a fast hardware shift register generator and is demonstrated to possess good statistical properties and operational speed. For the purpose of providing a rigorous description of the language and clarification of its semantics, a computational model is developed using the formalism of extended coloured Petri nets. This model also gives an indication of the language's descriptive power relative to that of a recognised and well developed technique. Some recognised temporal and structural problems of system event modelling are identified. and ICE solutions given. The growing research area of ATM communication networks is introduced and a sophisticated top down model of an ATM switch presented. This model is simulated and interesting results are given. A generic ICE framework for performability modelling is developed and demonstrated. This is considered as a positive contribution to the general field of performability research

A compositional method for reliability analysis of workflows affected by multiple failure modes

We focus on reliability analysis for systems designed as workflow based compositions of components. Components are characterized by their failure profiles, which take into account possible multiple failure modes. A compositional calculus is provided to evaluate the failure profile of a composite system, given failure profiles of the components. The calculus is described as a syntax-driven procedure that synthesizes a workflows failure profile. The method is viewed as a design-time aid that can help software engineers reason about systems reliability in the early stage of development. A simple case study is presented to illustrate the proposed approach

Construction and Verification of Performance and Reliability Models

Over the last two decades formal methods have been extended towards performance and reliability evaluation. This paper tries to provide a rather intuitive explanation of the basic concepts and features in this area. Instead of striving for mathematical rigour, the intention is to give an illustrative introduction to the basics of stochastic models, to stochastic modelling using process algebra, and to model checking as a technique to analyse stochastic models

Energy efficient transport technology: Program summary and bibliography

The Energy Efficient Transport (EET) Program began in 1976 as an element of the NASA Aircraft Energy Efficiency (ACEE) Program. The EET Program and the results of various applications of advanced aerodynamics and active controls technology (ACT) as applicable to future subsonic transport aircraft are discussed. Advanced aerodynamics research areas included high aspect ratio supercritical wings, winglets, advanced high lift devices, natural laminar flow airfoils, hybrid laminar flow control, nacelle aerodynamic and inertial loads, propulsion/airframe integration (e.g., long duct nacelles) and wing and empennage surface coatings. In depth analytical/trade studies, numerous wind tunnel tests, and several flight tests were conducted. Improved computational methodology was also developed. The active control functions considered were maneuver load control, gust load alleviation, flutter mode control, angle of attack limiting, and pitch augmented stability. Current and advanced active control laws were synthesized and alternative control system architectures were developed and analyzed. Integrated application and fly by wire implementation of the active control functions were design requirements in one major subprogram. Additional EET research included interdisciplinary technology applications, integrated energy management, handling qualities investigations, reliability calculations, and economic evaluations related to fuel savings and cost of ownership of the selected improvements

A Markov Chain Model Checker

Markov chains are widely used in the context of performance and reliability evaluation of systems of various nature. Model checking of such chains with respect to a given (branching) temporal logic formula has been proposed for both the discrete [17,6] and the continuous time setting [4,8]. In this paper, we describe a prototype model checker for discrete and continuous-time Markov chains, the Erlangen Twente Markov Chain Checker $(E \vdash MC^2$), where properties are expressed in appropriate extensions of CTL. We illustrate the general bene ts of this approach and discuss the structure of the tool. Furthermore we report on first successful applications of the tool to non-trivial examples, highlighting lessons learned during development and application of $(E \vdash MC^2$)

Development of security strategies using Kerberos in wireless networks

Authentication is the primary function used to reduce the risk of illegitimate access to IT services of any organisation. Kerberos is a widely used authentication protocol for authentication and access control mechanisms. This thesis presents the development of security strategies using Kerberos authentication protocol in wireless networks, Kerberos-Key Exchange protocol, Kerberos with timed-delay, Kerberos with timed-delay and delayed decryption, Kerberos with timed-delay, delayed decryption and password encryption properties. This thesis also includes a number of other research works such as, frequently key renewal under pseudo-secure conditions and shut down of the authentication server to external access temporarily to allow for secure key exchange. A general approach for the analysis and verification of authentication properties as well as Kerberos authentication protocol are presented. Existing authentication mechanisms coupled with strong encryption techniques are considered, investigated and analysed in detail. IEEE 802.1x standard, IEEE 802.11 wireless communication networks are also considered. First, existing security and authentication approaches for Kerberos authentication protocol are critically analysed with the discussions on merits and weaknesses. Then relevant terminology is defined and explained. Since Kerberos exhibits some vulnerabilities, the existing solutions have not treated the possibilities of more than one authentication server in a strict sense. A three way authentication mechanism addresses possible solution to this problem. An authentication protocol has been developed to improve the three way authentication mechanism for Kerberos. Dynamically renewing keys under pseudo-secure situations involves a temporary interruption to link/server access. After describing and analysing a protocol to achieve improved security for authentication, an analytical method is used to evaluate the cost in terms of the degradation of system performability. Various results are presented. An approach that involves a new authentication protocol is proposed. This new approach combines delaying decryption with timed authentication by using passwords and session keys for authentication purposes, and frequent key renewal under secure conditions. The analysis and verification of authentication properties and results of the designed protocol are presented and discussed. Protocols often fail when they are analysed critically. Formal approaches have emerged to analyse protocol failures. Abstract languages are designed especially for the description of communication patterns. A notion of rank functions is introduced for analysing purposes as well. An application of this formal approach to a newly designed authentication protocol that combines delaying the decryption process with timed authentication is presented. Formal methods for verifying cryptographic protocols are created to assist in ensuring that authentication protocols meet their specifications. Model checking techniques such as Communicating Sequential Processes (CSP) and Failure Divergence Refinement (FDR) checker, are widely acknowledged for effectively and efficiently revealing flaws in protocols faster than most other contemporaries. Essentially, model checking involves a detailed search of all the states reachable by the components of a protocol model. In the models that describe authentication protocols, the components, regarded as processes, are the principals including intruder (attacker) and parameters for authentication such as keys, nonces, tickets, and certificates. In this research, an automated generation tool, CASPER is used to produce CSP descriptions. Proposed protocol models rely on trusted third parties in authentication transactions while intruder capabilities are based on possible inductions and deductions. This research attempts to combine the two methods in model checking in order to realise an abstract description of intruder with enhanced capabilities. A target protocol of interest is that of Kerberos authentication protocol. The process of increasing the strength of security mechanisms usually impacts on performance thresholds. In recognition of this fact, the research adopts an analytical method known as spectral expansion to ascertain the level of impact, and which resulting protocol amendments will have on performance. Spectral expansion is based on state exploration. This implies that it is subject, as model checking, to the state explosion problem. The performance characteristics of amended protocols are examined relative to the existing protocols. Numerical solutions are presented for all models developed