Discrete and hybrid methods for the diagnosis of distributed systems

Many important activities of modern society rely on the proper functioning of complex systems such as electricity networks, telecommunication networks, manufacturing plants and aircrafts. The supervision of such systems must include strong diagnosis capability to be able to effectively detect the occurrence of faults and ensure appropriate corrective measures can be taken in order to recover from the faults or prevent total failure. This thesis addresses issues in the diagnosis of large complex systems. Such systems are usually distributed in nature, i.e. they consist of many interconnected components each having their own local behaviour. These components interact together to produce an emergent global behaviour that is complex. As those systems increase in complexity and size, their diagnosis becomes increasingly challenging. In the first part of this thesis, a method is proposed for diagnosis on distributed systems that avoids a monolithic global computation. The method, based on converting the graph of the system into a junction tree, takes into account the topology of the system in choosing how to merge local diagnoses on the components while still obtaining a globally consistent result. The method is shown to work well for systems with tree or near-tree structures. This method is further extended to handle systems with high clustering by selectively ignoring some connections that would still allow an accurate diagnosis to be obtained. A hybrid system approach is explored in the second part of the thesis, where continuous dynamics information on the system is also retained to help better isolate or identify faults. A hybrid system framework is presented that models both continuous dynamics and discrete evolution in dynamical systems, based on detecting changes in the fundamental governing dynamics of the system rather than on residual estimation. This makes it possible to handle systems that might not be well characterised and where parameter drift is present. The discrete aspect of the hybrid system model is used to derive diagnosability conditions using indicator functions for the detection and isolation of multiple, arbitrary sequential or simultaneous events in hybrid dynamical networks. Issues with diagnosis in the presence of uncertainty in measurements due sensor or actuator noise are addressed. Faults may generate symptoms that are in the same order of magnitude as the latter. The use of statistical techniques,within a hybrid system framework, is proposed to detect these elusive fault symptoms and translate this information into probabilities for the actual operational mode and possibility of transition between modes which makes it possible to apply probabilistic analysis on the system to handle the underlying uncertainty present

The Complexity of Diagnosability and Opacity Verification for Petri Nets

International audienceDiagnosability and opacity are two well-studied problems in discrete-event systems. We revisit these two problems with respect to expressiveness and complexity issues. We first relate different notions of diagnosability and opacity. We consider in particular fairness issues and extend the definition of Germanos et al. [ACM TECS, 2015] of weakly fair diagnosability for safe Petri nets to general Petri nets and to opacity questions. Second, we provide a global picture of complexity results for the verification of diagnosability and opacity. We show that diagnosability is NL-complete for finite state systems, PSPACE-complete for safe Petri nets (even with fairness), and EXPSPACE-complete for general Petri nets without fairness, while non diagnosability is inter-reducible with reachability when fault events are not weakly fair. Opacity is ESPACE-complete for safe Petri nets (even with fairness) and undecidable for general Petri nets already without fairness

Model checking of mobile systems and diagnosability of weakly fair systems

PhD ThesisThis thesis consists of two independent contributions. The rst deals with model checking of reference passing systems, and the second considers diagnosability under the weak fairness assumption. Reference passing systems, like mobile and recon gurable systems are everywhere nowadays. The common feature of such systems is the possibility to form dynamic logical connections between the individual modules. However, such systems are very di cult to verify, as their logical structure is dynamic. Traditionally, decidable fragments of -calculus, e.g. the well-known Finite Control Processes (FCP), are used for formal modelling of reference passing systems. Unfortunately, FCPs allow only `global' concurrency between processes, and thus cannot naturally express scenarios involving `local' concurrency inside a process. This thesis proposes Extended Finite Control Processes (EFCP), which are more convenient for practical modelling. Moreover, an almost linear translation of EFCPs to FCPs is developed, which enables e cient model checking of EFCPs. In partially observed systems, diagnosis is the task of detecting whether or not the given sequence of observed labels indicates that some unobservable fault has occurred. Diagnosability is an associated property, stating that in any possible execution an occurrence of a fault can eventually be diagnosed. In this thesis, diagnosability is considered under the weak fairness (WF) assumption, which intuitively states that no transition from a given set can stay enabled forever - it must eventually either re or be disabled. A major aw in a previous approach to WF-diagnosability in the literature is identi ed and corrected, and an e cient method for verifying WF-diagnosability based on a reduction to LTL-X model checking is presented

Fourier-Motzkin methods for fault diagnosis in discrete event systems

The problem of fault diagnosis under partial observation is a complex problem; and the challenge to solve this problem is to find a compromise between the space complexity and time complexity. The classic method to solve the problem is by constructing an automaton called a diagnoser. This method suffers from the state explosion problem which limits its application to large systems. In this thesis, the problem of fault diagnosis in partially observed discrete event systems is addressed. We assume that the system is modelled by Petri nets having no cycle of unobservable transitions. The class of labelled Petri nets is also considered with both bounded and unbounded cases. We propose a novel approach for fault diagnosis using the Integer Fourier-Motzkin Elimination method. The main idea is to reduce the problem of constructing the diagnoser to a problem of projecting between two spaces. In other words, we first obtain a set of inequalities derived from the state equation of Petri nets. Then, the elimination method is used to drop the variables corresponding to the unobservable transitions and we design two sets of inequalities in variables representing the observable transitions. One set ensures that the fault has occurred, whereas the other ensures that fault has not occurred. Given these two sets, we have proved that the occurrences of faults can be decided as any other diagnoser can do. The obtained result are extended to diagnose violations of constraints such as service level agreement and Quality of Service, which is of particular interested in telecommunication companies. We implement our approach and demonstrate gains in performance with respect to existing approaches on a benchmark example

Formal Verification of Secure Information Flow in Cloud Computing

Federated cloud systems increase the reliability and reduce the cost of computational support to an organization. However, the resulting combination of secure private clouds and less secure public clouds impacts on the overall security of the system as applications need to be located within di�erent clouds. In this paper, the entities of a federated cloud system as well as the clouds are assigned security levels of a given security lattice. Then a dynamic ow sensitive security model for a federated cloud system is introduced within which the Bell-LaPadula rules and cloud security rule can be captured. The rest of the paper demonstrates how Petri nets and the associated veri�cation techniques could be used to analyze the security of information ow in federated cloud systems