Discrete and hybrid methods for the diagnosis of distributed systems

Many important activities of modern society rely on the proper functioning of complex systems such as electricity networks, telecommunication networks, manufacturing plants and aircrafts. The supervision of such systems must include strong diagnosis capability to be able to effectively detect the occurrence of faults and ensure appropriate corrective measures can be taken in order to recover from the faults or prevent total failure. This thesis addresses issues in the diagnosis of large complex systems. Such systems are usually distributed in nature, i.e. they consist of many interconnected components each having their own local behaviour. These components interact together to produce an emergent global behaviour that is complex. As those systems increase in complexity and size, their diagnosis becomes increasingly challenging. In the first part of this thesis, a method is proposed for diagnosis on distributed systems that avoids a monolithic global computation. The method, based on converting the graph of the system into a junction tree, takes into account the topology of the system in choosing how to merge local diagnoses on the components while still obtaining a globally consistent result. The method is shown to work well for systems with tree or near-tree structures. This method is further extended to handle systems with high clustering by selectively ignoring some connections that would still allow an accurate diagnosis to be obtained. A hybrid system approach is explored in the second part of the thesis, where continuous dynamics information on the system is also retained to help better isolate or identify faults. A hybrid system framework is presented that models both continuous dynamics and discrete evolution in dynamical systems, based on detecting changes in the fundamental governing dynamics of the system rather than on residual estimation. This makes it possible to handle systems that might not be well characterised and where parameter drift is present. The discrete aspect of the hybrid system model is used to derive diagnosability conditions using indicator functions for the detection and isolation of multiple, arbitrary sequential or simultaneous events in hybrid dynamical networks. Issues with diagnosis in the presence of uncertainty in measurements due sensor or actuator noise are addressed. Faults may generate symptoms that are in the same order of magnitude as the latter. The use of statistical techniques,within a hybrid system framework, is proposed to detect these elusive fault symptoms and translate this information into probabilities for the actual operational mode and possibility of transition between modes which makes it possible to apply probabilistic analysis on the system to handle the underlying uncertainty present

Checking diagnosability on centralized model of the system

International audienceIn this work, the problem of checking diagnosability on Discrete Event System (DES) is considered especially in centralized architecture. Many approaches in literature deals with diagnosability using one or more intermediate models. In this paper, we present a new model based diagnosability algorithms in the framework of set theory for deciding diagnosability, without any intermediate constructions or models and considering several faults at the same time

The Complexity of Diagnosability and Opacity Verification for Petri Nets

International audienceDiagnosability and opacity are two well-studied problems in discrete-event systems. We revisit these two problems with respect to expressiveness and complexity issues. We first relate different notions of diagnosability and opacity. We consider in particular fairness issues and extend the definition of Germanos et al. [ACM TECS, 2015] of weakly fair diagnosability for safe Petri nets to general Petri nets and to opacity questions. Second, we provide a global picture of complexity results for the verification of diagnosability and opacity. We show that diagnosability is NL-complete for finite state systems, PSPACE-complete for safe Petri nets (even with fairness), and EXPSPACE-complete for general Petri nets without fairness, while non diagnosability is inter-reducible with reachability when fault events are not weakly fair. Opacity is ESPACE-complete for safe Petri nets (even with fairness) and undecidable for general Petri nets already without fairness

Model checking of mobile systems and diagnosability of weakly fair systems

PhD ThesisThis thesis consists of two independent contributions. The rst deals with model checking of reference passing systems, and the second considers diagnosability under the weak fairness assumption. Reference passing systems, like mobile and recon gurable systems are everywhere nowadays. The common feature of such systems is the possibility to form dynamic logical connections between the individual modules. However, such systems are very di cult to verify, as their logical structure is dynamic. Traditionally, decidable fragments of -calculus, e.g. the well-known Finite Control Processes (FCP), are used for formal modelling of reference passing systems. Unfortunately, FCPs allow only `global' concurrency between processes, and thus cannot naturally express scenarios involving `local' concurrency inside a process. This thesis proposes Extended Finite Control Processes (EFCP), which are more convenient for practical modelling. Moreover, an almost linear translation of EFCPs to FCPs is developed, which enables e cient model checking of EFCPs. In partially observed systems, diagnosis is the task of detecting whether or not the given sequence of observed labels indicates that some unobservable fault has occurred. Diagnosability is an associated property, stating that in any possible execution an occurrence of a fault can eventually be diagnosed. In this thesis, diagnosability is considered under the weak fairness (WF) assumption, which intuitively states that no transition from a given set can stay enabled forever - it must eventually either re or be disabled. A major aw in a previous approach to WF-diagnosability in the literature is identi ed and corrected, and an e cient method for verifying WF-diagnosability based on a reduction to LTL-X model checking is presented

Formal Verification of Secure Information Flow in Cloud Computing

Federated cloud systems increase the reliability and reduce the cost of computational support to an organization. However, the resulting combination of secure private clouds and less secure public clouds impacts on the overall security of the system as applications need to be located within di�erent clouds. In this paper, the entities of a federated cloud system as well as the clouds are assigned security levels of a given security lattice. Then a dynamic ow sensitive security model for a federated cloud system is introduced within which the Bell-LaPadula rules and cloud security rule can be captured. The rest of the paper demonstrates how Petri nets and the associated veri�cation techniques could be used to analyze the security of information ow in federated cloud systems

Uniform Strategies

We consider turn-based game arenas for which we investigate uniformity properties of strategies. These properties involve bundles of plays, that arise from some semantical motive. Typically, we can represent constraints on allowed strategies, such as being observation-based. We propose a formal language to specify uniformity properties and demonstrate its relevance by rephrasing various known problems from the literature. Note that the ability to correlate different plays cannot be achieved by any branching-time logic if not equipped with an additional modality, so-called R in this contribution. We also study an automated procedure to synthesize strategies subject to a uniformity property, which strictly extends existing results based on, say standard temporal logics. We exhibit a generic solution for the synthesis problem provided the bundles of plays rely on any binary relation definable by a finite state transducer. This solution yields a non-elementary procedure.Comment: (2012

Model checking multi-agent systems

A multi-agent system (MAS) is usually understood as a system composed of interacting autonomous agents. In this sense, MAS have been employed successfully as a modelling paradigm in a number of scenarios, especially in Computer Science. However, the process of modelling complex and heterogeneous systems is intrinsically prone to errors: for this reason, computer scientists are typically concerned with the issue of verifying that a system actually behaves as it is supposed to, especially when a system is complex. Techniques have been developed to perform this task: testing is the most common technique, but in many circumstances a formal proof of correctness is needed. Techniques for formal verification include theorem proving and model checking. Model checking techniques, in particular, have been successfully employed in the formal verification of distributed systems, including hardware components, communication protocols, security protocols. In contrast to traditional distributed systems, formal verification techniques for MAS are still in their infancy, due to the more complex nature of agents, their autonomy, and the richer language used in the specification of properties. This thesis aims at making a contribution in the formal verification of properties of MAS via model checking. In particular, the following points are addressed: • Theoretical results about model checking methodologies for MAS, obtained by extending traditional methodologies based on Ordered Binary Decision Diagrams (OBDDS) for temporal logics to multi-modal logics for time, knowledge, correct behaviour, and strategies of agents. Complexity results for model checking these logics (and their symbolic representations). • Development of a software tool (MCMAS) that permits the specification and verification of MAS described in the formalism of interpreted systems. • Examples of application of MCMAS to various MAS scenarios (communication, anonymity, games, hardware diagnosability), including experimental results, and comparison with other tools available

Distributed intrusion detection for secure cooperative multi–agent systems

In this thesis we propose a solution for the problem of detecting intruders in an open set of cooperative agents. An agent can perform a finite set of maneuvers and is modeled by a hybrid system whose state is a continuous and a discrete part, representing the agents' physical evolution and logical variables, respectively. Each agent plans its behavior and chooses the appropriate maneuver to perform following a common set of shared rules designed to ensure the safety of the entire system. Since the number of agents is unknown, and since these agents have a limited knowledge of their neighborhood, they can make decisions based only on their own position, and on the configuration of a limited number of surrounding agents. Such a planning strategy is said to be decentralized. The expounded solution is an Intrusion Detecting System (IDS), based on a decentralized monitoring strategy, performed by several common local monitor modules running on--board each agent. This module tries to evaluate the behavior of neighboring agents by estimating the occurrence of the logical events described in the shared rule set. Since each monitor has a limited vision of its neighbors, in many cases it can remain uncertain about the correctness of the monitored agent's behavior. In order to solve this problem we developed a distributed consensus algorithm which, by introducing communication between agents, enhances the intrusion detection capabilities of single monitors. The effectiveness of our solution has been proved by in-depth simulations and a theoretical demonstration of the convergence of the consensus algorithm