The STRESS Method for Boundary-point Performance Analysis of End-to-end Multicast Timer-Suppression Mechanisms

Evaluation of Internet protocols usually uses random scenarios or scenarios based on designers' intuition. Such approach may be useful for average-case analysis but does not cover boundary-point (worst or best-case) scenarios. To synthesize boundary-point scenarios a more systematic approach is needed.In this paper, we present a method for automatic synthesis of worst and best case scenarios for protocol boundary-point evaluation. Our method uses a fault-oriented test generation (FOTG) algorithm for searching the protocol and system state space to synthesize these scenarios. The algorithm is based on a global finite state machine (FSM) model. We extend the algorithm with timing semantics to handle end-to-end delays and address performance criteria. We introduce the notion of a virtual LAN to represent delays of the underlying multicast distribution tree. The algorithms used in our method utilize implicit backward search using branch and bound techniques and start from given target events. This aims to reduce the search complexity drastically. As a case study, we use our method to evaluate variants of the timer suppression mechanism, used in various multicast protocols, with respect to two performance criteria: overhead of response messages and response time. Simulation results for reliable multicast protocols show that our method provides a scalable way for synthesizing worst-case scenarios automatically. Results obtained using stress scenarios differ dramatically from those obtained through average-case analyses. We hope for our method to serve as a model for applying systematic scenario generation to other multicast protocols.Comment: 24 pages, 10 figures, IEEE/ACM Transactions on Networking (ToN) [To appear

Temporal verification in secure group communication system design

The paper discusses an experience in using a real-time UML/SysML profile and a formal verification toolkit to check a secure group communication system against temporal requirements. A generic framework is proposed and specialized for hierarchical groups

Towards formal models and languages for verifiable Multi-Robot Systems

Incorrect operations of a Multi-Robot System (MRS) may not only lead to unsatisfactory results, but can also cause economic losses and threats to safety. These threats may not always be apparent, since they may arise as unforeseen consequences of the interactions between elements of the system. This call for tools and techniques that can help in providing guarantees about MRSs behaviour. We think that, whenever possible, these guarantees should be backed up by formal proofs to complement traditional approaches based on testing and simulation. We believe that tailored linguistic support to specify MRSs is a major step towards this goal. In particular, reducing the gap between typical features of an MRS and the level of abstraction of the linguistic primitives would simplify both the specification of these systems and the verification of their properties. In this work, we review different agent-oriented languages and their features; we then consider a selection of case studies of interest and implement them useing the surveyed languages. We also evaluate and compare effectiveness of the proposed solution, considering, in particular, easiness of expressing non-trivial behaviour.Comment: Changed formattin

Secure and Efficient Distributed Relay-Based Rekeying Algorithm for Group Communication in Mobile Multihop Relay Network

In mobile multihop relay (MMR) networks, Relay multicast rekeying algorithm (RMRA) is meant to ensure secure multicast communication and selective updating of keys in MMR networks. However, in RMRA, the rekeying is carried out after a specific interval of time, which cannot ensure the security for multicast communication on joining the member. Secondly, the rekeying scheme generates a huge communication overhead on the serving multihop relay base station (MR-BS) on frequent joining of members. Lastly, there is nothing about when a member left the group communication. Thus, the rekeying scheme of RMRA fails to provide forward and backward secrecy and also is not scalable. To solve this problem, an improved rekeying scheme based on broadcasting a new seed value on joining and leaving of a member for updating the ongoing key management is proposed. The proposed scheme solves the issue of forward and backward secrecy and the scalability in a very simplified way. The forward and backward secrecy of the proposed scheme has been extensively validated by formal method using rank theorem. Furthermore, mathematical derivation showed that the proposed scheme out-performed the RMRA in terms of communication cost and complexity