The Impact of Petri Nets on System-of-Systems Engineering

The successful engineering of a large-scale system-of-systems project towards deterministic behaviour depends on integrating autonomous components using international communications standards in accordance with dynamic requirements. To-date, their engineering has been unsuccessful: no combination of top-down and bottom-up engineering perspectives is adopted, and information exchange protocol and interfaces between components are not being precisely specified. Various approaches such as modelling, and architecture frameworks make positive contributions to system-of-systems specification but their successful implementation is still a problem. One of the most popular modelling notations available for specifying systems, UML, is intuitive and graphical but also ambiguous and imprecise. Supplying a range of diagrams to represent a system under development, UML lacks simulation and exhaustive verification capability. This shortfall in UML has received little attention in the context of system-of-systems and there are two major research issues: 1. Where the dynamic, behavioural diagrams of UML can and cannot be used to model and analyse system-of-systems 2. Determining how Petri nets can be used to improve the specification and analysis of the dynamic model of a system-of-systems specified using UML This thesis presents the strengths and weaknesses of Petri nets in relation to the specification of system-of-systems and shows how Petri net models can be used instead of conventional UML Activity Diagrams. The model of the system-of-systems can then be analysed and verified using Petri net theory. The Petri net formalism of behaviour is demonstrated using two case studies from the military domain. The first case study uses Petri nets to specify and analyse a close air support mission. This case study concludes by indicating the strengths, weaknesses, and shortfalls of the proposed formalism in system-of-systems specification. The second case study considers specification of a military exchange network parameters problem and the results are compared with the strengths and weaknesses identified in the first case study. Finally, the results of the research are formulated in the form of a Petri net enhancement to UML (mapping existing activity diagram elements to Petri net elements) to meet the needs of system-of-systems specification, verification and validation

Sixth Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools Aarhus, Denmark, October 24-26, 2005

This booklet contains the proceedings of the Sixth Workshop on Practical Use of Coloured Petri Nets and the CPN Tools, October 24-26, 2005. The workshop is organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark. The papers are also available in electronic form via the web pages: http://www.daimi.au.dk/CPnets/workshop0

Intelligent multi-agent system for intrusion detection and countermeasures

Intelligent mobile agent systems offer a new approach to implementing intrusion detection systems (IDS). The prototype intrusion detection system, MAIDS, demonstrates the benefits of an agent-based IDS, including distributing the computational effort, reducing the amount of information sent over the network, platform independence, asynchronous operation, and modularity offering ease of updates. Anomaly detection agents use machine learning techniques to detect intrusions; one such agent processes streams of system calls from privileged processes. Misuse detection agents match known problems and correlate events to detect intrusions. Agents report intrusions to other agents and to the system administrator through the graphical user interface (GUI);A sound basis has been created for the intrusion detection system. Intrusions have been modeled using the Software Fault Tree Analysis (SFTA) technique; when augmented with constraint nodes describing trust, contextual, and temporal relationships, the SFTA forms a basis for stating the requirements of the intrusion detection system. Colored Petri Nets (CPN) have been created to model the design of the Intrusion Detection System. Algorithmic transformations are used to create CPN templates from augmented SFT and to create implementation templates from CPNs. The implementation maintains the CPN semantics in the distributed agent-based intrusion detection system

Process improvement : the creation and evaluation of process alternatives

Companies continuously strive to improve their processes to increase productivity and delivered quality against lower costs. With Business Process Redesign (BPR) projects such improvement goals can be achieved. BPR involves the restructuring of business processes, stimulated by the application of information technology. Although BPR is widely applied in industry, a systematic approach that helps a team in deriving designs for better performing business processes is lacking. The approach for Process Improvement by Creating and Evaluating process alternatives (in short: the PrICE approach) is developed to describe and support the concrete steps that will lead a design team from the as-is process to the to-be process. The starting point for the PrICE approach is a model of an existing process. The as-is model contains tasks and their execution ordering, data elements that are created and used, resources and their allocation and performance information. First, redesign opportunities are identified in the process model. A redesign opportunity leads to a combination of a certain redesign operation and a process part on which this operation can be applied. The PrICE approach consists of four steps. The first step of the PrICE approach describes the selection of redesign operations. Eight redesign operations have been developed, each supporting a particular type of redesign creation. We introduce two possible means to select applicable operations: process measures and process mining. Process measures provide a global view on the characteristics of the process and their values may reveal weaknesses in the process. The idea of process mining is to discover, monitor and improve business processes by extracting knowledge from event logs. Process mining results point out what type of changes may be beneficial. Moreover, bottlenecks, i.e., parts of the process that need improvement, are detected. The second step of the approach is the selection of process parts. In this step we focus on the selection of a process part in such a way that the application of a redesign operation results in a correct process model. The third step of the approach concentrates on the creation of process alternatives. An application of a redesign operation to a selected process part results in an alternative process model. An overview of the created alternatives is provided with the process alternatives tree. The root node of the tree is the original model and the other nodes represent the created alternatives. Each of the nodes may serve as a starting point for the creation of another alternative. In the last step of the approach, the performance of the process alternatives is evaluated with simulation. Simulation provides quantitative estimates for the performance, e.g., on time or costs, of a process model. By comparing the simulation results of the models in an alternatives tree, a quantitatively supported choice for the best alternative model, the to-be process, can be made. The PrICE approach is supported with the PrICE tool kit. The tool support is implemented as part of the Process Mining (ProM) framework. The tool kit supports the application of the various steps of the approach. The first two steps are supported with the process mining techniques that are available in ProM. The main features of the PrICE tool kit are the user guidance in the selection of process parts, the creation of process alternatives, the construction of the process alternatives tree and the evaluation of the alternatives with simulation. After the selection of a redesign operation, a process part for redesign is selected by the user by clicking on the tasks in the process model. Colors are used to guide the user and show which tasks may be added to the current selection to form a process part. This way, it is ensured that the input for the creation of a process alternative is such that a correct alternative model can be created. After the creation of an alternative model, the process alternatives tree is updated with a new node representing this alternative. Each node in the alternatives tree can be selected as starting point for the creation of another process alternative. With regard to the evaluation of the alternatives, one can select a subset of nodes for simulation or simulate the complete tree. A simulation study is performed in batch, i.e., all selected models are simulated without user interaction. Afterwards, the simulation results are displayed on the tree nodes. In addition, colors are used to guide the user in finding the best performing alternatives. The developed tool support demonstrates the feasibility of our ideas. This feasibility is also illustrated with several applications of the tool kit to real life processes. Apart from the development of the PrICE approach and tool kit, the thesis includes several other contributions. A contribution is the creation of correct process models. We refer to a process model as correct if the workflow structure is sound and if the data distribution is correct. A correct data distribution is an assignment of the data elements to the tasks in the process in such a way that the data elements necessary for the execution of a task have been written when the task becomes enabled. Requirements on the workflow structure and data distribution are set on the selection of process parts and the creation of alternatives to ensure the construction of correct process alternatives. Another contribution is the overview of the created process alternatives with the process alternatives tree. An alternative model may be created from the original model (the root node) or from one of the alternative models (any other node). The alternatives tree is also used as input for the evaluation of the performance of the alternatives and to provide an overview of the simulation results. A final contribution is the enhancement of the practical use of simulation for process redesign. On the one hand, the automation of the simulation study reduces the necessary time investment because intermediate input from the user is not required. On the other hand, we present a simulation plan that facilitates the understanding of the various aspects that should be addressed in a simulation study

Synthesizing realistic verification tasks

This thesis by publications focuses on realistic benchmarks for software verification approaches. Such benchmarks are crucial to an evaluation of verification tools which helps to assess their capabilities and inform potential users. This work provides an overview of the current landscape of verification tool evaluation and compares manual and automatic approaches to benchmark generation. The main contribution of this thesis is a new framework to synthesize realistic verification tasks. This framework allows to generate verification tasks that target sequential or parallel programs. Starting from a realistic formal specification, a Büchi automaton is synthesized while ensuring realistic hardness characteristics such as the number of computation steps after which errors occur. The resulting automaton is then transformed to a Mealy machine to produce a sequential program in C or Java or to a parallel composition of modal transition systems. A refinement of the latter is encoded in Promela or as a Petri net. A task that targets such a parallel system requires checking whether or not a given interruptible temporal property is satisfied or whether parallel systems are weakly bisimilar. Temporal properties may include branching-time and linear-time formulas. For the latter, it can be ensured that every parallel component matters during verification. This thesis contains additional contributions that build on top of attached publications. These are (i) a generalization of interruptibility that covers branching-time properties, (ii) an improved generation of parallel contexts, and (iii) a definition of alphabet extension on a semantic level. Alphabet extensions are a key part for ensuring hardness of generated tasks that target parallel systems. Benchmarks that were synthesized using the presented framework have been employed in the international Rigorous Examination of Reactive Systems (RERS) Challenge during the last five years. Several international teams attempted to solve the corresponding verification tasks and used ten different tools to verify the newly added parallel programs. Apart from the evaluation of these tools, this endeavor motivated participants of RERS to conceive new formal techniques to verify parallel systems. The result of this thesis thus helps to improve the state of the art of software verification

Reo + mCRL2: A Framework for Model-checking Dataflow in Service Compositions

The paradigm of service-oriented computing revolutionized the field of software engineering. According to this paradigm, new systems are composed of existing stand-alone services to support complex cross-organizational business processes. Correct communication of these services is not possible without a proper coordination mechanism. The Reo coordination language is a channel-based modeling language that introduces various types of channels and their composition rules. By composing Reo channels, one can specify Reo connectors that realize arbitrary complex behavioral protocols. Several formalisms have been introduced to give semantics to Reo. In their most basic form, they reflect service synchronization and dataflow constraints imposed by connectors. To ensure that the composed system behaves as intended, we need a wide range of automated verification tools to assist service composition designers. In this paper, we present our framework for the verification of Reo using the toolset. We unify our previous work on mapping various semantic models for Reo, namely, constraint automata, timed constraint automata, coloring semantics and the newly developed action constraint automata, to the process algebraic specification language of , address the correctness of this mapping, discuss tool support, and present a detailed example that illustrates the use of Reo empowered with for the analysis of dataflow in service-based process models

Reo + mCRL2: A Framework for Model-Checking Dataflow in Service Compositions

The paradigm of service-oriented computing revolutionized the field of software engineering. According to this paradigm, new systems are composed of existing stand-alone services to support complex cross-organizational business processes. Correct communication of these services is not possible without a proper coordination mechanism. The Reo coordination language is a channel-based modeling language that introduces various types of channels and their composition rules. By composing Reo channels, one can specify Reo connectors that realize arbitrary complex behavioral protocols. Several formalisms have been introduced to give semantics to Reo. In their most basic form, they reflect service synchronization and dataflow constraints imposed by connectors. To ensure that the composed system behaves as intended, we need a wide range of automated verification tools to assist service composition designers. In this paper, we present our framework for the verification of Reo using the mCRL2 toolset. We unify our previous work on mapping various semantic models for Reo, namely, constraint automata, timed constraint automata, coloring semantics and the newly developed action constraint automata, to the process algebraic specification language of mCRL2, address the correctness of this mapping, discuss tool support, and present a detailed example that illustrates the use of Reo empowered with mCRL2 for the analysis of dataflow in service-based process models

Eighth Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools, Aarhus, Denmark, October 22-24, 2007

This booklet contains the proceedings of the Eighth Workshop on Practical Use of Coloured Petri Nets and the CPN Tools, October 22-24, 2007. The workshop is organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark. The papers are also available in electronic form via the web pages: http://www.daimi.au.dk/CPnets/workshop0

Specification and Automatic Generation of Simulation Models with Applications in Semiconductor Manufacturing

The creation of large-scale simulation models is a difficult and time-consuming task. Yet simulation is one of the techniques most frequently used by practitioners in Operations Research and Industrial Engineering, as it is less limited by modeling assumptions than many analytical methods. The effective generation of simulation models is an important challenge. Due to the rapid increase in computing power, it is possible to simulate significantly larger systems than in the past. However, the verification and validation of these large-scale simulations is typically a very challenging task. This thesis introduces a simulation framework that can generate a large variety of manufacturing simulation models. These models have to be described with a simulation data specification. This specification is then used to generate a simulation model which is described as a Petri net. This approach reduces the effort of model verification. The proposed Petri net data structure has extensions for time and token priorities. Since it builds on existing theory for classical Petri nets, it is possible to make certain assertions about the behavior of the generated simulation model. The elements of the proposed framework and the simulation execution mechanism are described in detail. Measures of complexity for simulation models that are built with the framework are also developed. The applicability of the framework to real-world systems is demonstrated by means of a semiconductor manufacturing system simulation model.Ph.D.Committee Chair: Alexopoulos, Christos; Committee Co-Chair: McGinnis, Leon; Committee Member: Egerstedt, Magnus; Committee Member: Fujimoto, Richard; Committee Member: Goldsman, Davi

A Conceptual Framework for Adapation

We present a white-box conceptual framework for adaptation. We called it CODA, for COntrol Data Adaptation, since it is based on the notion of control data. CODA promotes a neat separation between application and adaptation logic through a clear identification of the set of data that is relevant for the latter. The framework provides an original perspective from which we survey a representative set of approaches to adaptation ranging from programming languages and paradigms, to computational models and architectural solutions