4 research outputs found
Modularity for Security-Sensitive Workflows
Full text linkAn established trend in software engineering insists on using components
(sometimes also called services or packages) to encapsulate a set of related
functionalities or data. By defining interfaces specifying what functionalities
they provide or use, components can be combined with others to form more
complex components. In this way, IT systems can be designed by mostly re-using
existing components and developing new ones to provide new functionalities. In
this paper, we introduce a notion of component and a combination mechanism for
an important class of software artifacts, called security-sensitive workflows.
These are business processes in which execution constraints on the tasks are
complemented with authorization constraints (e.g., Separation of Duty) and
authorization policies (constraining which users can execute which tasks). We
show how well-known workflow execution patterns can be simulated by our
combination mechanism and how authorization constraints can also be imposed
across components. Then, we demonstrate the usefulness of our notion of
component by showing (i) the scalability of a technique for the synthesis of
run-time monitors for security-sensitive workflows and (ii) the design of a
plug-in for the re-use of workflows and related run-time monitors inside an
editor for security-sensitive workflows
Formal Relationships Between Geometrical and Classical Models for Concurrency
Get PDFA wide variety of models for concurrent programs has been proposed during the
past decades, each one focusing on various aspects of computations: trace
equivalence, causality between events, conflicts and schedules due to resource
accesses, etc. More recently, models with a geometrical flavor have been
introduced, based on the notion of cubical set. These models are very rich and
expressive since they can represent commutation between any bunch of events,
thus generalizing the principle of true concurrency. While they seem to be very
promising - because they make possible the use of techniques from algebraic
topology in order to study concurrent computations - they have not yet been
precisely related to the previous models, and the purpose of this paper is to
fill this gap. In particular, we describe an adjunction between Petri nets and
cubical sets which extends the previously known adjunction between Petri nets
and asynchronous transition systems by Nielsen and Winskel
A new approach to the system reliability analysis using reverse Petri nets
Get PDFΠΠ½Π°Π»ΠΈΠ·Π° ΡΡΠ°Π±Π»Π° Π½Π΅ΠΈΡΠΏΡΠ°Π²Π½ΠΎΡΡΠΈ (ΠΠ‘Π) ΡΠ΅ ΡΠ΅Ρ
Π½ΠΈΠΊΠ° Π·Π° Π°Π½Π°Π»ΠΈΠ·Ρ ΠΏΠΎΡΠ·Π΄Π°Π½ΠΎΡΡΠΈ ΠΊΠΎΡΠ° ΡΠ΅ ΠΊΠΎΡΠΈΡΡΠΈ Π·Π° ΠΎΠ΄ΡΠ΅ΡΠΈΠ²Π°ΡΠ΅ ΡΠ·ΡΠΎΠΊΠ° ΠΈ Π²Π΅ΡΠΎΠ²Π°ΡΠ½ΠΎΡΠ΅ ΠΎΡΠΊΠ°Π·Π° ΡΠΈΡΡΠ΅ΠΌΠ°. ΠΠ‘Π ΡΠ΅ Π±Π°Π·ΠΈΡΠ°Π½Π° Π½Π° ΡΡΠ°Π±Π»Ρ Π½Π΅ΠΈΡΠΏΡΠ°Π²Π½ΠΎΡΡΠΈ (Π‘Π), Π³ΡΠ°ΡΠΈΡΠΊΠΎΠΌ ΠΌΠΎΠ΄Π΅Π»Ρ ΠΊΠΎΡΠΈ ΠΊΠΎΡΠΈΡΡΠΈ Π»ΠΎΠ³ΠΈΡΠΊΠ° ΠΊΠΎΠ»Π° ΠΈ ΠΎΡΠΊΠ°Π·Π½Π΅ Π΄ΠΎΠ³Π°ΡΠ°ΡΠ΅ Π·Π° ΠΏΡΠ΅Π΄ΡΡΠ°Π²ΡΠ°ΡΠ΅ ΡΠ·ΡΠΎΡΠ½ΠΎ-ΠΏΠΎΡΠ»Π΅Π΄ΠΈΡΠ½ΠΈΡ
Π²Π΅Π·Π° ΠΈΠ·ΠΌΠ΅ΡΡ Π΄ΠΎΠ³Π°ΡΠ°ΡΠ° ΠΊΠΎΡΠΈ ΠΏΡΠ΅ΡΡ
ΠΎΠ΄Π΅ ΠΎΡΠΊΠ°Π·Ρ ΡΠΈΡΡΠ΅ΠΌΠ°. ΠΠ²Π°Π»ΠΈΡΠ°ΡΠΈΠ²Π½ΠΈ Π΄Π΅ΠΎ ΠΠ‘Π ΡΠ°ΡΡΠΎΡΠΈ ΡΠ΅ Ρ ΠΎΠ΄ΡΠ΅ΡΠΈΠ²Π°ΡΡ ΠΌΠΈΠ½ΠΈΠΌΠ°Π»Π½ΠΈΡ
ΡΠΊΡΠΏΠΎΠ²Π° ΠΏΡΠ΅ΡΠ΅ΠΊΠ°. Π‘ΠΊΡΠΏ ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΡΠ΅ ΡΠΊΡΠΏ ΠΏΡΠΈΠΌΠ°ΡΠ½ΠΈΡ
Π΄ΠΎΠ³Π°ΡΠ°ΡΠ° ΠΊΠΎΡΠΈ, ΠΊΠ°Π΄Π° ΡΠ΅ Π΄ΠΎΠ³ΠΎΠ΄Π΅ ΠΈΡΡΠΎΠ²ΡΠ΅ΠΌΠ΅Π½ΠΎ, Π΄ΠΎΠ²ΠΎΠ΄Π΅ Π΄ΠΎ ΠΎΡΠΊΠ°Π·Π° ΡΠΈΡΠ΅ΠΌΠ°. ΠΠΈΠ½ΠΈΠΌΠ°Π»Π½ΠΈ ΡΠΊΡΠΏ ΠΏΡΠ΅ΡΠ΅ΠΊΠ° (ΠΌΠΈΠ½ΠΈΠΏΡΠ΅ΡΠ΅ΠΊ) ΡΠ΅ ΡΠΊΡΠΏ ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΠΊΠΎΡΠΈ ΡΠ΅ ΡΠ΅Π΄ΡΠΊΠΎΠ²Π°Π½ Π½Π° ΠΌΠΈΠ½ΠΈΠΌΠ°Π»Π½ΠΈ Π±ΡΠΎΡ Π΅Π»Π΅ΠΌΠ΅Π½Π°ΡΠ° ΠΊΠΎΡΠΈ ΠΈΠ·Π°Π·ΠΈΠ²Π°ΡΡ ΠΎΡΠΊΠ°Π· ΡΠΈΡΡΠ΅ΠΌΠ°.
Π£ ΠΎΠ²ΠΎΡ Π΄ΠΈΡΠ΅ΡΡΠ°ΡΠΈΡΠΈ ΡΠ΅ ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Π° Π½ΠΎΠ²Π° ΠΌΠ΅ΡΠΎΠ΄Π° Π·Π° ΠΎΠ΄ΡΠ΅ΡΠΈΠ²Π°ΡΠ΅ ΠΌΠΈΠ½ΠΈΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΠΊΠΎΡ
Π΅ΡΠ΅Π½ΡΠ½ΠΎΠ³ Π‘Π, Π‘Π ΠΊΠΎΡΠ΅ ΡΠ°Π΄ΡΠΆΠΈ ΡΠ°ΠΌΠΎ Π ΠΈ ΠΠΠ Π»ΠΎΠ³ΠΈΡΠΊΠ° ΠΊΠΎΠ»Π°, ΡΠ° Π²ΠΈΡΠ΅ΡΡΡΡΠΊΠΈΠΌ Π΄ΠΎΠ³Π°ΡΠ°ΡΠΈΠΌΠ°. ΠΠ΅ΡΠΎΠ΄Π° ΡΠ΅ Π·Π°ΡΠ½ΠΎΠ²Π°Π½Π° Π½Π° ΠΏΠΎΡΠ΅Π±Π½ΠΎΠΌ ΡΠΈΠΏΡ ΠΠ΅ΡΡΠΈΡΠ΅Π²ΠΈΡ
ΠΌΡΠ΅ΠΆΠ° β ΠΈΠ½Π²Π΅ΡΠ·Π½ΠΈΠΌ ΠΠ΅ΡΡΠΈΡΠ΅Π²ΠΈΠΌ ΠΌΡΠ΅ΠΆΠ°ΠΌΠ°.
ΠΡΠ²ΠΎ ΡΠ΅ ΠΏΡΠ΅Π΄ΡΡΠ°Π²ΡΠ΅Π½ Π½ΠΎΠ²ΠΈ Π°Π»Π³ΠΎΡΠΈΡΠ°ΠΌ Π·Π° ΡΠ΅Π΄ΡΠΊΡΠΈΡΡ ΡΠΊΡΠΏΠΎΠ²Π° ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΠΊΠΎΡ
Π΅ΡΠ΅Π½ΡΠ½ΠΎΠ³ Π‘Π. ΠΠ΄ΡΠ΅ΡΠΈΠ²Π°ΡΠ΅ ΡΠ²ΠΈΡ
ΠΌΠΈΠ½ΠΈΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΠΊΠΎΡ
Π΅ΡΠ΅Π½ΡΠ½ΠΎΠ³ Π‘Π ΡΠ΅ ΠΠ ΡΠ΅ΠΆΠ°ΠΊ ΠΏΡΠΎΠ±Π»Π΅ΠΌ. Π£ Π΄ΠΈΡΠ΅ΡΡΠ°ΡΠΈΡΠΈ ΡΠ΅ ΡΠ°Π·ΠΌΠ°ΡΡΠ°ΡΡ ΠΏΡΠΈΡΡΡΠΏΠΈ ΠΊΠΎΡΠΈΠΌΠ° ΡΠ΅ ΠΏΡΠ²ΠΎ ΠΎΠ΄ΡΠ΅ΡΡΡΡ ΡΠ²ΠΈ ΡΠΊΡΠΏΠΎΠ²ΠΈ ΠΏΡΠ΅ΡΠ΅ΠΊΠ° Π΄Π°ΡΠΎΠ³ Π‘Π Π° Π·Π°ΡΠΈΠΌ ΡΠ΅ Π²ΡΡΠΈ Π΅Π»ΠΈΠΌΠΈΠ½ΠΈΡΠ°ΡΠ΅ Π½Π°Π΄ΡΠΊΡΠΏΠΎΠ²Π°, ΠΎΠ΄Π½ΠΎΡΠ½ΠΎ ΡΠΊΡΠΏΠΎΠ²Π° ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΠΊΠΎΡΠΈ Π½ΠΈΡΡ ΠΌΠΈΠ½ΠΈΠΌΠ°Π»Π½ΠΈ. Π£ ΡΠΈΠΌ ΠΏΡΠΈΡΡΡΠΏΠΈΠΌΠ°, Π‘Π ΡΠ΅ ΡΡΠ°Π½ΡΡΠΎΡΠΌΠΈΡΠ΅ Ρ Π΅ΠΊΠ²ΠΈΠ²Π°Π»Π΅Π½ΡΠ½Ρ Π±ΡΠ»ΠΎΠ²Ρ ΡΠ΅Π΄Π½Π°ΡΠΈΠ½Ρ Ρ ΠΊΠΎΡΠΎΡ ΡΠ΅, Π·Π°ΡΠΈΠΌ, Π΅Π»ΠΈΠΌΠΈΠ½ΠΈΡΡ ΡΠ²ΠΈ ΡΠ΅Π΄ΡΠ½Π΄Π°Π½ΡΠ½ΠΈ ΡΠΊΡΠΏΠΎΠ²ΠΈ ΠΏΡΠ΅ΡΠ΅ΠΊΠ°. ΠΠ΅Ρ ΡΠ΅ Π΄ΠΎΠΊΠ°Π·Π°Π½ΠΎ Π΄Π° ΡΡ ΡΠΊΡΠΏΠΎΠ²ΠΈ ΠΏΡΠ΅ΡΠ΅ΠΊΠ°, ΠΊΠΎΡΠΈ Π½Π΅ ΡΠ°Π΄ΡΠΆΠ΅ Π²ΠΈΡΠ΅ΡΡΡΡΠΊΠ΅ Π΄ΠΎΠ³Π°ΡΠ°ΡΠ΅, ΠΌΠΈΠ½ΠΈΠΌΠ°Π»Π½ΠΈ. Π’ΠΈΠΌΠ΅ ΡΠ΅ ΡΠ΅Π΄ΡΠΊΡΠΈΡΠ° ΠΎΠ³ΡΠ°Π½ΠΈΡΠ°Π²Π° ΡΠ°ΠΌΠΎ Π½Π° ΡΠΊΡΠΏΠΎΠ²Π΅ ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΡΠ° Π²ΠΈΡΠ΅ΡΡΡΡΠΊΠΈΠΌ Π΄ΠΎΠ³Π°ΡΠ°ΡΠΈΠΌΠ°. Π£ ΠΎΠ²ΠΎΡ Π΄ΠΈΡΠ΅ΡΡΠ°ΡΠΈΡΠΈ ΡΠ΅ ΠΏΠΎΡΠΌΠ°ΡΡΠ° ΡΠΎΡ ΡΠ΅Π΄Π½Π° Π²ΡΡΡΠ° ΡΠΊΡΠΏΠΎΠ²Π° ΠΏΡΠ΅ΡΠ΅ΠΊΠ°: ΠΎΠ½ΠΈ ΠΊΠΎΡΠΈ, Π°ΠΊΠΎ ΡΠ°Π΄ΡΠΆΠ΅ Π½Π΅ΠΊΠΈ Π²ΠΈΡΠ΅ΡΡΡΡΠΊΠΈ Π΄ΠΎΠ³Π°ΡΠ°Ρ, ΡΠ°Π΄ΡΠΆΠ΅ ΡΠ²Π° ΡΠ΅Π³ΠΎΠ²Π° ΠΏΠΎΠ½Π°Π²ΡΠ°ΡΠ°. ΠΠ²Π°ΠΊΠ²ΠΈ ΡΠΊΡΠΏΠΎΠ²ΠΈ ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΡΡ ΠΎΠ·Π½Π°ΡΠ΅Π½ΠΈ ΡΠ° C*. ΠΠΎΠΊΠ°Π·ΡΡΠ΅ ΡΠ΅ Π΄Π° ΡΠ΅ ΡΠΊΡΠΏ ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΠΎΠ±Π»ΠΈΠΊΠ° C*, Π°ΠΊΠΎ ΠΏΠΎΡΡΠΎΡΠΈ, ΡΠ°ΠΊΠΎΡΠ΅ ΠΌΠΈΠ½ΠΈΠΌΠ°Π»Π°Π½. Π’ΠΈΠΌΠ΅ ΡΠ΅ Π΄ΠΎΠ΄Π°ΡΠ½ΠΎ ΡΠΊΡΠ°ΡΡΡΠ΅ ΠΏΠΎΡΡΡΠΏΠ°ΠΊ ΡΠ΅Π΄ΡΠΊΡΠΈΡΠ΅ Π±ΡΠ»ΠΎΠ²Π΅ ΡΠ΅Π΄Π½Π°ΡΠΈΠ½Π΅. ΠΠ°ΡΠΈΠΌ ΡΠ΅, Π΄Π°ΡΠ΅, Π΄ΠΎΠΊΠ°Π·ΡΡΡ ΡΡΠ»ΠΎΠ²ΠΈ Π·Π° ΠΏΠΎΡΡΠΎΡΠ°ΡΠ΅ ΡΠΊΡΠΏΠΎΠ²Π° ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΠΎΠ±Π»ΠΈΠΊΠ° C* ΠΈ ΠΎΠ΄ΡΠ΅ΡΡΡΠ΅ ΠΌΠΈΠ½ΠΈΠΌΠ°Π»Π½Π° Π±ΡΠΎΡ ΡΠΊΡΠΏΠΎΠ²Π° ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΠΊΠΎΡΠΈ ΡΠ΅ ΠΌΠΎΠ³Ρ Π΅Π»ΠΈΠΌΠΈΠ½ΠΈΡΠ°ΡΠΈ ΠΊΠ°ΠΎ
Π½Π°Π΄ΡΠΊΡΠΏ ΠΎΠ΄ C*. ΠΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½ ΡΠ΅ Π½ΠΎΠ²ΠΈ Π°Π»Π³ΠΎΡΠΈΡΠ°ΠΌ Π·Π° ΡΠ΅Π΄ΡΠΊΡΠΈΡΡ Π±ΡΠ»ΠΎΠ²Π΅ ΡΠ΅Π΄Π½Π°ΡΠΈΠ½Π΅ Π΄Π°ΡΠΎΠ³
Π‘Π, ΠΊΠΎΡΠΈ ΡΠ΅ Π±Π°Π·ΠΈΡΠ° Π½Π° ΡΠ°Π·Π΄Π²Π°ΡΠ°ΡΡ ΡΠΊΡΠΏΠΎΠ²Π° ΠΏΡΠ΅ΡΠ΅ΠΊΠ° Ρ ΡΡΠΈ Π³ΡΡΠΏΠ΅: ΡΠΊΡΠΏΠΎΠ²ΠΈ ΠΏΡΠ΅ΡΠ΅ΠΊΠ°
Π±Π΅Π· Π²ΠΈΡΠ΅ΡΡΡΡΠΊΠΈΡ
Π΄ΠΎΠ³Π°ΡΠ°ΡΠ°, ΡΠΊΡΠΏΠΎΠ²ΠΈ ΠΏΡΠ΅ΡΠ΅ΠΊΠ° ΠΎΠ±Π»ΠΈΠΊΠ° C* ΠΈ ΠΎΡΡΠ°Π»ΠΈ ΡΠΊΡΠΏΠΎΠ²ΠΈ ΠΏΡΠ΅ΡΠ΅ΠΊΠ°.
ΠΡΠΈΠΊΠ°ΡΠ½ΠΎΡΡ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΡΠ΅ ΠΈΠ»ΡΡΡΡΠΎΠ²Π°Π½Π° Π½Π° Π³ΡΡΠΏΠΈ ΡΠ΅ΡΡ...The Fault Tree Analysis (FTA) is a reliability analysis technique used to determine the root causes and probability of occurrence of a specified top event. FTA is based on a Fault Tree (FT), a graphical model using logic gates and fault events to model the cause-effect relationships involved in causing the top event. Determining minimal cut sets is a qualitative part in the FTA. The cut set is a set of basic events which, when simultaneous, cause the top event to occur. The minimal cut set (minicut) is a cut set which has been reduced to the minimum number of events that cause the top event to occur.
This Dissertation proposes a new method for minicuts generation of a coherent FT, constructed using AND and OR logic operator only, with repeated events. The approach is based on the special type of Petri Nets β Reverse Petri Net.
First, a new algorithm for reducing cut sets in coherent fault trees is presented. Determining all minicuts of a fault tree is NP-hard problem. Coherent fault trees and the top-down approaches for minicuts generation are considered. The FT can be translated into an equivalent Boolean expression. Obtained Boolean expression then should be reduced by eliminating all redundant cut sets. It is already proved that the cut sets not containing any repeated event are minicuts. This limits the reduction only to the cut sets containing repeated events. Cut sets containing all repetitions of its events are denoted by {C*}. It is proved that C*, if exists, is also minicut. This further limits the reduction of the Boolean expression. In addition, we proved conditions for existence of C* and calculated the minimal number of cut sets that can be eliminated as subsets of C*. Finally, a new algorithm for reduction of the Boolean expression which is based on the partition of the cut sets into three families: those not containing any repeated event, those of type C*, and others, is proposed. The efficiency of the algorithm is shown by applying it to some benchmark fault trees..
