6,126 research outputs found
A unifying Petri net model of non-interference and non-deducibility information flow security
In this paper we introduce FIFO Information Flow Nets (FIFN) as a model for describing information flow security properties. The FIFN is based on Petri nets and has been derived from the work described in [Var89], [Var90] and [Rou86]. Using this new model, we present the information flow security properties Non-Interference between Places (which corresponds to Non-Interference) and Non-Deducibility on Views (which corresponds to Non-Deducibility on Inputs). Then we consider a very general composition operation and show that neither Non-Interference on Places nor Non-Deducibility on Views is preserved under this composition operation. This leads us to a new definition of information flow security referred to as the Feedback Non-Deducibility on Views. We then show that this definition is preserved under the composition operation. This leads us to a new definition of information flow security referred to as the Feedback Non-Deducibility on Views. We then show that this definition is preserved under the composition operation. We then show some similarities between this property and the notion of Non-Deducibility on Strategies
About Dynamical Systems Appearing in the Microscopic Traffic Modeling
Motivated by microscopic traffic modeling, we analyze dynamical systems which
have a piecewise linear concave dynamics not necessarily monotonic. We
introduce a deterministic Petri net extension where edges may have negative
weights. The dynamics of these Petri nets are well-defined and may be described
by a generalized matrix with a submatrix in the standard algebra with possibly
negative entries, and another submatrix in the minplus algebra. When the
dynamics is additively homogeneous, a generalized additive eigenvalue may be
introduced, and the ergodic theory may be used to define a growth rate under
additional technical assumptions. In the traffic example of two roads with one
junction, we compute explicitly the eigenvalue and we show, by numerical
simulations, that these two quantities (the additive eigenvalue and the growth
rate) are not equal, but are close to each other. With this result, we are able
to extend the well-studied notion of fundamental traffic diagram (the average
flow as a function of the car density on a road) to the case of two roads with
one junction and give a very simple analytic approximation of this diagram
where four phases appear with clear traffic interpretations. Simulations show
that the fundamental diagram shape obtained is also valid for systems with many
junctions. To simulate these systems, we have to compute their dynamics, which
are not quite simple. For building them in a modular way, we introduce
generalized parallel, series and feedback compositions of piecewise linear
concave dynamics.Comment: PDF 38 page
A Taxonomy of Workflow Management Systems for Grid Computing
With the advent of Grid and application technologies, scientists and
engineers are building more and more complex applications to manage and process
large data sets, and execute scientific experiments on distributed resources.
Such application scenarios require means for composing and executing complex
workflows. Therefore, many efforts have been made towards the development of
workflow management systems for Grid computing. In this paper, we propose a
taxonomy that characterizes and classifies various approaches for building and
executing workflows on Grids. We also survey several representative Grid
workflow systems developed by various projects world-wide to demonstrate the
comprehensiveness of the taxonomy. The taxonomy not only highlights the design
and engineering similarities and differences of state-of-the-art in Grid
workflow systems, but also identifies the areas that need further research.Comment: 29 pages, 15 figure
Petri Games: Synthesis of Distributed Systems with Causal Memory
We present a new multiplayer game model for the interaction and the flow of
information in a distributed system. The players are tokens on a Petri net. As
long as the players move in independent parts of the net, they do not know of
each other; when they synchronize at a joint transition, each player gets
informed of the causal history of the other player. We show that for Petri
games with a single environment player and an arbitrary bounded number of
system players, deciding the existence of a safety strategy for the system
players is EXPTIME-complete.Comment: In Proceedings GandALF 2014, arXiv:1408.556
On Modelling and Analysis of Dynamic Reconfiguration of Dependable Real-Time Systems
This paper motivates the need for a formalism for the modelling and analysis
of dynamic reconfiguration of dependable real-time systems. We present
requirements that the formalism must meet, and use these to evaluate well
established formalisms and two process algebras that we have been developing,
namely, Webpi and CCSdp. A simple case study is developed to illustrate the
modelling power of these two formalisms. The paper shows how Webpi and CCSdp
represent a significant step forward in modelling adaptive and dependable
real-time systems.Comment: Presented and published at DEPEND 201
On the Decidability of Non Interference over Unbounded Petri Nets
Non-interference, in transitive or intransitive form, is defined here over
unbounded (Place/Transition) Petri nets. The definitions are adaptations of
similar, well-accepted definitions introduced earlier in the framework of
labelled transition systems. The interpretation of intransitive
non-interference which we propose for Petri nets is as follows. A Petri net
represents the composition of a controlled and a controller systems, possibly
sharing places and transitions. Low transitions represent local actions of the
controlled system, high transitions represent local decisions of the
controller, and downgrading transitions represent synchronized actions of both
components. Intransitive non-interference means the impossibility for the
controlled system to follow any local strategy that would force or dodge
synchronized actions depending upon the decisions taken by the controller after
the last synchronized action. The fact that both language equivalence and
bisimulation equivalence are undecidable for unbounded labelled Petri nets
might be seen as an indication that non-interference properties based on these
equivalences cannot be decided. We prove the opposite, providing results of
decidability of non-interference over a representative class of infinite state
systems.Comment: In Proceedings SecCo 2010, arXiv:1102.516
A phenomenal basis for hybrid modelling
This work in progress extends the new mechanical philosophy from science to engineering. Engineering is the practice of organising the design and construction of artifices that satisfy needs in real-world contexts. This work shows how artifices can be described in terms of their mechanisms and composed through their observable phenomena.
Typically, the engineering of real system requires descrip- tions in many different languages: software components will be described in code; sensors and actuators in terms of their physical and electronic characteristics; plant in terms of differ- ential equations, perhaps. Another aspect of this work, then, to construct a formal framework so that diverse description languages can be used to characterise sub-mechanisms.
The work is situated in Problem Oriented Engineering, a design theoretic framework engineering defined by the first two authors
- …