Fifth Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools Aarhus, Denmark, October 8-11, 2004

This booklet contains the proceedings of the Fifth Workshop on Practical Use of Coloured Petri Nets and the CPN Tools, October 8-11, 2004. The workshop is organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark. The papers are also available in electronic form via the web pages: http://www.daimi.au.dk/CPnets/workshop0

Approches formelles pour la modélisation et la vérification du contrôle d'accès et des contraintes temporelles dans les systèmes d'information

RÉSUMÉ Nos travaux de recherche s’inscrivent dans un cadre qui vise à développer des approches formelles pour aider à concevoir des systèmes d’information avec un bon niveau de sûreté et de sécurité. Précisément, il s’agit de disposer d’approches pour vérifier qu’un système fonctionne correctement et qu’il implémente une politique de sécurité qui répond à ses besoins spécifiques en termes de confidentialité, d’intégrité et de disponibilité des données. Notre recherche s’est ainsi construite autour de la volonté de développer, valoriser et élargir l’utilisation des réseaux de Petri en tant qu’outil de modélisation et le model-checking en tant que technique de vérification. Notre principal objectif est d’exprimer la dimension temporelle de manière quantitative pour vérifier des propriétés temporelles telles que la disponibilité des données, la durée d’exécution des tâches, les deadlines, etc. Tout d’abord, nous proposons une extension du modèle TSCPN (Timed Secure Colored Petri Net), initialement présenté dans mon mémoire de maˆıtrise. Le modèle TSCPN permet de modéliser et de raisonner sur les droits d’accès aux données exprimés via une politique de contrôle d’accès mandataire, i.e. Modèle de Bell-LaPadula. Ensuite, nous investigons l’idée d’utiliser les réseaux de Petri colorés pour représenter les politiques de contrôle d’accès à base de rôles (Role Based Access Control - RBAC). Notre objectif est de fournir des guides précis pour aider à la spécification d’une politique RBAC cohérente et complète, appuyée par les réseaux de Petri colorés et l’outil CPNtools. Finalement, nous proposons d’enrichir la classe des réseaux de Petri temporels par une nouvelle extension qui permet d’exprimer plus d’un seul type de contraintes temporelles. Il s’agit du modèle TAWSPN (Timed Arc Petri net - Weak and Strong semantics). Notre but étant d’offrir une grande flexibilité dans la modélisation de systèmes temporisés complexes sans complexifier les méthodes d’analyse classiques. En effet, le modèle TAWSPN offre une technique de modelchecking, basée sur la construction de graphes des zones (Gardey et al., 2003), comparables à celles des autres extensions temporelles des réseaux de Petri. ----------ABSTRACT Our research is integrated within a framework that aims to develop formal approaches to help in the design of information systems with a good level of safety and security. Specifically, these approaches have to verify that a system works correctly and that it implements a security policy that meets its specific needs in terms of data confidentiality, integrity and availability. Our research is thus built around the aim to develop, enhance and expand the use of Petri nets as a modeling tool and the Model-checking as a verification technique. Our main objective is to express the temporal dimension in order to check quantitative temporal properties such as data availability, task execution duration, deadlines, etc. First, we propose an extension of the TSCPN (Timed Secure Colored Petri Net) model, originally presented in my master’s thesis. This model allows representing and reasoning about access rights, expressed via a mandatory access control policy, i.e. Bell-LaPadula model. In a second step, we investigate the idea of using colored Petri nets to represent role based access control policies (RBAC). Our goal is to provide specific guidelines to assist in the specification of a coherent and comprehensive RBAC, supported by colored Petri nets and CPNtools. Finally, we propose to enrich the class of time Petri nets by a new extension that allows to express more than one kind of time constraint, named TAWSPN (Timed-Arc Petri net Weak and Strong semantics). Our goal is to provide great flexibility in modeling complex systems without complicating the conventional methods of analysis. Indeed, the TAWSPN model offers a model-checking technique based on the construction of zone graphs (Gardey et al., 2003), comparable to those of other extensions of timed Petri net

CPN Modelling And Performance Analysis Of CBHSA

Security is a major issue associated with MAs and Hosts. MAs themselves may need to be protected from the hosts they visit and vice versa. For mobile multi agents, a new Cryptography Based Hierarchical Security Architecture (CBHSA) has already been proposed in our previous work. CBHSA provides four different kinds of algorithms to secure agents during migration which combines various existing security mechanisms such as encryption and decryption, signed agreement etc. This paper gives the description of Colored Petri Net (CPN) modelling of CBHSA and analyses the performance of CBHSA against some identified parameters. Different graphs have been developed for min, max and average values of different parameters. Simulation results show that CBHSA gives expected result and secure MAs and hosts from attacks

Model Driven Development and Maintenance of Business Logic for Information Systems

Since information systems become more and more important in today\''s society, business firms, organizations, and individuals rely on these systems to manage their daily business and social activities. The dependency of possibly critical business processes on complex IT systems requires a strategy that supports IT departments in reducing the time needed to implement changed or new domain requirements of functional departments. In this context, software models help to manage system\''s complexity and provide a tool for communication and documentation purposes. Moreover, software engineers tend to use automated software model processing such as code generation to improve development and maintenance processes. Particularly in the context of web-based information systems, a number of model driven approaches were developed. However, we believe that compared to the user interface layer and the persistency layer, there could be a better support of consistent approaches providing a suitable architecture for the consistent model driven development of business logic. To ameliorate this situation, we developed an architectural blueprint consisting of meta models, tools, and a method support for model driven development and maintenance of business logic from analysis until system maintenance. This blueprint, which we call Amabulo infrastructure, consists of five layers and provides concepts and tools to set up and apply concrete infrastructures for model driven development projects. Modeling languages can be applied as needed. In this thesis we focus on business logic layers of J2EE applications. However, concrete code generation rules can be adapted easily for different target platforms. After providing a high-level overview of our Amabulo infrastructure, we describe its layers in detail: The Visual Model Layer is responsible for all visual modeling tasks. For this purpose, we discuss requirements for visual software models for business logic, analyze several visual modeling languages concerning their usefulness, and provide an UML profile for business logic models. The Abstract Model Layer provides an abstract view on the business logic model in the form of a domain specific model, which we call Amabulo model. An Amabulo model is reduced to pure logical information concerning business logic aspects. It focuses on information that is relevant for the code generation. For this purpose, an Amabulo model integrates model elements for process modeling, state modeling, and structural modeling. It is used as a common interface between visual modeling languages and code generators. Visual models of the Visual Model Layer are automatically transformed into an Amabulo model. The Abstract System Layer provides a formal view onto the system in the form of a Coloured Petri Net (CPN). A Coloured Petri Net representation of the modeled business logic is a formal structure and independent of the actual business logic implementation. After an Amabulo model is automatically transformed into a CPN, it can be analyzed and simulated before any line of code is generated. The Code Generation Layer is responsible for code generation. To support the design and implementation of project-specific code generators, we discuss several aspects of code integration issues and provide object-oriented design approaches to tackle the issues. Then, we provide a conceptual mapping of Amabulo model elements into architectural elements of a J2EE infrastructure. This mapping explicitly considers robustness features, which support a later manual integration of generated critical code artifacts and external systems. The Application Layer is the target layer of an Amabulo infrastructure and comprises generated code artifacts. These artifacts are instances of a specific target platform specification, and they can be modified for integration purposes with development tools. Through the contributions in this thesis, we aim to provide an integrated set of solutions to support an efficient model driven development and maintenance process for the business logic of information systems. Therefore, we provide a consistent infrastructure blueprint that considers modeling tasks, model analysis tasks, and code generation tasks. As a result, we see potential for reducing the development and maintenance efforts for changed domain requirements and simultaneously guaranteeing robustness and maintainability even after several changes

Eighth Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools, Aarhus, Denmark, October 22-24, 2007

This booklet contains the proceedings of the Eighth Workshop on Practical Use of Coloured Petri Nets and the CPN Tools, October 22-24, 2007. The workshop is organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark. The papers are also available in electronic form via the web pages: http://www.daimi.au.dk/CPnets/workshop0

Context-aware workflow management in eHealth applications

Workflows are a technology to structure work in functional, non-overlapping steps. They define not only the order of execution of the steps, and describe whether steps are executed in parallel, they also specify who or what tool has to fulfill which step. Workflows offer the possibility to automate work, to increase the understandability of processes, and they ease the control of process execution. The tools to manage workflows, so called workflow management systems (WfMSs), are traditionally rigid as they separate workflow definition done at build time from workflow execution done at run time. This makes them ill-suited for managing flexible and unstructured workflows. In this thesis, we focus on the support of flexible processes in eHealth, which are affected by more foreseen than unforeseen events. To bridge the gap between rigid WfMSs and flexible workflows, we developed a concept for dynamic and context-aware workflow management called Flexwoman. Although our focus lies on flexible eHealth processes, Flexwoman is a generic approach that can be applied to several different application domains. Flexwoman supports the usage of context information to adapt processes automatically at run time to foreseen events. Processes can also be manually adapted to handle unforeseen events. To achieve this flexibility, context information from different sensors is unified and thus can be analyzed in the same way. The analysis and adaptation of workflows is executed with a rule engine. A rule engine can store, reason about and apply knowledge automatically and efficiently. Rules and application logic are separated, thus, rules can be changed during run time without affecting application logic or process description. Workflows are internally described by Hierarchical Colored Petri nets (HCPNs) and executed by a HCPN execution engine. HCPNs allow for a deterministic execution of workflows and can represent workflows on different levels of detail. In summary, in Flexwoman, significant context changes (events) trigger automated adaptations that replace parts of the workflow by sub workflows, which can in turn be adapted. The adaptations and the rules for context-aware adaptation are saved in the organizational memory for later reuse. Flexwoman’s event based behavior facilitates proactive adaptations instead of only allowing for adaptations while entering or leaving a task. Replacements are not bound to special places defined at build time but each part of the workflow, which has not been executed yet, can be replaced at run time. We implemented and evaluated the concept. The evaluations show i) that all required functionality is available, ii) that the system scales with a growing number of rules, and iii) that the system correctly handles failure situations

Neighborhood Detection in Mobile Ad-Hoc Network Using Colored Petri Net

Colored Petri Nets (CPNs) [2] is a language for the modeling and validation of systems in which concurrency, communication [6], and synchronization play a major role. Colored Petri Nets is a discrete-event modeling language combining Petri nets with the functional programming language Standard ML. Petri nets provide the foundation of the graphical notation and the basic primitives for modeling concurrency, communication, and synchronization. Standard ML provides the primitives for the definition of data types, describing data manipulation, and for creating compact and parameterizable models. A CPN model of a system is an executable model representing the states of the system and the events (transitions) that can cause the system to change state [4]. The CPN language makes it possible to organize a model as a set of modules, and it includes a time concept for representing the time taken to execute events in the modeled system. In a mobile ad-hoc network(MANET) mobile nodes directly send messages to each other via wireless transmission. A node can send a message to another node beyond its transmission range by using other nodes as relay points, and thus a node can function as a router [1]. Typical applications of MANETS include defense systems such as battlefield survivability and disaster recovery. The research on MANETs originates from part of the Advanced Research Projects Agency(ARPA) project in the 1970s [1]. With the explosive growth of the Internet and mobile communication networks, challenging requirements have been introduced into MANETs and designing routing protocols has become more complex. One approach for ensuring correctness of an existing routing protocol is to create a formal model for the protocol and analyze the model to determine if indeed the protocol provides the defined service correctly. Colored Petri Nets are a suitable modeling language for this purpose as it can conveniently express non-determinism, concurrency and different levels of abstraction that are inherent in routing protocols. However, it is not easy to build a CPN model of a MANET because a node can move in and out of its transmission range and thus the MANET‟s topology dynamically changes. In this paper we propose an algorithm for addressing such mobility problem of a MANET [1]. Using this algorithm a node can find its neighbors ,which are dynamically changing, at any instant of time

A novel approach to emergency management of wireless telecommunication system

The survivability concerns the service continuity when the components of a system are damaged. This concept is especially useful in the emergency management of the system, as often emergencies involve accidents or incident disasters which more or less damage the system. The overall objective of this thesis study is to develop a quantitative management approach to the emergency management of a wireless cellular telecommunication system in light of its service continuity in emergency situations – namely the survivability of the system. A particular wireless cellular telecommunication system, WCDMA, is taken as an example to ground this research.The thesis proposes an ontology-based paradigm for service management such that the management system contains three models: (1) the work domain model, (2) the dynamic model, and (3) the reconfiguration model. A powerful work domain modeling tool called Function-Behavior-Structure (FBS) is employed for developing the work domain model of the WCDMA system. Petri-Net theory, as well as its formalization, is applied to develop the dynamic model of the WCDMA system. A concept in engineering design called the general and specific function concept is applied to develop a new approach to system reconfiguration for the high survivability of the system. These models are implemented along with a user-interface which can be used by emergency management personnel. A demonstration of the effectiveness of this study approach is included.There are a couple of contributions with this thesis study. First, the proposed approach can be added to contemporary telecommunication management systems. Second, the Petri Net model of the WCDMA system is more comprehensive than any dynamic model of the telecommunication systems in literature. Furthermore, this model can be extended to any other telecommunication system. Third, the proposed system reconfiguration approach, based on the general and specific function concept, offers a unique way for the survivability of any service provider system.In conclusion, the ontology-based paradigm for a service system management provides a total solution to service continuity as well as its emergency management. This paradigm makes the complex mathematical modeling of the system transparent to the manager or managerial personnel and provides a feasible scenario of the human-in-the-loop management