Profiling the publish/subscribe paradigm for automated analysis using colored Petri nets

UML sequence diagrams are used to graphically describe the message interactions between the objects participating in a certain scenario. Combined fragments extend the basic functionality of UML sequence diagrams with control structures, such as sequences, alternatives, iterations, or parallels. In this paper, we present a UML profile to annotate sequence diagrams with combined fragments to model timed Web services with distributed resources under the publish/subscribe paradigm. This profile is exploited to automatically obtain a representation of the system based on Colored Petri nets using a novel model-to-model (M2M) transformation. This M2M transformation has been specified using QVT and has been integrated in a new add-on extending a state-of-the-art UML modeling tool. Generated Petri nets can be immediately used in well-known Petri net software, such as CPN Tools, to analyze the system behavior. Hence, our model-to-model transformation tool allows for simulating the system and finding design errors in early stages of system development, which enables us to fix them at these early phases and thus potentially saving development costs

Combining SysML and Timed Coloured Petri Nets for Designing Smart City Applications

A smart city is an urban centre that integrates a variety of solutions to improve infrastructure performance and achieve sustainable urban development. Urban roads are a crucial infrastructure highly demanded by citizens and organisations interested in their deployment, performance, and safety. Urban traffic signal control is an important and challenging real-world problem that aims to monitor and improve traffic congestion. The deployment of traffic signals for vehicles or pedestrians at an intersection is a complex activity that changes constantly, so it is necessary to establish rules to control the flow of vehicles and pedestrians. Thus, this article describes the joint use of the SmartCitySysML, a profile proposed by the authors, with TCPN (Timed Coloured Petri Nets) to refine and formally model SysML diagrams specifying the internal behaviour, and then verify the developed model to prove behavioural properties of an urban traffic signal control system

Reliability assessment techniques for medical procedures

Healthcare aims to deliver good patient outcomes. However deviations in the application of medical procedures can result in failure to deliver reliable care, variation in patient results, waste of hospital resources and increase of risk to staff and patients. Venepuncture – the act of taking blood samples for laboratory tests – has been practised for centuries and is still one of the most common invasive procedures in healthcare. Each step of the procedure can affect the quality of the sample and is thus important for preventing rejection of blood specimens, patient and staff injury and even death. There is evidence that, despite published guidelines, there is wide variability in terms of the procedure, its duration and success rates. This variability can depend on numerous factors: material factors, such as equipment and tubes used during the drawing of blood, and staff factors, such as tourniquet technique and skill of the individual. If the variability effects on outcomes can be evaluated in terms of process reliability and efficiency, potential changes to the current medical practice can be tested before they are proposed and implemented. In this paper a reliability assessment technique based on engineering reliability modelling methods is proposed. A technique based on Petri nets and simulation is presented which can be used to mimic and analyse the performance of a medical procedure through graphical and probabilistic modelling features. The technique can be used to demonstrate variations in the venepuncture procedure affect the outcomes, such as reliability and the duration of the procedure. Different scenarios of resource allocation can be analysed and the most critical steps of the procedure identified. The proposed technique is illustrated using the information gained from interview and questionnaire responses from doctors and phlebotomists working in UK hospitals

A SysML profile for smart city applications

A smart city is an urban center that integrates a variety of solutions to enhance infrastructure performance and achieve sustainable urban development. Urban roads are a critical infrastructure highly demanded by citizens and organizations interested in their deployment, performance, and safety. Urban traffic signal control is a major and challenging problem in the real world, which aims to monitor and enhance traffic congestion. Therefore, the deployment of traffic signals for vehicles or pedestrians at a junction is a complex activity, as it is necessary to establish rules to control the flow of vehicles and pedestrians. Also, traffic flow at intersections changes constantly, depending on weather conditions, day of the week, and period of the year, as well as road works and accidents that further influence complexity and performance. This thesis first describes SmartCitySysML, a proposed profile that adapts SysML with special elements that are specific to smart cities. In addition, an extension of the SmartCitySysML profile to the design of the dimensions of smart cities is proposed. Finally, integration of models is performed, that is, the integration of the SmartCitySysML profile with Petri Net to separately model the basic architectural elements (sensor, controller, and actuator) of an urban traffic control system as sub-models to describe the behavior of each element, and the integration of the SmartCitySysML profile with Timed Coloured Petri Nets (TCPN) for modeling, simulation, and verification of properties of an urban traffic signal control system. CPN tools allow the evaluation of the model behavior through simulation and property verification and perform a simulation-based performance. Model simulation allows observing the behavior of the system under conditions that would be difficult to organize in a truly controlled environment. Consequently, a preliminary evaluation can be performed in the early stages of system development, significantly reducing costs of improvements and increasing quality of the final product.Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPESUma cidade inteligente é um centro urbano que integra uma variedade de soluções para melhorar o desempenho da infraestrutura e alcançar um desenvolvimento urbano sustentável. As estradas urbanas são uma infraestrutura crucial altamente exigida pelos cidadãos e organizações interessadas em sua implantação, desempenho e segurança. O controle de sinais de trânsito urbano é um problema importante e desafiador no mundo real, que visa monitorar e melhorar o congestionamento de trânsito. Portanto, a implantação de semáforos para veículos ou pedestres em um cruzamento é uma atividade complexa, pois é necessário estabelecer regras para controlar o fluxo de veículos e pedestres. O fluxo de tráfego no cruzamento muda constantemente, dependendo das condições climáticas, dia da semana e período do ano, assim como obras e acidentes rodoviários que influenciam ainda mais a complexidade e o desempenho. Esta dissertação descreve primeiro o SmartCitySysML, um perfil proposto que adapta a SysML com elementos especiais que são específicos para cidades inteligentes. Depois, é elaborada uma extensão do perfil SmartCitySysML para o design das dimensões das cidades inteligentes. Em seguida, é realizada a integração de modelos, ou seja, a integração do perfil SmartCitySysML com Redes de Petri para modelar separadamente os elementos arquiteturais básicos (sensor, controlador e atuador) de um sistema de controle de tráfego urbano como sub-modelos para demonstrar o comportamento de cada elemento, e a integração do perfil SmartCitySysML com Redes de Petri Colorida Temporizada (TCPN) para modelagem, simulação e verificação de propriedades do sistema de controle de sinais de trânsito urbano. As ferramentas CPN permitem avaliar o comportamento do modelo por meio de simulação e verificação de propriedades e realizar um desempenho baseado em simulação. A simulação de modelos permite observar o comportamento do sistema sob condições que seriam difíceis de organizar em um ambiente realmente controlado. Consequentemente, uma avaliação preliminar pode ser realizada nos estágios iniciais de desenvolvimento do sistema, reduzindo significativamente os custos de melhorias e aumentando a qualidade do produto final.São Cristóvão, S

Evaluating Resilience of Cyber-Physical-Social Systems

Nowadays, protecting the network is not the only security concern. Still, in cyber security, websites and servers are becoming more popular as targets due to the ease with which they can be accessed when compared to communication networks. Another threat in cyber physical social systems with human interactions is that they can be attacked and manipulated not only by technical hacking through networks, but also by manipulating people and stealing users’ credentials. Therefore, systems should be evaluated beyond cy- ber security, which means measuring their resilience as a piece of evidence that a system works properly under cyber-attacks or incidents. In that way, cyber resilience is increas- ingly discussed and described as the capacity of a system to maintain state awareness for detecting cyber-attacks. All the tasks for making a system resilient should proactively maintain a safe level of operational normalcy through rapid system reconfiguration to detect attacks that would impact system performance. In this work, we broadly studied a new paradigm of cyber physical social systems and defined a uniform definition of it. To overcome the complexity of evaluating cyber resilience, especially in these inhomo- geneous systems, we proposed a framework including applying Attack Tree refinements and Hierarchical Timed Coloured Petri Nets to model intruder and defender behaviors and evaluate the impact of each action on the behavior and performance of the system.Hoje em dia, proteger a rede não é a única preocupação de segurança. Ainda assim, na segurança cibernética, sites e servidores estão se tornando mais populares como alvos devido à facilidade com que podem ser acessados quando comparados às redes de comu- nicação. Outra ameaça em sistemas sociais ciberfisicos com interações humanas é que eles podem ser atacados e manipulados não apenas por hackers técnicos através de redes, mas também pela manipulação de pessoas e roubo de credenciais de utilizadores. Portanto, os sistemas devem ser avaliados para além da segurança cibernética, o que significa medir sua resiliência como uma evidência de que um sistema funciona adequadamente sob ataques ou incidentes cibernéticos. Dessa forma, a resiliência cibernética é cada vez mais discutida e descrita como a capacidade de um sistema manter a consciência do estado para detectar ataques cibernéticos. Todas as tarefas para tornar um sistema resiliente devem manter proativamente um nível seguro de normalidade operacional por meio da reconfi- guração rápida do sistema para detectar ataques que afetariam o desempenho do sistema. Neste trabalho, um novo paradigma de sistemas sociais ciberfisicos é amplamente estu- dado e uma definição uniforme é proposta. Para superar a complexidade de avaliar a resiliência cibernética, especialmente nesses sistemas não homogéneos, é proposta uma estrutura que inclui a aplicação de refinamentos de Árvores de Ataque e Redes de Petri Coloridas Temporizadas Hierárquicas para modelar comportamentos de invasores e de- fensores e avaliar o impacto de cada ação no comportamento e desempenho do sistema

Software Engineering and Petri Nets

This booklet contains the proceedings of the Workshop on Software Engineering and Petri Nets (SEPN), held on June 26, 2000. The workshop was held in conjunction with the 21st International Conference on Application and Theory of Petri Nets (ICATPN-2000), organised by the CPN group of the Department of Computer Science, University of Aarhus, Denmark. The SEPN workshop papers are available in electronic form via the web page:http://www.daimi.au.dk/pn2000/proceeding

Automated Validation of State-Based Client-Centric Isolation with TLA ⁺

Clear consistency guarantees on data are paramount for the design and implementation of distributed systems. When implementing distributed applications, developers require approaches to verify the data consistency guarantees of an implementation choice. Crooks et al. define a state-based and client-centric model of database isolation. This paper formalizes this state-based model in, reproduces their examples and shows how to model check runtime traces and algorithms with this formalization. The formalized model in enables semi-automatic model checking for different implementation alternatives for transactional operations and allows checking of conformance to isolation levels. We reproduce examples of the original paper and confirm the isolation guarantees of the combination of the well-known 2-phase locking and 2-phase commit algorithms. Using model checking this formalization can also help finding bugs in incorrect specifications. This improves feasibility of automated checking of isolation guarantees in synthesized synchronization implementations and it provides an environment for experimenting with new designs.</p

Recent advances in petri nets and concurrency

CEUR Workshop Proceeding

Verification of soundness and other properties of business processes

In this thesis we focus on improving current modeling and verification techniques for complex business processes. The objective of the thesis is to consider several aspects of real-life business processes and give specific solutions to cope with their complexity. In particular, we address verification of a proper termination property for workflows, called generalized soundness. We give a new decision procedure for generalized soundness that improves the original decision procedure. The new decision procedure reports on the decidability status of generalized soundness and returns a counterexample in case the workflow net is not generalized sound. We report on experimental results obtained with the prototype implementation we made and describe how to verify large workflows compositionally, using reduction rules. Next, we concentrate on modeling and verification of adaptive workflows — workflows that are able to change their structure at runtime, for instance when some exceptional events occur. In order to model the exception handling properly and allow structural changes of the system in a modular way, we introduce a new class of nets, called adaptive workflow nets. Adaptive workflow nets are a special type of Nets in Nets and they allow for creation, deletion and transformation of net tokens at runtime and for two types of synchronizations: synchronization on proper termination and synchronization on exception. We define some behavioral properties of adaptive workflow nets: soundness and circumspectness and employ an abstraction to reduce the verification of these properties to the verification of behavioral properties of a finite state abstraction. Further, we study how formal methods can help in understanding and designing business processes. We investigate this for the extended event-driven process chains (eEPCs), a popular industrial business process language used in the ARIS Toolset. Several semantics have been proposed for EPCs. However, most of them concentrated solely on the control flow. We argue that other aspects of business processes must also be taken into account in order to analyze eEPCs and propose a semantics that takes data and time information from eEPCs into account. Moreover, we provide a translation of eEPCs to Timed Colored Petri nets in order to facilitate verification of eEPCs. Finally, we discuss modeling issues for business processes whose behavior may depend on the previous behavior of the process, history which is recorded by workflow management systems as a log. To increase the precision of models with respect to modeling choices depending on the process history, we introduce history-dependent guards. The obtained business processes are called historydependent processes.We introduce a logic, called LogLogics for the specification of guards based on a log of a current running process and give an evaluation algorithm for such guards. Moreover, we show how these guards can be used in practice and define LogLogics patterns for properties that occur most commonly in practice