5,341 research outputs found
Semantic Embedding of Petri Nets into Event-B
We present an embedding of Petri nets into B abstract systems. The embedding
is achieved by translating both the static structure (modelling aspect) and the
evolution semantics of Petri nets. The static structure of a Petri-net is
captured within a B abstract system through a graph structure. This abstract
system is then included in another abstract system which captures the evolution
semantics of Petri-nets. The evolution semantics results in some B events
depending on the chosen policies: basic nets or high level Petri nets. The
current embedding enables one to use conjointly Petri nets and Event-B in the
same system development, but at different steps and for various analysis.Comment: 16 pages, 3 figure
Globally reasoning about localised security policies in distributed systems
In this report, we aim at establishing proper ways for model checking the
global security of distributed systems, which are designed consisting of set of
localised security policies that enforce specific issues about the security
expected.
The systems are formally specified following a syntax, defined in detail in
this report, and their behaviour is clearly established by the Semantics, also
defined in detail in this report. The systems include the formal attachment of
security policies into their locations, whose intended interactions are trapped
by the policies, aiming at taking access control decisions of the system, and
the Semantics also takes care of this.
Using the Semantics, a Labelled Transition System (LTS) can be induced for
every particular system, and over this LTS some model checking tasks could be
done. We identify how this LTS is indeed obtained, and propose an alternative
way of model checking the not-yet-induced LTS, by using the system design
directly. This may lead to over-approximation thereby producing imprecise,
though safe, results. We restrict ourselves to finite systems, in the sake of
being certain about the decidability of the proposed method.
To illustrate the usefulness and validity of our proposal, we present 2 small
case-study-like examples, where we show how the system can be specified, which
policies could be added to it, and how to decide if the desired global security
property is met.
Finally, an Appendix is given for digging deeply into how a tool for
automatically performing this task is being built, including some
implementation issues. The tool takes advantage of the proposed method, and
given some system and some desired global security property, it safely (i.e.
without false positives) ensures satisfaction of it
Quantitative Analysis of Opacity in Cloud Computing Systems
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Federated cloud systems increase the reliability and reduce the cost of the computational support.
The resulting combination of secure private clouds and less secure public clouds, together with the fact that resources need to be located within different clouds, strongly affects the information flow security of the entire system. In this paper, the clouds as well as entities of a federated cloud system are
assigned security levels, and a probabilistic flow sensitive security model for a federated cloud system is proposed. Then the notion of opacity --- a notion capturing the security of information flow ---
of a cloud computing systems is introduced, and different variants of quantitative analysis of opacity are presented. As a result, one can track the information flow in a cloud system, and analyze the impact of different resource allocation strategies by quantifying the corresponding opacity characteristics
Dependability Analysis of Control Systems using SystemC and Statistical Model Checking
Stochastic Petri nets are commonly used for modeling distributed systems in
order to study their performance and dependability. This paper proposes a
realization of stochastic Petri nets in SystemC for modeling large embedded
control systems. Then statistical model checking is used to analyze the
dependability of the constructed model. Our verification framework allows users
to express a wide range of useful properties to be verified which is
illustrated through a case study
Towards Efficient Verification of Population Protocols
Population protocols are a well established model of computation by
anonymous, identical finite state agents. A protocol is well-specified if from
every initial configuration, all fair executions reach a common consensus. The
central verification question for population protocols is the
well-specification problem: deciding if a given protocol is well-specified.
Esparza et al. have recently shown that this problem is decidable, but with
very high complexity: it is at least as hard as the Petri net reachability
problem, which is EXPSPACE-hard, and for which only algorithms of non-primitive
recursive complexity are currently known.
In this paper we introduce the class WS3 of well-specified strongly-silent
protocols and we prove that it is suitable for automatic verification. More
precisely, we show that WS3 has the same computational power as general
well-specified protocols, and captures standard protocols from the literature.
Moreover, we show that the membership problem for WS3 reduces to solving
boolean combinations of linear constraints over N. This allowed us to develop
the first software able to automatically prove well-specification for all of
the infinitely many possible inputs.Comment: 29 pages, 1 figur
Portunes: analyzing multi-domain insider threats
The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties
Enhancing workflow-nets with data for trace completion
The growing adoption of IT-systems for modeling and executing (business)
processes or services has thrust the scientific investigation towards
techniques and tools which support more complex forms of process analysis. Many
of them, such as conformance checking, process alignment, mining and
enhancement, rely on complete observation of past (tracked and logged)
executions. In many real cases, however, the lack of human or IT-support on all
the steps of process execution, as well as information hiding and abstraction
of model and data, result in incomplete log information of both data and
activities. This paper tackles the issue of automatically repairing traces with
missing information by notably considering not only activities but also data
manipulated by them. Our technique recasts such a problem in a reachability
problem and provides an encoding in an action language which allows to
virtually use any state-of-the-art planning to return solutions
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
- …