Reliable Restricted Process Theory

Malfunctions of a mobile ad hoc network (MANET) protocol caused by a conceptual mistake in the protocol design, rather than unreliable communication, can often be detected only by considering communication among the nodes in the network to be reliable. In Restricted Broadcast Process Theory, which was developed for the specification and verification of MANET protocols, the communication operator is lossy. Replacing unreliable with reliable communication invalidates existing results for this process theory. We examine the effects of this adaptation on the semantics of the framework with regard to the non-blocking property of communication in MANETs, the notion of behavioral equivalence relation and its axiomatization. To utilize our complete axiomatization for analyzing the correctness of protocols at the syntactic level, we introduce a precongruence relation which abstracts away from a sequence of multi-hop communications, leading to an application-level action preconditioned by a multi-hop constraint over the topology. We illustrate the applicability of our framework through a simple routing protocol. To prove its correctness, we introduce a novel proof process, based on our precongruence relation

Decentralized Runtime Enforcement of Message Sequences in Message-Based Systems

In the new generation of message-based systems such as network-based smart systems, distributed components collaborate via asynchronous message passing. In some cases, particular ordering among the messages may lead to violation of the desired properties such as data confidentiality. Due to the absence of a global clock and usage of o?-the-shelf components, there is no control over the order of messages at design time. To make such systems safe, we propose a choreography-based runtime enforcement algorithm that given an automata-based specification of unwanted message sequences, prevents certain messages to be sent, and assures that the unwanted sequences are not formed. Our algorithm is fully decentralized in the sense that each component is equipped with a monitor, as opposed to having a centralized monitor. As there is no global clock in message-based systems, the order of messages cannot be determined exactly. In this way, the monitors behave conservatively in the sense that they prevent a message from being sent, even when the sequence may not be formed. We aim to minimize conservative prevention in our algorithm when the message sequence has not been formed. The efficiency and scalability of our algorithm are evaluated in terms of the communication overhead and the blocking duration through simulation

Specification and Verification of Timing Properties in Interoperable Medical Systems

To support the dynamic composition of various devices/apps into a medical system at point-of-care, a set of communication patterns to describe the communication needs of devices has been proposed. To address timing requirements, each pattern breaks common timing properties into finer ones that can be enforced locally by the components. Common timing requirements for the underlying communication substrate are derived from these local properties. The local properties of devices are assured by the vendors at the development time. Although organizations procure devices that are compatible in terms of their local properties and middleware, they may not operate as desired. The latency of the organization network interacts with the local properties of devices. To validate the interaction among the timing properties of components and the network, we formally specify such systems in Timed Rebeca. We use model checking to verify the derived timing requirements of the communication substrate in terms of the network and device models. We provide a set of templates as a guideline to specify medical systems in terms of the formal model of patterns. A composite medical system using several devices is subject to state-space explosion. We extend the reduction technique of Timed Rebeca based on the static properties of patterns. We prove that our reduction is sound and show the applicability of our approach in reducing the state space by modeling two clinical scenarios made of several instances of patterns

Light Transmission through Three Types of Translucent Zirconia

Objective: Zirconia cores have limited light transmittance and data are scarce on light transmission through zirconia cores with and without the veneering ceramic.Methods: In this in vitro study, Disc-shaped specimens (11.5 mm in diameter and 0.4 (0.05) mm in thickness) were fabricated of three types of zirconia namely Mamut, Heany and ZirkonZahn (n=5).  A disc-shaped specimen (11.5 mm in diameter and 0.65 (0.05) mm in thickness) of veneering ceramic (Cerabien ZR, Kuraray, Noritake, Japan) was also fabricated. The intensity of light transmitted through the zirconia specimens with and without the veneering ceramic was recorded using a light curing unit (LED, SDI Radii Plus, Australia) and its respective radiometer (LED Radiometer, SDI, Australia). Data were analyzed using repeated measures ANOVA and Tukey’s HSD test.Results: A significant difference was noted in light transmission among different types of zirconia before and after veneering. After veneering, light transmission decreased in all specimens and the reduction in light transmission in Zirkonzahn group was significantly greater than that in Heany and Mamut groups (p<0.001).Conclusion: Veneered zirconia systems have limited translucency and ceramic veneering significantly decreases light transmission through zirconia