Team automata for security analysis

We show that team automata (TA) are well suited for security analysis by reformulating the Generalized Non-Deducibility on Compositions (GNDC) schema in terms of TA. We then use this to show that integrity is guaranteed for a case study in which TA model an instance of the Efficient Multi-chained Stream Signature (EMSS) protocol

Research Challenges in Orchestration Synthesis

Contract automata allow to formally define the behaviour of service contracts in terms of service offers and requests, some of which are moreover optional and some of which are necessary. A composition of contracts is said to be in agreement if all service requests are matched by corresponding offers. Whenever a composition of contracts is not in agreement, it can be refined to reach an agreement using the orchestration synthesis algorithm. This algorithm is a variant of the synthesis algorithm used in supervisory control theory and it is based on the fact that optional transitions are controllable, whereas necessary transitions are at most semi-controllable and cannot always be controlled. In fact, the resulting orchestration is such that as much of the behaviour in agreement is maintained. In this paper, we discuss recent developments of the orchestration synthesis algorithm for contract automata. Notably, we present a refined notion of semi-controllability and compare it with the original notion by means of examples. We then discuss the current limits of the orchestration synthesis algorithm and identify a number of research challenges together with a research roadmap.Comment: In Proceedings ICE 2023, arXiv:2308.0892

Quantitative Analysis of Probabilistic Models of Software Product Lines with Statistical Model Checking

We investigate the suitability of statistical model checking techniques for analysing quantitative properties of software product line models with probabilistic aspects. For this purpose, we enrich the feature-oriented language FLan with action rates, which specify the likelihood of exhibiting particular behaviour or of installing features at a specific moment or in a specific order. The enriched language (called PFLan) allows us to specify models of software product lines with probabilistic configurations and behaviour, e.g. by considering a PFLan semantics based on discrete-time Markov chains. The Maude implementation of PFLan is combined with the distributed statistical model checker MultiVeStA to perform quantitative analyses of a simple product line case study. The presented analyses include the likelihood of certain behaviour of interest (e.g. product malfunctioning) and the expected average cost of products.Comment: In Proceedings FMSPLE 2015, arXiv:1504.0301

Realisability of Global Models of Interaction (Extended Version)

We consider global models of communicating agents specified as transition systems labelled by interactions in which multiple senders and receivers can participate. A realisation of such a model is a set of local transition systems—one per agent—which are executed concurrently using synchronous communication. Our core challenge is how to check whether a global model is realisable and, if it is, how to synthesise a realisation. We identify and compare two variants to realise global interaction models, both relying on bisimulation equivalence. Then we investigate, for both variants, realisability conditions to be checked on global models. We propose a synthesis method for the construction of realisations by grouping locally indistinguishable states. The paper is accompanied by a tool that implements realisability checks and synthesises realisations. This document extends a publication accepted at the International Colloquium on Theoretical Aspects of Computing 2023 (ICTAC 2023), including the proofs of all results, more examples, and a more detailed explanation of the companion prototype tool

Towards a Unifying View of QoS-Enhanced Web Service Description and Discovery Approaches

The number of web services increased vastly in the last years. Various providers offer web services with the same functionality, so for web service consumers it is getting more complicated to select the web service, which best fits their requirements. That is why a lot of the research efforts point to discover semantic means for describing web services taking into account not only functional characteristics of services, but also the quality of service (QoS) properties such as availability, reliability, response time, trust, etc. This motivated us to research current approaches presenting complete solutions for QoS enabled web service description, publication and discovery. In this paper we present comparative analysis of these approaches according to their common principals. Based on such analysis we extract the essential aspects from them and propose a pattern for the development of QoS-aware service-oriented architectures

Product Lines for Service Oriented Applications - PL for SOA

Comment: In Proceedings WWV 2011, arXiv:1108.208

210803

We propose featured team automata to support variability in the development and analysis of teams, which are systems of reactive components that communicate according to specified synchronisation types. A featured team automaton concisely describes a family of concrete product models for specific configurations determined by feature selection. We focus on the analysis of communication-safety properties, but doing so product-wise quickly becomes impractical. Therefore, we investigate how to lift notions of receptiveness (no message loss) to the level of family models. We show that featured (weak) receptiveness of featured team automata characterises (weak) receptiveness for all product instantiations. A prototypical tool supports the developed theory.Ter Beek received funding from the MIUR PRIN2017 FTXR7S project ITMaTTerS (Methods and Tools for Trust worthy Smart Systems). Cledou and Proença received funding from the ERDF_European Regiona lDevelopment Fund through the Operational Programme for Competitiveness and Internationalisation_ COMPETE 2020 Programme (project DaVinci, POCI-01-0145-FEDER-029946) and by National Funds through the Portuguese funding agency, FCT_Fundação para a Ciência e a Tecnologia. Proença also received National Funds through FCT/MCTES, within the CISTER Research Unit(UIDP/UIDB/04234/2020); by the Norte Portugal Regional OperationalProgramme_NORTE2020 (project REASSURE, NORTE-01- 0145-FEDER-028550) under the Portugal 2020 Partnership Agreement, through ERDF the FCT; and European Funds through the ECSEL Joint Undertaking(JU) under grant agreement No 876852 (project VALU3S).info:eu-repo/semantics/publishedVersio

Quantitative Security Risk Modeling and Analysis with RisQFLan

Domain-specific quantitative modeling and analysis approaches are fundamental in scenarios in which qualitative approaches are inappropriate or unfeasible. In this paper, we present a tool-supported approach to quantitative graph-based security risk modeling and analysis based on attack-defense trees. Our approach is based on QFLan, a successful domain-specific approach to support quantitative modeling and analysis of highly configurable systems, whose domain-specific components have been decoupled to facilitate the instantiation of the QFLan approach in the domain of graph-based security risk modeling and analysis. Our approach incorporates distinctive features from three popular kinds of attack trees, namely enhanced attack trees, capabilities-based attack trees and attack countermeasure trees, into the domain-specific modeling language. The result is a new framework, called RisQFLan, to support quantitative security risk modeling and analysis based on attack-defense diagrams. By offering either exact or statistical verification of probabilistic attack scenarios, RisQFLan constitutes a significant novel contribution to the existing toolsets in that domain. We validate our approach by highlighting the additional features offered by RisQFLan in three illustrative case studies from seminal approaches to graph-based security risk modeling analysis based on attack trees