Hanifa Boucheneb

TCTL Model Checking of Time Petri Nets

We consider Time Petri Nets (TPN) for which a firing time interval is associated with each transition. State space abstractions for TPN preserving various classes of properties (LTL, CTL and CTL*) can be computed, in terms of so called state classes. Some methods were proposed to check quantitative timed properties but are not suitable for effective verification of properties of real-life systems. In this article, we consider subscript TCTL for TPN (TPN-TCTL) for which temporal operators are extended with a time interval, specifying a time constraint on the firing sequences. We prove the decidability of TPN-TCTL on bounded TPN and give its theoretical complexity. We propose a zone-based state space abstraction that preserves marking reachability and traces of the TPN. As for Timed Automata (TA), the abstraction may use an over-approximation operator on zones to enforce the termination. A coarser (and efficient) abstraction is then provided and proved exact w.r.t. marking reachability and traces (LTL properties). Finally, we consider a subset of TPN-TCTL properties (TPN-TCTLS) for which it is possible to propose efficient on-the-fly model-checking algorithms. Our approach consists in computing and exploring the zone-based state space abstraction. On a practical point of view, the method is integrated in Romeo [Gardey et al. (2005, Proceedings of 17th International Conference on CAV’05, Vol. 3576 of Lecture Notes in Computer Science, 418–423)], a tool for TPN edition and analysis. In addition to the old features it is now possible to effectively verify a subset of TCTL directly on TPN.

CTL * model checking for time Petri nets

This paper aims at applying the CTL* model checking method to the time Petri net (TPN) model. We show here how to contract its generally infinite state space into a graph that captures all its CTL* properties. This graph, called atomic state class graph (ASCG), is finite if and only if, the model is bounded. Our approach is based on a partition refinement technique, similarly to what is proposed in [Berthomieu, Vernadat, State class constructions for branching analysis of time Petri nets, Lecture Notes in Computer Science, vol. 2619, 2003; Yoneda, Ryuba, CTL model checking of time Petri nets using geometric regions, IEICE Trans. Inf. Syst. E99-D(3) (1998)]. In such a technique, an intermediate abstraction (contraction) of the TPN state space is first built, then refined until CTL* properties are restored. Our approach improves the construction of the ASCG in two ways. The first way deals with speeding up the refinement process by using a much more compact intermediate contraction of the TPN state space than those used in [Berthomieu, Vernadat, State class constructions for branching analysis of time Petri nets, Lecture Notes in Computer Science, vol. 2619, 2003; Yoneda, Ryuba, CTL model checking of time Petri nets using geometric regions, IEICE Trans. Inf. Syst. E99-D(3) (1998)]. The second way deals with computing each ASCG node in O(n2) instead of O(n3), n being the number of transitions enabled at the node. Experimental results have shown that our improvements have a good impact on performances.

A security protocol for mobile agents based upon the cooperation of sedentary agents

Despite its many benefits, mobile agent technology results in significant security threats from agents and hosts. This paper presents a protocol which protects mobile agents from malicious hosts. This protocol combines four concepts: the cooperation between a mobile agent and a sedentary agent; the reference execution (reliable platforms which shelter our cooperating sedentary agents); the cryptography and the digital signature to ensure safe inter-agent communication and time-limited execution (timeout). A dynamic approach which makes use of a timer to make it possible to detect a mobile agents code re-execution was used. The attack on agent permanent modification was also dealt with. Moreover, the protocol is sufficiently robust so that it is durable and fault tolerant.

Improving state class constructions for CTL* model checking of time Petri nets

The state space explosion is still one of the most challenging problems in formal verification using enumerative techniques. The challenge is even greater for real time systems whose state spaces are generally infinite due to time density. To use enumerative techniques with these systems, their state spaces need to be contracted into finite structures that preserve properties of interest. We propose in this paper an efficient approach to construct a contraction of the time Petri net model state space, which preserves its CTL* properties.

On-the-fly TCTL model checking for time Petri nets

In this paper, we show how to efficiently model check a subset of TCTL properties for the Time Petri Net model (TPN model), using the state class method. The verification proceeds by augmenting the TPN model under analysis with a special TPN, called Alarm-clock, to allow the capture of relevant time events. A forward on-the-fly exploration is then applied on the resulting TPN state class space to verify a timed property. A relaxation operation on state classes is also introduced to further improve performances. Alarm-clock is the same for all properties, whereas the exploration technique is not. Three exploration techniques are presented to cover most interesting TCTL properties. We prove the decidability of our verification technique for bounded TPN models and compare it with the reachability algorithm implemented in the tool UPPAAL [G. Behrmann, J. Bengtsson, A. David, K.G. Larsen, P. Pettersson, W. Yi, Uppaal implementation secrets, in: Proc. of the 7th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems, 2002]. Finally, we give some experimental results to show the efficiency of our verification technique.

Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools

Several advanced Role based access control (RBAC) models have been developed supporting specific features (i.e.: role hierarchy, separation of duty) to achieve high flexibility. However, integrating additional features also increases their design complexity, and consequently the opportunity for mistakes that may cause information to flow to inappropriate destinations. In this paper, we present a formal technique to model and analyze RBAC using Colored Petri nets (CP-nets) and CPNtools for editing and analyzing CP-nets. Our purpose is to elaborate a CP-net model which describes generic access control structures based on an RBAC policy. The resulting CP-net model can be then composed with different context-specific aspects depending on the application. A significant benefit of CP-nets and, particularly, CPNtools is to provide a graphical representation and an analysis framework that can be used by security administrators to understand why some permissions are granted or not and to detect whether security constraints are violated.

Formal Definitions of Simulation Interfaces in a Continuous/Discrete Co-Simulation Tool

Continuous and discrete components may be integrated in diverse embedded systems ranging across defense, medical, communication, and automotive applications. The global validation of these systems requires new validation techniques, the main challenge being the definition of global simulation models able to accommodate the different concepts specific to continuous and discrete models. This paper presents the operational semantic for the continuous/discrete synchronization model and the formal definition of the internal architecture of simulation interfaces required for the design of a co-simulation tool for continuous/discrete systems validation

Efficient Reachability Analysis for Time Petri Nets

We propose in this paper some efficient approaches, based on the state class graph method, to construct abstractions for the Time Petri Net (TPN) model, suitable to verify its linear or reachability properties. Experimental results have shown that these abstractions are very appropriate as both time and size are considerably reduced. For some tested models, abstractions that preserve reachability properties can be as many as 2,051 times smaller and more than 592 times faster to compute. For abstractions, which are overapproximations (useful to prove that certain states are not reachable), gains can overpass 10,000 for both time and size.

Modelling and Analysis of Time-Constrained Flexible Workflows with Time Recursive ECATNets

We present, in this paper, the Time Recursive ECATNets (T-RECATNets) formalism for the modelling and analysis of time-constrained reconfigurable workflows, which are preponderant in the field of Web services. In a second step, we propose a method for building a specific state class graph in terms of rewrite logic. Therefore, one can verify some properties with respect to time constraints using model checking techniques.

On multi-enabledness in time Petri nets

We consider time Petri nets with multiple-server semantics. We first prove that this setting is strictly more expressive, in terms of timed bisimulation, than its single-server counterpart. We then focus on two choices for the firing of multiple instances of the same transition: the more conservative safety-wise non deterministic choice, where all firable instances may fire in any order, and a simpler alternative, First Enabled First Fired (FEFF), where only the oldest instance may fire, obviously leading to a much more compact state-space. We prove that both semantics are not bisimilar but actually simulate each other with strong timed simulations, which in particular implies that they generate the same timed traces. FEFF is then very appropriate to deal with linear timed properties of time Petri nets.