Jiacun Wang

Reachability analysis of real-time systems using time Petri nets

Time Petri nets (TPNs) are a popular Petri net model for specification and verification of real-time systems. A fundamental and most widely applied method for analyzing Petri nets is reachability analysis. The existing technique for reachability analysis of TPNs, however, is not suitable for timing property verification because one cannot derive end-to-end delay in task execution, an important issue for time-critical systems, from the reachability tree constructed using the technique. In this paper, we present a new reachability based analysis technique for TPNs for timing property analysis and verification that effectively addresses the problem. Our technique is based on a concept called clock-stamped state class (CS-class). With the reachability tree generated based on CS-classes, we can directly compute the end-to-end time delay in task execution. Moreover, a CS-class can be uniquely mapped to a traditional state class based on which the conventional reachability tree is constructed. Therefore, our CS-class-based analysis technique is more general than the existing technique. We show how to apply this technique to timing property verification of the TPN model of a command and control (C2) system.

An approach for modeling and analysis of security system architectures

Security system architecture governs the composition of components in security systems and interactions between them. It plays a central role in the design of software security systems that ensure secure access to distributed resources in networked environment. In particular, the composition of the systems must consistently assure security policies that it is supposed to enforce. However, there is currently no rigorous and systematic way to predict and assure such critical properties in security system design. A systematic approach is introduced to address the problem. We present a methodology for modeling security system architecture and for verifying whether required security constraints are assured by the composition of the components. We introduce the concept of security constraint patterns, which formally specify the generic form of security policies that all implementations of the system architecture must enforce. The analysis of the architecture is driven by the propagation of the global security constraints onto the components in an incremental process. We show that our methodology is both flexible and scalable. It is argued that such a methodology not only ensures the integrity of critical early design decisions, but also provides a framework to guide correct implementations of the design. We demonstrate the methodology through a case study in which we model and analyze the architecture of the Resource Access Decision (RAD) Facility, an OMG standard for application-level authorization service.

Introducing software architecture specification and analysis in SAM through an example

Abstract Software architecture study has become one of the most active research areas in software engineering in the recent years. Although there have been many published results on specification and analysis method of software architectures, information on sound systematic methodology for modeling and analyzing software architectures is lacking. In this article, we present a formal systematic software architecture specification and analysis methodology called SAM and show how to apply SAM to specify a command control (C2) system and to analyze its real-time constraints.

Emergency Response Workflow Resource Requirements Modeling and Analysis

A workflow management system determines the flow of work according to predefined business process definitions. It manages the resources required to meet goals and provides monitoring facilities and control capabilities. Resources can become important decision factors when combined with control flow information. This is particularly true in an emergency response system where large quantities of resources, including emergency responders, ambulances, fire trucks, medications, food, clothing, etc., are required. In this paper, we introduce a resource-constrained and decision support workflow model. This model enables users to specify resource consumption and production when executing a task, and decision policies to choose a path at a given situation where multiple execution branches are available. The paper also presents an efficient resource requirement analysis algorithm that can be used to decide the minimum resource set that, if satisfied, the workflow can be executed along any possible path till finish without the occurrence of resource shortage. A case study is presented to show the use of the proposed approach.

Performance analysis of traffic networks based on Stochastic Timed Petri Net models

A compositional method for modeling and evaluation of performance indices of traffic control systems based on Stochastic Timed Petri Nets (STPN) is presented. We use STPN to specify traffic and traffic control at an intersection and use a random distribution model to model the motion of vehicles in a road segment between any two consecutive intersections. The traffic control system is thus modeled as a composition of individual intersection models and segment distribution models. A technique is presented to incrementally evaluate the systems performance by analyzing intersections separately, according to a carefully selected order. The analysis technique conforms to the accepted practice of transportation research. Compared to existing Petri net models of traffic control systems, our technique dramatically reduces the complexity of analysis.

Compositional time Petri nets and reduction rules

This paper introduces compositional time Petri net (CTPN) models. A CTPN is a modularized time Petri net (TPN), which is composed of components and connectors. The paper also proposes a set of component-level reduction rules for TPNs. Each of these reduction rules transforms a TPN component to a very simple one while maintaining the nets external observable timing properties. Consequently, the proposed method works at a coarse level rather than at an individual transition level. Therefore, one requires significantly fewer applications to reduce the size of the TPN under analysis than those existing ones for TPNs. The use and benefits of CTPNs and reduction rules are illustrated by modeling and analyzing the response time of a command and control system to its external arriving messages.

Incremental modeling and verification of flexible manufacturing systems

An FMS is a typical real-time concurrent system composed of a number of computer-controlled machine tools, automated material handling and storage systems that operate as an integrated system under the control of host computer(s). The growing demand for higher performance and flexibility in these systems and the interlocking factors of concurrency, deadline-driven activities, and real-time decision making pose a significant challenge to FMS design, especially in terms of control and scheduling. A formal engineering approach that helps handle the complexity and dynamics of FMS modeling, design and analysis is needed. A real-time architectural specification (RAS) model and its application in the modeling of flexible manufacturing system (FMS) are presented. RAS combines mature operational and descriptive formal methods, in particular time Petri nets (TPN) and real-time computational tree logic (RTCTL), to form an integrated system model for architectural specification and analysis of real-time concurrent systems such as FMS. The contribution of RAS is twofold: First, it provides a formal system to systematically maintain a strong correlation between (real-time) requirements and design and to verify the conformance of the design to the requirements, which helps enhance traceability and thus to help us to achieve high assurance in design. Second, it offers better scalability in modeling and analysis, which provides an effective way to deal with complexity in the application of formal methods. These two features together make RAS a suitable model for the design of FMS.

An intuitive formal approach to dynamic workflow modeling and analysis

The increasing dynamics and the continuous changes of business processes raise a challenge to the research and implementation of workflows. The significance of applying formal approaches to the modeling and analysis of workflows has been well recognized and many such approaches have been proposed. However, these approaches require users to master considerable knowledge of the particular formalisms, which impacts the application of these approaches on a larger scale. This paper presents a new formal, yet intuitive approach for the modeling and analysis of workflows, which attempts to overcome the above problem. In addition to the abilities of supporting workflow validation and enactment, this new approach possesses the distinguishing feature of allowing users who are not proficient in formal methods to build up and dynamically modify the workflow models that address their business needs.

Emergency Healthcare Workflow Modeling and Timeliness Analysis

A health emergency is a situation that poses an immediate risk to health and life and requires urgent intervention to prevent its worsening. Emergency healthcare service is a real-time service, where timeliness is critical to mission success. Workflow management technology has received considerable attention in the healthcare field in recent years for the automation of both intra- and interorganizational healthcare processes. However, no work on timeliness analysis has been reported. In our previous work, we proposed Workflows Intuitive and Formal Approach (WIFA) formalism for emergency response workflow modeling. In this paper, we extend our WIFA formalism to take task execution times into account to support emergency response timeliness analysis. An example of emergency healthcare shows how the timed WIFA workflow model works.

Charging Information Collection Modeling and Analysis of GPRS Networks

Charging is one of the most important functionalities in a telecommunication service system. In a general packet radio service (GPRS) wireless network, the load of charging information flow depends on the intensity of call traffic and the size of charging records. During busy hours, the GPRS network might not be able to transfer charging records on a timely basis if new charging records are generated too fast. On the other hand, when a call happens, the related charging information must be collected and transferred to the billing system. If a failure of the data link occurs, a secondary data link must be employed to transfer the charging information. However, this redundant operation might result in charging information duplication. This paper formally addresses these two issues. A timed Petri net model is built to support the analysis of the charging system performance versus various factors when the system works in the normal status, which, in particular, gives the maximum supportable busy hour call attempts of the GPRS network. The Petri net approach is also used to model and verify the correctness of the redundancy operation in case a connection failure occurs.