Luigi Logrippo

An introduction to LOTOS: learning by examples

Abstract An informal, design-oriented introduction to the specification language for distributed systems LOTOS is presented. Examples based on variations of the well-known producer-consumer problem are used to illustrate the different aspects of the language.

Understanding GPRS: the GSM packet radio service

Abstract The general packet radio service (GPRS), a data extension of the mobile telephony standard GSM is emerging as the first true packet-switched architecture to allow mobile subscribers to benefit from high-speed transmission rates and run data applications from their mobile terminals. A high-level description of the GPRS system is given with emphasis on services and architectural aspects.

Use case maps for the capture and validation of distributed systems requirements

Functional scenarios describing system views, uses, or services are a common way of capturing requirements of distributed systems. However, integrating individual scenarios in different ways may result in different kinds of unexpected or undesirable interactions. We present an innovative approach based on the combined use of two notations. The first one is a recent visual notation for causal scenarios called use case maps (UCMs), which is used to capture and integrate the requirements. Integrating UCMs together helps avoiding many interactions before any prototype is generated. The second notation is the formal specification language LOTOS. UCM scenarios are translated into high-level LOTOS specifications, which can be used to validate the requirements formally through numerous techniques, including functional testing based on UCMs. LOTOS possesses powerful testing concepts and tools that we use for the detection of remaining undesirable interactions. To illustrate these concepts, we use a simple connection example and results from the capture and the validation of several telephony features from the First Feature Interaction Contest.

The ISO reference model for open distributed processing: an introduction

Abstract The ISO Reference Model of Open Distributed Processing (RM-ODP) consists of four parts: an Overview of the reference model, the Descriptive Model, the Prescriptive Model, and the Architectural Semantics. The four parts provide the concepts and rules of distributed processing to ensure openness between interacting distributed application components. Openness is a combination of characteristics: i.e. scalability, accessibility, heterogeneity, autonomy and distribution. The RM-ODP introduces the concept of viewpoint to describe a system from a particular set of concerns, and hence to deal with the complexity of distributed systems. While all the viewpoints are relevant to the description and design of distributed systems, the computational and engineering models are the ones that bear most directly on the design and implementation of distributed systems. From a distributed software engineering point of view, the computational and engineering viewpoints are again the most important; they reflect the software structure of the distributed application most closely. In this introductory paper, we concentrate on the computational and engineering viewpoints.

An interpreter for LOTOS, a specification language for distributed systems

LOTOS is an executable specification language for distributed systems currently being standardized within ISO as a tool for the formal specification of open systems interconnection protocols and services. It is based on an extended version of Milners calculus of communicating systems (CCS) and on ACT ONE abstract data type (ADT) formalism. A brief introduction to LOTOS is given, along with a discussion of LOTOS operational semantics, and of the executability of LOTOS specifications. Further, an account of a prototype LOTOS interpreter is given, which includes an interactive system that allows the user to direct the execution of a specification (for example, for testing purposes). The interpreter was implemented in YACC/LEX, C and Prolog. The following topics are discussed: syntax and static semantics analysis; translation from LOTOS external format to internal representation; evaluation of ADT value expressions and extended CCS behaviour expressions. It is shown that the interpreter can be used in a variety of ways: to recognize whether a given sequence of interactions is allowed by the specification; to generate randomly chosen sequences of interactions; in a user‐guided generation mode, etc.

Formal specification of telephone systems in LOTOS: The constraint-oriented style approach

Abstract The LOTOS constraint-oriented style allows the design of well-structured, implementation-independent specifications of distributed systems. As an example, we provide a small, didactically-oriented specification of a simple telephone service. The design of the specification is based on three types of constraints, i.e. global constraints, end-to-end constraints and local constraints. The structure of the specification, as well as its design method, are described in some detail. We conclude with a discussion of the specification debugging method.

Dynamic risk-based decision methods for access control systems

In traditional multi-level security systems, trust and risk values are pre-computed. Any change in these values requires manual intervention of an administrator. In many dynamic environments, however, these values should be auto-adaptive, and auto-tunable according to the usage history of the users. Moreover, occasional exceptions on resource needs, which are common in dynamic environments like healthcare, should be allowed if the subjects show a positive record of use toward resources they acquired in the past. Conversely, access of authorized users, who have negative record, should be restricted. These requirements are not taken into consideration in existing risk-based access control systems. In order to overcome these shortcomings and to meet different sensitivity requirements of various applications, we propose two dynamic risk-based decision methods for access control systems. We provide theoretical and simulation-based analysis and evaluation of both schemes. Also, we analytically prove that the proposed methods, not only allow exceptions under certain controlled conditions, but uniquely restrict legitimate access of bad authorized users.

Structural models for specifying telephone systems

Two approaches, resource-oriented and constraint-oriented, for structuring telephone systems specifications, are presented. Both approaches express behaviour by collections of communicating processes, using the language LOTOS. However, requirements are distributed differently among processes. Examples are taken from specifications of telephone systems, first basic, and then with features. The features used as examples are call forwarding, originating call screening, and three-way calling. The two structuring methods are compared.

Generation of test purposes from use case maps

The Use Case Map (UCM) scenario notation can be used to model service requirements and high-level designs for reactive and distributed systems. It is therefore a natural candidate for use in the process of generating requirements-directed test suites. We survey several approaches for deriving test purposes from UCM models. We distinguish three main approaches. The first approach is based on testing patterns, the second one on UCM scenario definitions, and the third one on transformations to formal specifications (such as Lotos). Several techniques will be briefly illustrated and compared in terms of quality of the test purposes obtained, ease of use, and tool support. We also identify challenges in refining these test purposes into test cases as well as opportunities for improving current UCM-based testing.

Policy-enabled mechanisms for feature interactions: reality, expectations, challenges

This paper is based on the discussion during a panel that took place at the 7th Workshop on Feature Interactions in Telecommunications and Software Systems in Ottawa, Canada, June 2003. It presents a holistic picture on two paradigms, namely feature and policy, and their intertwining. The guest panelists brought examples from complementary areas and presented their experiences on using the concept of policy for defining features and for treating the feature interaction problem. The intrinsic interactions commonly called policy conflicts within policy-based systems were also discussed. The panelists considered methodological issues, such as the use of deontic logic and the representation of features through policies, as well as industrial applications, such as service provisioning and policy-based management applications for service bundling. They also brought out different views that reflect some disparity between the communities involved in this research.