Booking open Available Pune Call Girls Kirkatwadi 6297143586 Call Hot Indian...
Colored petri nets theory and applications
1. Colored Petri Nets Theory and Applications:
Modeling and Verifications of Protocols
Multimedia and Network Research Lab
CTI , DePaul University
Chicago, USA
11/8/2002
11/8/2002 MNLAB, CTI, DEPAUL 1
2. Main Points
Verification and Analysis Tools
Introduction to Petri Nets
Basic Concepts of Colored Petri Nets
Applications of CP-Nets
Analysis and Verifications of Security Protocols
• Definitions and Modeling Objects
• Using CP-Nets to Verify Security Protocols
Analysis and Verifications of STS Protocol
Conclusion & References
11/8/2002 MNLAB, CTI, DEPAUL 2
3. Verification Tools and Models
Verification Tools and Models
Finite State Machine
Brotus , Marrero , CMU
Petri Nets , Aarhus Univ. , DK
BAN Logic , California Univ.
Spi Calculus , Cambridge Univ.
Murphi , Stanford Univ.
The Non-interference [CCS and SPA] Approach
The Strand Spaces
LOTOS+CADP
Inductive Approach, Isabelle/HOL
Others
11/8/2002 MNLAB, CTI, DEPAUL 3
4. Why do we make these models?
Why do we make these models?
• We do make models to:
– learn new things about a system.
– verify correctness of a protocol or a system, absence of
deadlocks, etc.
– discover Bugs and Errors, remove bottlenecks
– try to simulate the system, because We do not have the
real recourses to implement
– measure the performance (as benchmark)
– check that the system design has certain expected
properties
EX. find insecure states or check if they are reachable…
11/8/2002 MNLAB, CTI, DEPAUL 4
5. Petri Nets:
a formal, graphical, executable technique for the
specification and analysis of concurrent, discrete-event
dynamic systems; More…… On Petri Nets
Formal:
The technique is mathematically well-defined. Many static and dynamic properties
of a Petri net may be mathematically proven
Graphical:
The technique belongs to a branch of mathematics called graph theory. A Petri net may be
represented graphically as well as mathematically. The ability to visualize structure and behavior of
a Petri net promotes understanding of the modeled system. Software tools exist which support
graphical construction and visualization
Executable:
A Petri net may be executed and the dynamic behavior observed graphically. Software tools exist
which automate execution
11/8/2002 MNLAB, CTI, DEPAUL 5
6. Petri Nets:
a formal, graphical, executable technique for the
specification and analysis of concurrent, discrete-event
dynamic systems; More…… On Petri Nets
Specification:
Specification
System requirements expressed and verified (by formal analysis) using the technique
constitute a formal system specification.
Analysis:
System specification is often an iterative process, with requirements initially poorly understood or ill-defined.
A specification in the form of a Petri net model may be formally analyzed against static and dynamic
system requirements. Visual feedback from the Petri net graph at each iteration of the specification
increases understanding of the requirements, highlights errors in the model (or sometimes the
requirements) and results in rapid convergence on a mathematically correct and consistent specification.
Software tools exist which support and automate analysis.
Concurrent:
The representation of multiple independent dynamic entities within a system is supported naturally by the
technique, making it highly suitable for capturing systems which exhibit concurrency, e.g., multi-agent
systems, distributed databases, client-server networks and modern telecommunications systems.
Discrete event dynamic system:
a system which may change state over time, based on current state and state-transition rules, and where
each state is separated from its neighbor by a step rather than a continuum of intermediate infinitesimal
states. Often falling into this classification are information systems, operating systems, networking
11/8/2002 banking systems, business processes and telecommunications systems
protocols, MNLAB, CTI, DEPAUL 6
7. Basic Definitions
Basic Definitions
In a formal way, A P-net is a tuple PN = (Ρ, Τ, Α, Ν )
• I P is a finite set of Places.
• II- T is a finite set of Transitions.
• III- A is a finite set of Arcs such that: P ∩ T = P ∩ A = T ∩ A = ∅
• IV- N is a set of Token
In a formal way, A CP-net is a tuple CPN = (∑, Ρ, Τ, Α, Ν, C , G, E , I )
I- ∑ is a finite set of non-empty types, also called colored sets.
II- P is a finite set of Places.
III- T is a finite set of Transitions. P ∩T = P ∩ A = T ∩ A = ∅
IV- A is a finite set of Arcs such that:
V- N is a node function. It is defined from A into .”colored over arcs”P × T ∪ T × P
VI- C is a color function. It is defined from P into . ∑ “token”
VII- G is a guard function. It is defined from T into expressions such that: “Boolean function with
probability.”
∀t ∈ T :[Type(G (t )) = B ∧ Type(Var (G (t ))) ⊆ ∑ ].
VIII- E is an arc expression function. It is defined from A in to expressions such that: i.e. (check k=n)
∀ a ∈ A : [ t y p e ( E ( a ) ) = C ( p ) M S ∧ T y p e (V a r ( E ( a ) ) ) ⊆ ∑ ]
w h e r e P is th e p la c e o f N (a )
IX- I is an initialization function. It is defined from P into closed expressions such that 7
∀p ∈ P :[Type( I ( p )) = C ( p ) ms ].
8. Presentation using Petri Nets
Presentation using Petri Nets
- Graph Petri Net
A Petri net, which can be used in a graph, has four essential elements:
places, transitions, arcs, and tokens. As finite state machine and
other tools, Petri nets are used to detect protocol failures.
- Algebraic Petri Net
It is another form of Petri nets that represents a system and a protocol
as a grammar language or logic in an algebraic form
- Colored Petri Net
It is a specific type of petri nets, where the arcs contain data
For more details: http://www.daimi.au.dk/PetriNets/
11/8/2002 MNLAB, CTI, DEPAUL 8
9. Why Colored Petri Nets
Why Colored Petri Nets
CP-nets have a graphical representation
CP-nets are very general and can be used to describe a large
variety of different systems
CP-nets have an explicit description of both states and
actions
CP-nets offer hierarchical descriptions
CP-nets offer interactive simulations where the results are
presented directly on the CPN diagram
CP-nets have computer tools supporting their drawing,
simulation and formal analysis
http://www.daimi.au.dk/CPNets/
11/8/2002 MNLAB, CTI, DEPAUL 9
10. CP-Net Aspects
CP-Net Aspects TOOLS
• editing
• simulation
THEORY • verification
• models
• basic concepts
• analysis methods
• One of the reasons for PRACTICAL USE
the success of CP-nets is • specification
the fact that It • validation
simultaneously has • verification
worked in all three
• implementation
areas.
11/8/2002 MNLAB, CTI, DEPAUL 10
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
11. An Introduction to Colored Petri Nets
An Introduction to Colored Petri Nets
University of Aarhus, DK
University of Aarhus, DK
Colored Petri Nets (CP-nets or CPN) is a graphical oriented language
for design, specification, simulation and verification of systems. It
is in particular well-suited for systems in which communication,
synchronization and resource sharing are important.
Typical examples of application areas are communication protocols,
distributed systems, imbedded systems, automated production
systems, work flow analysis and VLSI chips, Medicine, Bio-
informatics , .
CPN Can do: For :
•Networking protocols
•Simulation •Security protocols
•Verification •Multi agent application
•Distributed systems
•Design & model •Work flow
•Specification •VLSI
•Compute the Performance •Industrial protocols
•Many other application 11
http://www.daimi.au.dk/~kjensen/papers_books/rec_papers_books.html#intro_cpn_papers
12. Elements of CPN
• The ellipses and the circles are called places. They
describe the states of the system (buffers)
• The rectangles are called transitions. They describe the
actions (processes).
• The arrows are called arcs. The arc expressions describe
how the state of the CP-net changes when the transitions
occur.
• Each place contains a set of markers called tokens. each of
these tokens carries a data value, which belongs to a given
type.
Show Diagram
11/8/2002 MNLAB, CTI, DEPAUL 12
13. Coloured Petri Nets
• Modelling language for systems where synchronisation,
communication, and resource sharing are important.
Combination of Petri Nets and Programming Language.
Control structures, synchronisation, communication, and
resource sharing are described by Colored Petri Nets.
Data and data manipulations are described by
functional programming language.
CPN models are validated by means of simulation and
verified by means of state spaces and place invariants.
Coloured Petri Nets is developed at University of
Aarhus, Denmark over the last 20 years.
11/8/2002 MNLAB, CTI, DEPAUL 13
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
14. Introductory Model (Simple)
Combination of graphics and texts
• Network of nodes and
arcs.
Places describe the state of
the system. A,B, C or C1, C2,
S1, S2
Places carry markers, called
tokens.int, string, data
Transitions describe the actions
of the system i.e. send, receive,
encrypt, check
Arcs tell how actions modify
the state and when they
occur
IF The token is moved from A to B. This means that the packet is successfully transmitted over the network.
14
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
15. Applicable Example:
Applicable Example:
Simulation of scenarios
Receiver expects
packet no. 6.
Sender is still
sending packet
no. 5.
Acknowledgement
requesting packet
no. 6 is arriving.
May be the package
did not arrive (lost)
11/8/2002 MNLAB, CTI, DEPAUL 15
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
17. Incidence Matrix (State Equation) for CPN..
Incidence Matrix (State Equation) for CPN..
11/8/2002 MNLAB, CTI, DEPAUL 17
18. R
1
2B
Suppose the initial marking Μ 0 = 0 σ = 0
B 0
− R R 0
A= − B 0 0
2R − 2R B
0 R − 2B
Μ1 = Μ 0 + Ασ
New concepts of
0
Addition
B
Then we can compute Μ1 = 2R subtraction,
B Multiplication
…..etc.
11/8/2002 MNLAB, CTI, DEPAUL 18
19. CP-Nets Applications
CP-Nets Applications
Examples of Industrial Use of CP-nets
The following projects document large-scale practical use of CP-nets and their tools. Many of
the projects have been carried out in an industrial environment. For all projects one or more
papers are available
• Protocols and Networks
• Software
• Hardware
• Control of Systems
• Military Systems
• Other Systems
REF.11/8/2002
And Details: MNLAB, CTI, DEPAUL
http://www.daimi.au.dk/CPnets/intro/example_indu.html 19
20. Applications
Applications Application areas
Protocols and Networks
Intelligent Networks at Deutsche Telekom
IEEE 802.6 Configuration Control at Telstra Research Labs
Allocation Policies in the Fieldbus Protocol in Japan
ISDN Services at Telstra Research Laboratories
Protocol for an Audio/Video System at Bang & Olufsen
TCP Protocols at Hewlett-Packard
Local Area Network at University of Las Palmas
UPC Algorithms in ATM Networks at University of Aarhus
BRI Protocol in ISDN Networks
Network Management System at RC International A/S
Interprocess Communication in Pool IDA at King's College
Software
Mobile Phones at Nokia
Bank Transactions & Interconnect Fabric at Hewlett-Packard
Mutual Exclusion Algorithm at University of Aarhus
Distributed Program Execution at University of Aarhus
Internet Cache at the Hungarian Academy of Science
Electronic Funds Transfer in the US
Document Storage System at Bull AG
ADA Program at Draper Laboratories
11/8/2002 MNLAB, CTI, DEPAUL 20
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
21. Applications
Applications
Control of Systems
Security and Access Control Systems at Dalcotech A/S
Mechatronic Systems in Cars at Peugeot-Citroën in France
European Train Control System in Germany
Flowmeter System at Danfoss
Traffic Signals in Brazil
Chemical Production in Germany
Model Train System at University of Kiel
Hardware
Superscalar Processor Architectures at University of Newcastle
VLSI Chip in the US
Arbiter Cascade at Meta Software Corp.
Military Systems
Military Communications Gateway in Australia
Influence Nets for the US Air Force
Missile Simulator in Australia
Naval Command and Control System in Canada
Other Systems
Bank Courier Network at Shawmut National Coop.
Nuclear Waste Management Programme in the US
11/8/2002 MNLAB, CTI, DEPAUL 21
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
22. Important application
Important application
Automatic code generation
• CPN models are often used to specify and
validate new software:
• It is also possible to implement the software by
automatic code generation.
– This method has been applied to develop a system
for access control to buildings.
– The source code for the final implementation was
generated automatically from the CPN
specification - by extracting parts of the Standard
ML code used by the CPN simulator.
– The approach is only sensible for systems that are
not time critical and systems that are produced in
small numbers.
11/8/2002 MNLAB, CTI, DEPAUL 22
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
23. Computer tools
• Design/CPN was developed in the late 80'ies
and early 90'ies.
– Today it is the most widely used Petri net package.
– 750 different organisations in 50 countries
– including 200 commercial companies.
• CPN Tools is the next generation of tool
support for
Coloured Petri Nets.
– Within the next 1-2 years the CPN Tools is
expected to replace Design/CPN and obtain the
same number of users.
11/8/2002 MNLAB, CTI, DEPAUL 23
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
24. CP-Net Aspects
CP-Net Aspects TOOLS
• editing
• simulation
THEORY • verification
• models
• basic concepts
• analysis methods
• One of the reasons for PRACTICAL USE
the success of CP-nets is • specification
the fact that we • validation
simultaneously have • verification
worked in all three
• implementation
areas.
11/8/2002 MNLAB, CTI, DEPAUL 24
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
25. Verification of Security Protocols using
Colored Petri Nets
• Why
• How
• Results
• Improvement
11/8/2002 MNLAB, CTI, DEPAUL 25
26. Colored Petri Net Objects
Colored Petri Net Objects
Introductory Example:
Introductory Example:
11/8/2002 MNLAB, CTI, DEPAUL 26
27. CP-net Intruder Model
CP-net Intruder Model
11/8/2002 simpleCTI, DEPAUL
MNLAB, model 27
28. Modeling Protocols Using Colored Petri Nets
Modeling Protocols Using Colored Petri Nets
The model consists of the following steps:
Step1: describe the protocol in a CP-Net form.
Step2: write Acceptance Check Steps (ACS).
Step3: describe the intruder model.
Step4: find the insecure states.
Step5: apply the Matrix Analysis Steps (MAS).
Then run your computer program to solve the
equation
Μ n = Μ 0 + Ασ
11/8/2002 MNLAB, CTI, DEPAUL 28
29. MAS Flow Chart
MAS Flow Chart
and Implementation
and Implementation
This flow chart
supposes we know
the insecure state
and want to verify
and test whether the
vector σ
exists or not
11/8/2002 MNLAB, CTI, DEPAUL 29
30. STS Protocol Messages
STS Protocol Messages
A to B: A, α mod Ρ
x
The client sends α x mod Ρ after generating a secret random x
B to A : α modΡ, Ek (SB (α ,α ), Bp )
y
s
x y
Κ = (α ) mod Ρx y
The server sends α y mod Ρ after generating a secret random y
Sign_mess with server secret key and encrypted by computed session key
A to B : E k (S As (α , α
x y
), A p )
Κ = (α ) mod Ρy x
Sign_mess with client secret key and encrypted by computed session key.
11/8/2002 MNLAB, CTI, DEPAUL 30
33. Steps of Analysis
Steps of Analysis
Step1: model the STS using CP-net illustrated in the previous figure
M1: A, α mod Ρ
x
M2: α y mod Ρ , E k ( S B (α x , α y ), B p )
s
M3: E k (S As (α x
,α y
), A p )
Step2: applying the Acceptance Check Step (ACS) to STS messages
Step3: add the proposed intruder side in the model as in the figure
11/8/2002 MNLAB, CTI, DEPAUL 33
35. Part I: Specifying STS
Part I: Specifying STS
Step4.I: by analyzing the protocol, we find that man-in-middle
attack has the ability to direct the negotiation between the
client and server. The intruder shares K1 with the client and
K2 with the server.
T
M 0 = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], where n = 20
And the insecure state
T
Mn = [0,0,0,0,M2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], where n = 20
11/8/2002 MNLAB, CTI, DEPAUL 35
39. Continue
Step5.I: Applying MAS, we find that the defined final
insecure state is reachable from the initial state, which is
considered a major problem in the security of STS protocol.
Μ n = Μ 0 + Ασ
11/8/2002 MNLAB, CTI, DEPAUL 39
41. Conclusion
Conclusion
STS Protocol has been verified and specified using
Colored Petri nets
the insecure states in STS Protocol have been proved
More research needs to be conducted in verification of
protocols (sp. security protocols)
Analysis complex security protocols
Compute the performance of security protocols using CP-nets
Compare between different tools for verification and
analysis of security protocols
11/8/2002 MNLAB, CTI, DEPAUL 41
42. Conclusion TOOLS
• editing
• simulation
THEORY • verification
• models
• basic concepts
• analysis methods
PRACTICAL USE
• One of the reasons for • specification
the success of CP-nets is • validation
the fact that we
• verification
simultaneously have
• implementation
worked in all three
areas.
11/8/2002 MNLAB, CTI, DEPAUL 42
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html
43. References and Links
• http://www.daimi.au.dk/CPnets/
• www.students.depaul.edu/~saly.html
• http://www.daimi.au.dk/PetriNets/research/
• A list of of more than 50 published papers describing
different industrial applications of CP-nets and the CPN
tools.
http://www.daimi.au.dk/CPnets/intro/example_indu.html
REF.11/8/2002
And Details: MNLAB, CTI, DEPAUL
http://www.daimi.au.dk/CPnets/intro/example_indu.html 43