Colored petri nets theory and applications

Colored Petri Nets Theory and Applications:
Modeling and Verifications of Protocols

Multimedia and Network Research Lab
CTI , DePaul University
Chicago, USA
11/8/2002

11/8/2002 MNLAB, CTI, DEPAUL 1

Main Points
Verification and Analysis Tools
Introduction to Petri Nets
Basic Concepts of Colored Petri Nets
Applications of CP-Nets
Analysis and Verifications of Security Protocols
• Definitions and Modeling Objects
• Using CP-Nets to Verify Security Protocols
Analysis and Verifications of STS Protocol
Conclusion & References

Verification Tools and Models
Verification Tools and Models
Finite State Machine
Brotus , Marrero , CMU
Petri Nets , Aarhus Univ. , DK
BAN Logic , California Univ.
Spi Calculus , Cambridge Univ.
Murphi , Stanford Univ.
The Non-interference [CCS and SPA] Approach
The Strand Spaces
LOTOS+CADP
Inductive Approach, Isabelle/HOL
Others


Why do we make these models?
Why do we make these models?
• We do make models to:
– learn new things about a system.
– verify correctness of a protocol or a system, absence of
deadlocks, etc.
– discover Bugs and Errors, remove bottlenecks
– try to simulate the system, because We do not have the
real recourses to implement
– measure the performance (as benchmark)
– check that the system design has certain expected
properties
EX. find insecure states or check if they are reachable…

Petri Nets:
a formal, graphical, executable technique for the
specification and analysis of concurrent, discrete-event
dynamic systems; More…… On Petri Nets
Formal:
The technique is mathematically well-defined. Many static and dynamic properties
of a Petri net may be mathematically proven

Graphical:
The technique belongs to a branch of mathematics called graph theory. A Petri net may be
represented graphically as well as mathematically. The ability to visualize structure and behavior of
a Petri net promotes understanding of the modeled system. Software tools exist which support
graphical construction and visualization

Executable:
A Petri net may be executed and the dynamic behavior observed graphically. Software tools exist
which automate execution


Petri Nets:
a formal, graphical, executable technique for the
specification and analysis of concurrent, discrete-event
dynamic systems; More…… On Petri Nets
Specification:
Specification
System requirements expressed and verified (by formal analysis) using the technique
constitute a formal system specification.
Analysis:
System specification is often an iterative process, with requirements initially poorly understood or ill-defined.
A specification in the form of a Petri net model may be formally analyzed against static and dynamic
system requirements. Visual feedback from the Petri net graph at each iteration of the specification
increases understanding of the requirements, highlights errors in the model (or sometimes the
requirements) and results in rapid convergence on a mathematically correct and consistent specification.
Software tools exist which support and automate analysis.
Concurrent:
The representation of multiple independent dynamic entities within a system is supported naturally by the
technique, making it highly suitable for capturing systems which exhibit concurrency, e.g., multi-agent
systems, distributed databases, client-server networks and modern telecommunications systems.

Discrete event dynamic system:
a system which may change state over time, based on current state and state-transition rules, and where
each state is separated from its neighbor by a step rather than a continuum of intermediate infinitesimal
states. Often falling into this classification are information systems, operating systems, networking
11/8/2002 banking systems, business processes and telecommunications systems
protocols, MNLAB, CTI, DEPAUL 6

Basic Definitions
Basic Definitions
In a formal way, A P-net is a tuple PN = (Ρ, Τ, Α, Ν )
• I P is a finite set of Places.
• II- T is a finite set of Transitions.
• III- A is a finite set of Arcs such that: P ∩ T = P ∩ A = T ∩ A = ∅
• IV- N is a set of Token

In a formal way, A CP-net is a tuple CPN = (∑, Ρ, Τ, Α, Ν, C , G, E , I )

I- ∑ is a finite set of non-empty types, also called colored sets.
II- P is a finite set of Places.
III- T is a finite set of Transitions. P ∩T = P ∩ A = T ∩ A = ∅
IV- A is a finite set of Arcs such that:
V- N is a node function. It is defined from A into .”colored over arcs”P × T ∪ T × P
VI- C is a color function. It is defined from P into . ∑ “token”
VII- G is a guard function. It is defined from T into expressions such that: “Boolean function with
probability.”
∀t ∈ T :[Type(G (t )) = B ∧ Type(Var (G (t ))) ⊆ ∑ ].
VIII- E is an arc expression function. It is defined from A in to expressions such that: i.e. (check k=n)
∀ a ∈ A : [ t y p e ( E ( a ) ) = C ( p ) M S ∧ T y p e (V a r ( E ( a ) ) ) ⊆ ∑ ]
w h e r e P is th e p la c e o f N (a )
IX- I is an initialization function. It is defined from P into closed expressions such that 7
∀p ∈ P :[Type( I ( p )) = C ( p ) ms ].

Presentation using Petri Nets
Presentation using Petri Nets
- Graph Petri Net
A Petri net, which can be used in a graph, has four essential elements:
places, transitions, arcs, and tokens. As finite state machine and
other tools, Petri nets are used to detect protocol failures.

- Algebraic Petri Net
It is another form of Petri nets that represents a system and a protocol
as a grammar language or logic in an algebraic form

- Colored Petri Net
It is a specific type of petri nets, where the arcs contain data
For more details: http://www.daimi.au.dk/PetriNets/

Why Colored Petri Nets
Why Colored Petri Nets
CP-nets have a graphical representation
CP-nets are very general and can be used to describe a large
variety of different systems
CP-nets have an explicit description of both states and
actions
CP-nets offer hierarchical descriptions
CP-nets offer interactive simulations where the results are
presented directly on the CPN diagram
CP-nets have computer tools supporting their drawing,
simulation and formal analysis
http://www.daimi.au.dk/CPNets/


CP-Net Aspects
CP-Net Aspects TOOLS
• editing
• simulation
THEORY • verification
• models
• basic concepts
• analysis methods

• One of the reasons for PRACTICAL USE
the success of CP-nets is • specification
the fact that It • validation
simultaneously has • verification
worked in all three
• implementation
areas.
REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html

An Introduction to Colored Petri Nets
An Introduction to Colored Petri Nets
University of Aarhus, DK
University of Aarhus, DK

Colored Petri Nets (CP-nets or CPN) is a graphical oriented language
for design, specification, simulation and verification of systems. It
is in particular well-suited for systems in which communication,
synchronization and resource sharing are important.
Typical examples of application areas are communication protocols,
distributed systems, imbedded systems, automated production
systems, work flow analysis and VLSI chips, Medicine, Bio-
informatics , .
CPN Can do: For :
•Networking protocols
•Simulation •Security protocols
•Verification •Multi agent application
•Distributed systems
•Design & model •Work flow
•Specification •VLSI
•Compute the Performance •Industrial protocols
•Many other application 11
http://www.daimi.au.dk/~kjensen/papers_books/rec_papers_books.html#intro_cpn_papers

Elements of CPN
• The ellipses and the circles are called places. They
describe the states of the system (buffers)
• The rectangles are called transitions. They describe the
actions (processes).
• The arrows are called arcs. The arc expressions describe
how the state of the CP-net changes when the transitions
occur.
• Each place contains a set of markers called tokens. each of
these tokens carries a data value, which belongs to a given
type.
Show Diagram

Coloured Petri Nets
• Modelling language for systems where synchronisation,
communication, and resource sharing are important.
Combination of Petri Nets and Programming Language.
Control structures, synchronisation, communication, and
resource sharing are described by Colored Petri Nets.
Data and data manipulations are described by
functional programming language.

CPN models are validated by means of simulation and
verified by means of state spaces and place invariants.

Coloured Petri Nets is developed at University of
Aarhus, Denmark over the last 20 years.


Introductory Model (Simple)
Combination of graphics and texts
• Network of nodes and
arcs.
Places describe the state of
the system. A,B, C or C1, C2,
S1, S2
Places carry markers, called
tokens.int, string, data

Transitions describe the actions
of the system i.e. send, receive,
encrypt, check

Arcs tell how actions modify
the state and when they
occur

IF The token is moved from A to B. This means that the packet is successfully transmitted over the network.
14

Applicable Example:
Applicable Example:
Simulation of scenarios
Receiver expects
packet no. 6.
Sender is still
sending packet
no. 5.
Acknowledgement
requesting packet
no. 6 is arriving.

May be the package
did not arrive (lost)


Abstract Example:
Abstract Example:


Incidence Matrix (State Equation) for CPN..
Incidence Matrix (State Equation) for CPN..


R 
  1
 2B   
Suppose the initial marking Μ 0 = 0  σ = 0
 
B  0
− R R 0     
 
A= − B 0 0 
 2R − 2R B 
 
0 R − 2B
  Μ1 = Μ 0 + Ασ
New concepts of
0 
  Addition
B 
Then we can compute Μ1 =  2R  subtraction,
 
B  Multiplication
 
…..etc.

CP-Nets Applications
CP-Nets Applications
Examples of Industrial Use of CP-nets
The following projects document large-scale practical use of CP-nets and their tools. Many of
the projects have been carried out in an industrial environment. For all projects one or more
papers are available

• Protocols and Networks
• Software
• Hardware
• Control of Systems
• Military Systems
• Other Systems

REF.11/8/2002
And Details: MNLAB, CTI, DEPAUL
http://www.daimi.au.dk/CPnets/intro/example_indu.html 19

Applications
Applications Application areas
Protocols and Networks
Intelligent Networks at Deutsche Telekom
IEEE 802.6 Configuration Control at Telstra Research Labs
Allocation Policies in the Fieldbus Protocol in Japan
ISDN Services at Telstra Research Laboratories
Protocol for an Audio/Video System at Bang & Olufsen
TCP Protocols at Hewlett-Packard
Local Area Network at University of Las Palmas
UPC Algorithms in ATM Networks at University of Aarhus
BRI Protocol in ISDN Networks
Network Management System at RC International A/S
Interprocess Communication in Pool IDA at King's College

Software
Mobile Phones at Nokia
Bank Transactions & Interconnect Fabric at Hewlett-Packard
Mutual Exclusion Algorithm at University of Aarhus
Distributed Program Execution at University of Aarhus
Internet Cache at the Hungarian Academy of Science
Electronic Funds Transfer in the US
Document Storage System at Bull AG
ADA Program at Draper Laboratories


Applications
Applications
Control of Systems
Security and Access Control Systems at Dalcotech A/S
Mechatronic Systems in Cars at Peugeot-Citroën in France
European Train Control System in Germany
Flowmeter System at Danfoss
Traffic Signals in Brazil
Chemical Production in Germany
Model Train System at University of Kiel

Hardware
Superscalar Processor Architectures at University of Newcastle
VLSI Chip in the US
Arbiter Cascade at Meta Software Corp.

Military Systems
Military Communications Gateway in Australia
Influence Nets for the US Air Force
Missile Simulator in Australia
Naval Command and Control System in Canada

Other Systems
Bank Courier Network at Shawmut National Coop.
Nuclear Waste Management Programme in the US

Important application
Important application

Automatic code generation
• CPN models are often used to specify and
validate new software:
• It is also possible to implement the software by
automatic code generation.
– This method has been applied to develop a system
for access control to buildings.
– The source code for the final implementation was
generated automatically from the CPN
specification - by extracting parts of the Standard
ML code used by the CPN simulator.
– The approach is only sensible for systems that are
not time critical and systems that are produced in
small numbers.

Computer tools
• Design/CPN was developed in the late 80'ies
and early 90'ies.
– Today it is the most widely used Petri net package.
– 750 different organisations in 50 countries
– including 200 commercial companies.
• CPN Tools is the next generation of tool
support for
Coloured Petri Nets.
– Within the next 1-2 years the CPN Tools is
expected to replace Design/CPN and obtain the
same number of users.


CP-Net Aspects
CP-Net Aspects TOOLS
• editing
• simulation
• models
• basic concepts

• One of the reasons for PRACTICAL USE
the success of CP-nets is • specification
the fact that we • validation
simultaneously have • verification
worked in all three
• implementation
areas.

Verification of Security Protocols using
Colored Petri Nets

• Why
• How
• Results
• Improvement


Colored Petri Net Objects
Colored Petri Net Objects

Introductory Example:
Introductory Example:


CP-net Intruder Model
CP-net Intruder Model

11/8/2002 simpleCTI, DEPAUL
MNLAB, model 27

Modeling Protocols Using Colored Petri Nets
Modeling Protocols Using Colored Petri Nets
The model consists of the following steps:
Step1: describe the protocol in a CP-Net form.
Step2: write Acceptance Check Steps (ACS).
Step3: describe the intruder model.
Step4: find the insecure states.
Step5: apply the Matrix Analysis Steps (MAS).
Then run your computer program to solve the
equation
Μ n = Μ 0 + Ασ


MAS Flow Chart
MAS Flow Chart
and Implementation
and Implementation

This flow chart
supposes we know
the insecure state
and want to verify
and test whether the
vector σ
exists or not


STS Protocol Messages
STS Protocol Messages
A to B: A, α mod Ρ
x

The client sends α x mod Ρ after generating a secret random x

B to A : α modΡ, Ek (SB (α ,α ), Bp )
y
s
x y

Κ = (α ) mod Ρx y

The server sends α y mod Ρ after generating a secret random y
Sign_mess with server secret key and encrypted by computed session key

A to B : E k (S As (α , α
x y
), A p )
Κ = (α ) mod Ρy x

Sign_mess with client secret key and encrypted by computed session key.

STS Protocol Scenario
STS Protocol Scenario


Steps of Analysis
Steps of Analysis
Step1: model the STS using CP-net illustrated in the previous figure
M1: A, α mod Ρ
x

M2: α y mod Ρ , E k ( S B (α x , α y ), B p )
s

M3: E k (S As (α x
,α y
), A p )
Step2: applying the Acceptance Check Step (ACS) to STS messages
Step3: add the proposed intruder side in the model as in the figure


Part I: Specifying STS
Part I: Specifying STS
Step4.I: by analyzing the protocol, we find that man-in-middle
attack has the ability to direct the negotiation between the
client and server. The intruder shares K1 with the client and
K2 with the server.
T
M 0 = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], where n = 20

And the insecure state
T
Mn = [0,0,0,0,M2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], where n = 20


com send rece decr verif recei store comp sen rece sign encr sen rece
pute m1 ive ypt y ve m1 ute d ive m2 ypt d ive
m1 m2 m2 m1 m1
m2 m1 m1 m2 m2 m2
a1 M1 -M1

a2 -M2 M2

a3 M2 -M2

a4 M2

a5 M2

c1 M1 -M1

c2 M1 -M1

c3 M2 -M2

c4 -M2

b1 M1 -M1

b2 M2 -M2

b3 M2 -M2

i1 M1 -M1

i2 M1 -M1

i3 M2 -M2
i4 M2

com sen recei decr verif rece stor com send rece sign encr send rece decr sign encr send
pute d vem ypt y ive e pute m1 ive m2 ypt m2 ive ypt m2 ypt m2
m1 m1 2 m2 m2 m1 m1 m1 m1 m2 m2 m2 m2

a1 M1 -
M1
a2 -M2 M2

a3 M2 -
M2

a4 M2

a5 M2

c1 M1 -M1

c2 M1 -
M1

c3 M2 -M2

c4 -M2 M2

b1 M1 -
M1

b2 M2 -M2

b3 M2 -M2

i1 M1 -M1

i2 M1 -M1

i3 M2 -M2

i4 M2 -M2

i5 M2 -M2

i6 M2 -
M2

i7 M2 -
M2

i8
11/8/2002 M1
MNLAB, CTI, DEPAUL 38
-M1

Continue
Step5.I: Applying MAS, we find that the defined final
insecure state is reachable from the initial state, which is
considered a major problem in the security of STS protocol.

Μ n = Μ 0 + Ασ


Conclusion
Conclusion

STS Protocol has been verified and specified using
Colored Petri nets
the insecure states in STS Protocol have been proved
More research needs to be conducted in verification of
protocols (sp. security protocols)
Analysis complex security protocols
Compute the performance of security protocols using CP-nets
Compare between different tools for verification and
analysis of security protocols


Conclusion TOOLS
• editing
• simulation
• models
• basic concepts

PRACTICAL USE
• One of the reasons for • specification
the success of CP-nets is • validation
the fact that we
• verification
simultaneously have
• implementation
worked in all three
areas.

References and Links

• http://www.daimi.au.dk/CPnets/
• www.students.depaul.edu/~saly.html
• http://www.daimi.au.dk/PetriNets/research/
• A list of of more than 50 published papers describing
different industrial applications of CP-nets and the CPN
tools.
http://www.daimi.au.dk/CPnets/intro/example_indu.html

REF.11/8/2002
And Details: MNLAB, CTI, DEPAUL
http://www.daimi.au.dk/CPnets/intro/example_indu.html 43

Questions ??
Open Discussion

? ?

? ?


Colored petri nets theory and applications

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a Colored petri nets theory and applications

Semelhante a Colored petri nets theory and applications (20)

Último

Último (20)

Colored petri nets theory and applications