Your SlideShare is downloading. ×
Colored petri nets theory and applications
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Colored petri nets theory and applications


Published on

my PDF

my PDF

Published in: Design

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Colored Petri Nets Theory and Applications: Modeling and Verifications of Protocols Multimedia and Network Research Lab CTI , DePaul University Chicago, USA 11/8/200211/8/2002 MNLAB, CTI, DEPAUL 1
  • 2. Main Points Verification and Analysis Tools Introduction to Petri Nets Basic Concepts of Colored Petri Nets Applications of CP-Nets Analysis and Verifications of Security Protocols • Definitions and Modeling Objects • Using CP-Nets to Verify Security Protocols Analysis and Verifications of STS Protocol Conclusion & References11/8/2002 MNLAB, CTI, DEPAUL 2
  • 3. Verification Tools and Models Verification Tools and ModelsFinite State MachineBrotus , Marrero , CMUPetri Nets , Aarhus Univ. , DKBAN Logic , California Univ.Spi Calculus , Cambridge Univ.Murphi , Stanford Univ.The Non-interference [CCS and SPA] ApproachThe Strand SpacesLOTOS+CADPInductive Approach, Isabelle/HOLOthers11/8/2002 MNLAB, CTI, DEPAUL 3
  • 4. Why do we make these models? Why do we make these models?• We do make models to: – learn new things about a system. – verify correctness of a protocol or a system, absence of deadlocks, etc. – discover Bugs and Errors, remove bottlenecks – try to simulate the system, because We do not have the real recourses to implement – measure the performance (as benchmark) – check that the system design has certain expected propertiesEX. find insecure states or check if they are reachable… 11/8/2002 MNLAB, CTI, DEPAUL 4
  • 5. Petri Nets: a formal, graphical, executable technique for thespecification and analysis of concurrent, discrete-event dynamic systems; More…… On Petri NetsFormal:The technique is mathematically well-defined. Many static and dynamic properties of a Petri net may be mathematically provenGraphical: The technique belongs to a branch of mathematics called graph theory. A Petri net may be represented graphically as well as mathematically. The ability to visualize structure and behavior of a Petri net promotes understanding of the modeled system. Software tools exist which support graphical construction and visualizationExecutable: A Petri net may be executed and the dynamic behavior observed graphically. Software tools exist which automate execution 11/8/2002 MNLAB, CTI, DEPAUL 5
  • 6. Petri Nets: a formal, graphical, executable technique for thespecification and analysis of concurrent, discrete-event dynamic systems; More…… On Petri NetsSpecification:SpecificationSystem requirements expressed and verified (by formal analysis) using the technique constitute a formal system specification.Analysis:System specification is often an iterative process, with requirements initially poorly understood or ill-defined. A specification in the form of a Petri net model may be formally analyzed against static and dynamic system requirements. Visual feedback from the Petri net graph at each iteration of the specification increases understanding of the requirements, highlights errors in the model (or sometimes the requirements) and results in rapid convergence on a mathematically correct and consistent specification. Software tools exist which support and automate analysis.Concurrent:The representation of multiple independent dynamic entities within a system is supported naturally by the technique, making it highly suitable for capturing systems which exhibit concurrency, e.g., multi-agent systems, distributed databases, client-server networks and modern telecommunications systems.Discrete event dynamic system:a system which may change state over time, based on current state and state-transition rules, and where each state is separated from its neighbor by a step rather than a continuum of intermediate infinitesimal states. Often falling into this classification are information systems, operating systems, networking 11/8/2002 banking systems, business processes and telecommunications systems protocols, MNLAB, CTI, DEPAUL 6
  • 7. Basic Definitions Basic DefinitionsIn a formal way, A P-net is a tuple PN = (Ρ, Τ, Α, Ν )• I P is a finite set of Places.• II- T is a finite set of Transitions.• III- A is a finite set of Arcs such that: P ∩ T = P ∩ A = T ∩ A = ∅• IV- N is a set of TokenIn a formal way, A CP-net is a tuple CPN = (∑, Ρ, Τ, Α, Ν, C , G, E , I ) I- ∑ is a finite set of non-empty types, also called colored sets. II- P is a finite set of Places. III- T is a finite set of Transitions. P ∩T = P ∩ A = T ∩ A = ∅ IV- A is a finite set of Arcs such that: V- N is a node function. It is defined from A into .”colored over arcs”P × T ∪ T × P VI- C is a color function. It is defined from P into . ∑ “token” VII- G is a guard function. It is defined from T into expressions such that: “Boolean function with probability.” ∀t ∈ T :[Type(G (t )) = B ∧ Type(Var (G (t ))) ⊆ ∑ ]. VIII- E is an arc expression function. It is defined from A in to expressions such that: i.e. (check k=n) ∀ a ∈ A : [ t y p e ( E ( a ) ) = C ( p ) M S ∧ T y p e (V a r ( E ( a ) ) ) ⊆ ∑ ] w h e r e P is th e p la c e o f N (a ) IX- I is an initialization function. It is defined from P into closed expressions such that 7 ∀p ∈ P :[Type( I ( p )) = C ( p ) ms ].
  • 8. Presentation using Petri Nets Presentation using Petri Nets- Graph Petri NetA Petri net, which can be used in a graph, has four essential elements: places, transitions, arcs, and tokens. As finite state machine and other tools, Petri nets are used to detect protocol failures.- Algebraic Petri NetIt is another form of Petri nets that represents a system and a protocol as a grammar language or logic in an algebraic form- Colored Petri NetIt is a specific type of petri nets, where the arcs contain dataFor more details: 11/8/2002 MNLAB, CTI, DEPAUL 8
  • 9. Why Colored Petri Nets Why Colored Petri NetsCP-nets have a graphical representationCP-nets are very general and can be used to describe a largevariety of different systemsCP-nets have an explicit description of both states andactionsCP-nets offer hierarchical descriptionsCP-nets offer interactive simulations where the results arepresented directly on the CPN diagramCP-nets have computer tools supporting their drawing,simulation and formal analysis MNLAB, CTI, DEPAUL 9
  • 10. CP-Net Aspects CP-Net Aspects TOOLS • editing • simulation THEORY • verification • models • basic concepts • analysis methods• One of the reasons for PRACTICAL USE the success of CP-nets is • specification the fact that It • validation simultaneously has • verification worked in all three • implementation areas. 11/8/2002 MNLAB, CTI, DEPAUL 10REF. Kurt Jensen And Details:
  • 11. An Introduction to Colored Petri Nets An Introduction to Colored Petri Nets University of Aarhus, DK University of Aarhus, DKColored Petri Nets (CP-nets or CPN) is a graphical oriented language for design, specification, simulation and verification of systems. It is in particular well-suited for systems in which communication, synchronization and resource sharing are important.Typical examples of application areas are communication protocols, distributed systems, imbedded systems, automated production systems, work flow analysis and VLSI chips, Medicine, Bio- informatics , . CPN Can do: For : •Networking protocols •Simulation •Security protocols •Verification •Multi agent application •Distributed systems •Design & model •Work flow •Specification •VLSI •Compute the Performance •Industrial protocols •Many other application 11
  • 12. Elements of CPN• The ellipses and the circles are called places. They describe the states of the system (buffers)• The rectangles are called transitions. They describe the actions (processes).• The arrows are called arcs. The arc expressions describe how the state of the CP-net changes when the transitions occur.• Each place contains a set of markers called tokens. each of these tokens carries a data value, which belongs to a given type. Show Diagram11/8/2002 MNLAB, CTI, DEPAUL 12
  • 13. Coloured Petri Nets • Modelling language for systems where synchronisation, communication, and resource sharing are important. Combination of Petri Nets and Programming Language. Control structures, synchronisation, communication, and resource sharing are described by Colored Petri Nets. Data and data manipulations are described by functional programming language. CPN models are validated by means of simulation and verified by means of state spaces and place invariants. Coloured Petri Nets is developed at University of Aarhus, Denmark over the last 20 years. 11/8/2002 MNLAB, CTI, DEPAUL 13REF. Kurt Jensen And Details:
  • 14. Introductory Model (Simple) Combination of graphics and texts • Network of nodes and arcs. Places describe the state of the system. A,B, C or C1, C2, S1, S2 Places carry markers, called, string, data Transitions describe the actions of the system i.e. send, receive, encrypt, check Arcs tell how actions modify the state and when they occur IF The token is moved from A to B. This means that the packet is successfully transmitted over the network. 14REF. Kurt Jensen And Details:
  • 15. Applicable Example:Applicable Example: Simulation of scenarios Receiver expects packet no. 6. Sender is still sending packet no. 5. Acknowledgement requesting packet no. 6 is arriving. May be the package did not arrive (lost) 11/8/2002 MNLAB, CTI, DEPAUL 15REF. Kurt Jensen And Details:
  • 16. Abstract Example:Abstract Example: 11/8/2002 MNLAB, CTI, DEPAUL 16
  • 17. Incidence Matrix (State Equation) for CPN.. Incidence Matrix (State Equation) for CPN.. 11/8/2002 MNLAB, CTI, DEPAUL 17
  • 18. R    1  2B   Suppose the initial marking Μ 0 = 0  σ = 0   B  0 − R R 0        A= − B 0 0   2R − 2R B    0 R − 2B   Μ1 = Μ 0 + Ασ New concepts of 0    Addition B Then we can compute Μ1 =  2R  subtraction,   B  Multiplication   …..etc. 11/8/2002 MNLAB, CTI, DEPAUL 18
  • 19. CP-Nets Applications CP-Nets ApplicationsExamples of Industrial Use of CP-netsThe following projects document large-scale practical use of CP-nets and their tools. Many ofthe projects have been carried out in an industrial environment. For all projects one or morepapers are available • Protocols and Networks • Software • Hardware • Control of Systems • Military Systems • Other Systems REF.11/8/2002 And Details: MNLAB, CTI, DEPAUL 19
  • 20. Applications Applications Application areas Protocols and Networks Intelligent Networks at Deutsche Telekom IEEE 802.6 Configuration Control at Telstra Research Labs Allocation Policies in the Fieldbus Protocol in Japan ISDN Services at Telstra Research Laboratories Protocol for an Audio/Video System at Bang & Olufsen TCP Protocols at Hewlett-Packard Local Area Network at University of Las Palmas UPC Algorithms in ATM Networks at University of Aarhus BRI Protocol in ISDN Networks Network Management System at RC International A/S Interprocess Communication in Pool IDA at Kings College Software Mobile Phones at Nokia Bank Transactions & Interconnect Fabric at Hewlett-Packard Mutual Exclusion Algorithm at University of Aarhus Distributed Program Execution at University of Aarhus Internet Cache at the Hungarian Academy of Science Electronic Funds Transfer in the US Document Storage System at Bull AG ADA Program at Draper Laboratories 11/8/2002 MNLAB, CTI, DEPAUL 20REF. Kurt Jensen And Details:
  • 21. Applications Applications Control of Systems Security and Access Control Systems at Dalcotech A/S Mechatronic Systems in Cars at Peugeot-Citroën in France European Train Control System in Germany Flowmeter System at Danfoss Traffic Signals in Brazil Chemical Production in Germany Model Train System at University of Kiel Hardware Superscalar Processor Architectures at University of Newcastle VLSI Chip in the US Arbiter Cascade at Meta Software Corp. Military Systems Military Communications Gateway in Australia Influence Nets for the US Air Force Missile Simulator in Australia Naval Command and Control System in Canada Other Systems Bank Courier Network at Shawmut National Coop. Nuclear Waste Management Programme in the US 11/8/2002 MNLAB, CTI, DEPAUL 21REF. Kurt Jensen And Details:
  • 22. Important application Important application Automatic code generation • CPN models are often used to specify and validate new software: • It is also possible to implement the software by automatic code generation. – This method has been applied to develop a system for access control to buildings. – The source code for the final implementation was generated automatically from the CPN specification - by extracting parts of the Standard ML code used by the CPN simulator. – The approach is only sensible for systems that are not time critical and systems that are produced in small numbers. 11/8/2002 MNLAB, CTI, DEPAUL 22REF. Kurt Jensen And Details:
  • 23. Computer tools • Design/CPN was developed in the late 80ies and early 90ies. – Today it is the most widely used Petri net package. – 750 different organisations in 50 countries – including 200 commercial companies. • CPN Tools is the next generation of tool support for Coloured Petri Nets. – Within the next 1-2 years the CPN Tools is expected to replace Design/CPN and obtain the same number of users. 11/8/2002 MNLAB, CTI, DEPAUL 23REF. Kurt Jensen And Details:
  • 24. CP-Net Aspects CP-Net Aspects TOOLS • editing • simulation THEORY • verification • models • basic concepts • analysis methods• One of the reasons for PRACTICAL USE the success of CP-nets is • specification the fact that we • validation simultaneously have • verification worked in all three • implementation areas. 11/8/2002 MNLAB, CTI, DEPAUL 24REF. Kurt Jensen And Details:
  • 25. Verification of Security Protocols using Colored Petri Nets• Why• How• Results• Improvement11/8/2002 MNLAB, CTI, DEPAUL 25
  • 26. Colored Petri Net Objects Colored Petri Net Objects Introductory Example: Introductory Example:11/8/2002 MNLAB, CTI, DEPAUL 26
  • 27. CP-net Intruder Model CP-net Intruder Model11/8/2002 simpleCTI, DEPAUL MNLAB, model 27
  • 28. Modeling Protocols Using Colored Petri Nets Modeling Protocols Using Colored Petri NetsThe model consists of the following steps:Step1: describe the protocol in a CP-Net form.Step2: write Acceptance Check Steps (ACS).Step3: describe the intruder model.Step4: find the insecure states.Step5: apply the Matrix Analysis Steps (MAS). Then run your computer program to solve the equation Μ n = Μ 0 + Ασ 11/8/2002 MNLAB, CTI, DEPAUL 28
  • 29. MAS Flow Chart MAS Flow Chartand Implementationand Implementation This flow chart supposes we know the insecure state and want to verify and test whether the vector σ exists or not 11/8/2002 MNLAB, CTI, DEPAUL 29
  • 30. STS Protocol Messages STS Protocol MessagesA to B: A, α mod Ρ xThe client sends α x mod Ρ after generating a secret random xB to A : α modΡ, Ek (SB (α ,α ), Bp ) y s x y Κ = (α ) mod Ρx yThe server sends α y mod Ρ after generating a secret random ySign_mess with server secret key and encrypted by computed session keyA to B : E k (S As (α , α x y ), A p ) Κ = (α ) mod Ρy xSign_mess with client secret key and encrypted by computed session key. 11/8/2002 MNLAB, CTI, DEPAUL 30
  • 31. STS Protocol Scenario STS Protocol Scenario11/8/2002 MNLAB, CTI, DEPAUL 31
  • 32. 11/8/2002 MNLAB, CTI, DEPAUL 32
  • 33. Steps of Analysis Steps of AnalysisStep1: model the STS using CP-net illustrated in the previous figure M1: A, α mod Ρ x M2: α y mod Ρ , E k ( S B (α x , α y ), B p ) s M3: E k (S As (α x ,α y ), A p )Step2: applying the Acceptance Check Step (ACS) to STS messagesStep3: add the proposed intruder side in the model as in the figure 11/8/2002 MNLAB, CTI, DEPAUL 33
  • 34. 11/8/2002 MNLAB, CTI, DEPAUL 34
  • 35. Part I: Specifying STS Part I: Specifying STSStep4.I: by analyzing the protocol, we find that man-in-middleattack has the ability to direct the negotiation between theclient and server. The intruder shares K1 with the client andK2 with the server. TM 0 = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], where n = 20And the insecure state TMn = [0,0,0,0,M2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], where n = 20 11/8/2002 MNLAB, CTI, DEPAUL 35
  • 36. 11/8/2002 MNLAB, CTI, DEPAUL 36
  • 37. com send rece decr verif recei store comp sen rece sign encr sen rece pute m1 ive ypt y ve m1 ute d ive m2 ypt d ive m1 m2 m2 m1 m1 m2 m1 m1 m2 m2 m2a1 M1 -M1a2 -M2 M2a3 M2 -M2a4 M2a5 M2c1 M1 -M1c2 M1 -M1c3 M2 -M2c4 -M2b1 M1 -M1b2 M2 -M2b3 M2 -M2i1 M1 -M1i2 M1 -M1i3 M2 -M2 11/8/2002 MNLAB, CTI, DEPAUL 37i4 M2
  • 38. com sen recei decr verif rece stor com send rece sign encr send rece decr sign encr send pute d vem ypt y ive e pute m1 ive m2 ypt m2 ive ypt m2 ypt m2 m1 m1 2 m2 m2 m1 m1 m1 m1 m2 m2 m2 m2a1 M1 - M1a2 -M2 M2a3 M2 - M2a4 M2a5 M2c1 M1 -M1c2 M1 - M1c3 M2 -M2c4 -M2 M2b1 M1 - M1b2 M2 -M2b3 M2 -M2i1 M1 -M1i2 M1 -M1i3 M2 -M2i4 M2 -M2i5 M2 -M2i6 M2 - M2i7 M2 - M2i8 11/8/2002 M1 MNLAB, CTI, DEPAUL 38 -M1
  • 39. ContinueStep5.I: Applying MAS, we find that the defined finalinsecure state is reachable from the initial state, which isconsidered a major problem in the security of STS protocol. Μ n = Μ 0 + Ασ 11/8/2002 MNLAB, CTI, DEPAUL 39
  • 40. 11/8/2002 MNLAB, CTI, DEPAUL 40
  • 41. Conclusion ConclusionSTS Protocol has been verified and specified usingColored Petri netsthe insecure states in STS Protocol have been provedMore research needs to be conducted in verification ofprotocols (sp. security protocols)Analysis complex security protocolsCompute the performance of security protocols using CP-netsCompare between different tools for verification andanalysis of security protocols11/8/2002 MNLAB, CTI, DEPAUL 41
  • 42. Conclusion TOOLS • editing • simulation THEORY • verification • models • basic concepts • analysis methods PRACTICAL USE • One of the reasons for • specification the success of CP-nets is • validation the fact that we • verification simultaneously have • implementation worked in all three areas. 11/8/2002 MNLAB, CTI, DEPAUL 42REF. Kurt Jensen And Details:
  • 43. References and Links • • • • A list of of more than 50 published papers describing different industrial applications of CP-nets and the CPN tools. And Details: MNLAB, CTI, DEPAUL 43
  • 44. Questions ?? Open Discussion? ?? ?11/8/2002 MNLAB, CTI, DEPAUL 44