Colored petri nets theory and applications

11/8/2002 MNLAB, CTI, DEPAUL 1

Colored Petri Nets Theory and Applications:Modeling and Verifications of Protocols

Multimedia and Network Research LabCTI , DePaul University

Chicago, USA11/8/2002


Main Points

Verification and Analysis Tools Introduction to Petri Nets

Basic Concepts of Colored Petri NetsApplications of CP-NetsAnalysis and Verifications of Security Protocols• Definitions and Modeling Objects• Using CP-Nets to Verify Security Protocols

Analysis and Verifications of STS ProtocolConclusion & References


Verification Tools and Models Verification Tools and Models Verification Tools and Models

Finite State MachineBrotus , Marrero , CMUPetri Nets , Aarhus Univ. , DKBAN Logic , California Univ.Spi Calculus , Cambridge Univ.Murphi , Stanford Univ.The Non-interference [CCS and SPA] ApproachThe Strand SpacesLOTOS+CADPInductive Approach, Isabelle/HOLOthers


Why do we make these models?Why do we make these models?

• We do make models to:– learn new things about a system.– verify correctness of a protocol or a system, absence of

deadlocks, etc.– discover Bugs and Errors, remove bottlenecks– try to simulate the system, because We do not have the

real recourses to implement– measure the performance (as benchmark)– check that the system design has certain expected

propertiesEX. find insecure states or check if they are reachable…


Petri NetsPetri Nets: : a a formalformal, , graphicalgraphical, , executableexecutable technique for the technique for the

specificationspecification and and analysisanalysis of of concurrentconcurrent, , discretediscrete--event event dynamic systemsdynamic systems; ; MoreMore………… On Petri NetsOn Petri Nets

Formal:Formal:The technique is mathematically well-defined. Many static and dynamic properties

of a Petri net may be mathematically proven

Graphical: Graphical: The technique belongs to a branch of mathematics called graph theory. A Petri net may be

represented graphically as well as mathematically. The ability to visualize structure and behavior of a Petri net promotes understanding of the modeled system. Software tools exist which support graphical construction and visualization

Executable: Executable: A Petri net may be executed and the dynamic behavior observed graphically. Software tools exist

which automate execution

http://www.petrinets.org/formal.php

http://www.petrinets.org/graphical.php

http://www.petrinets.org/executable.php

http://www.petrinets.org/specification.php

http://www.petrinets.org/analysis.php

http://www.petrinets.org/concurrent.php

http://www.petrinets.org/discrete.php

http://www.daimi.au.dk/PetriNets/

http://www.daimi.au.dk/PetriNets/tools/





Petri NetsPetri Nets: : a a formalformal, , graphicalgraphical, , executableexecutable technique for the technique for the

specificationspecification andand analysisanalysis of of concurrentconcurrent, , discretediscrete--event event dynamic systemsdynamic systems; ; MoreMore………… On Petri NetsOn Petri Nets

SpecificationSpecification: System requirements expressed and verified (by formal analysis) using the technique

constitute a formal system specification.

Analysis: Analysis: System specification is often an iterative process, with requirements initially poorly understood or ill-defined.

A specification in the form of a Petri net model may be formally analyzed against static and dynamic system requirements. Visual feedback from the Petri net graph at each iteration of the specification increases understanding of the requirements, highlights errors in the model (or sometimes the requirements) and results in rapid convergence on a mathematically correct and consistent specification. Software tools exist which support and automate analysis.

Concurrent: Concurrent: The representation of multiple independent dynamic entities within a system is supported naturally by the

technique, making it highly suitable for capturing systems which exhibit concurrency, e.g., multi-agent systems, distributed databases, client-server networks and modern telecommunications systems.

Discrete event dynamic system:Discrete event dynamic system:a system which may change state over time, based on current state and state-transition rules, and where

each state is separated from its neighbor by a step rather than a continuum of intermediate infinitesimal states. Often falling into this classification are information systems, operating systems, networking protocols, banking systems, business processes and telecommunications systems



http://www.petrinets.org/formal.php

http://www.petrinets.org/graphical.php

http://www.petrinets.org/executable.php

http://www.petrinets.org/specification.php

http://www.petrinets.org/analysis.php

http://www.petrinets.org/concurrent.php

http://www.petrinets.org/discrete.php

http://www.daimi.au.dk/PetriNets/

7

Basic DefinitionsBasic Basic DefinitionsDefinitions( , , , )PN = Ρ Τ Α Ν

P T P A T A∩ = ∩ = ∩ =∅

In a formal way, A P-net is a tuple • I P is a finite set of Places.• II- T is a finite set of Transitions.• III- A is a finite set of Arcs such that: • IV- N is a set of Token

In a formal way, A CP-net is a tuple

I- is a finite set of non-empty types, also called colored sets.II- P is a finite set of Places.III- T is a finite set of Transitions.IV- A is a finite set of Arcs such that: V- N is a node function. It is defined from A into .”colored over arcs”VI- C is a color function. It is defined from P into . “token”VII- G is a guard function. It is defined from T into expressions such that: “Boolean function with

probability.”

VIII- E is an arc expression function. It is defined from A in to expressions such that: i.e. (check k=n)

IX- I is an initialization function. It is defined from P into closed expressions such that

),,,,,,,,( IEGCCPN ΝΑΤΡ∑=

∑

P T P A T A∩ = ∩ = ∩ =∅

P T T P× ∪ ×

∑

:[ ( ( )) ( ( ( ))) ].t T Type G t B Type Var G t∀ ∈ = ∧ ⊆ ∑

: [ ( ( ) ) ( ) ( ( ( ) ) ) ] P i s t h e p l a c e o f N ( a )

a A t y p e E a C p M S T y p e V a r E aw h e r e∀ ∈ = ∧ ⊆ ∑

:[ ( ( )) ( ) ].p P Type I p C p ms∀ ∈ =


Presentation using Petri NetsPresentation usingPresentation using PetriPetri NetsNets- Graph Petri NetA Petri net, which can be used in a graph, has four essential elements:

places, transitions, arcs, and tokens. As finite state machine and other tools, Petri nets are used to detect protocol failures.

- Algebraic Petri NetIt is another form of Petri nets that represents a system and a protocol

as a grammar language or logic in an algebraic form

- Colored Petri NetIt is a specific type of petri nets, where the arcs contain data

For more details: http://www.daimi.au.dk/PetriNets/


Why Colored Petri Nets Why ColoredWhy Colored PetriPetri Nets Nets

CP-nets have a graphical representationCP-nets are very general and can be used to describe a large variety of different systemsCP-nets have an explicit description of both states and actionsCP-nets offer hierarchical descriptionsCP-nets offer interactive simulations where the results are presented directly on the CPN diagramCP-nets have computer tools supporting their drawing, simulation and formal analysis

http://www.daimi.au.dk/CPNets/


CP-Net AspectsCPCP--Net AspectsNet Aspects

• One of the reasons for the success of CP-nets is the fact that It simultaneously has worked in all three areas.

TOOLS • editing • simulation • verificationTHEORY

• models• basic concepts• analysis methods

PRACTICAL USE • specification • validation • verification • implementation

REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html

11

Colored Petri Nets (CP-nets or CPN) is a graphical oriented language for design, specification, simulation and verification of systems. It is in particular well-suited for systems in which communication, synchronization and resource sharing are important.

Typical examples of application areas are communication protocols, distributed systems, imbedded systems, automated production systems, work flow analysis and VLSI chips, Medicine, Bio-informatics , .

For :•Networking protocols•Security protocols•Multi agent application•Distributed systems•Work flow•VLSI•Industrial protocols•Many other application

CPN Can do:•Simulation•Verification•Design & model•Specification•Compute the Performance

http://www.daimi.au.dk/~kjensen/papers_books/rec_papers_books.html#intro_cpn_papers

An Introduction to Colored Petri Nets University of Aarhus, DKAarhusAarhus, DK

An Introduction to Colored Petri Nets An Introduction to Colored Petri Nets University ofUniversity of , DK


Elements of CPN

• The ellipses and the circles are called places. They describe the states of the system (buffers)

• The rectangles are called transitions. They describe the actions (processes).

• The arrows are called arcs. The arc expressions describe how the state of the CP-net changes when the transitions occur.

• Each place contains a set of markers called tokens. each of these tokens carries a data value, which belongs to a given type.

Show Diagram


Coloured Petri Nets• Modelling language for systems where synchronisation,

communication, and resource sharing are important.Combination of Petri Nets and Programming Language.

Control structures, synchronisation, communication, and resource sharing are described by Colored Petri Nets.Data and data manipulations are described byfunctional programming language.

CPN models are validated by means of simulation and verified by means of state spaces and place invariants.

Coloured Petri Nets is developed at University ofAarhus, Denmark over the last 20 years.


14

Combination of graphics and textsIntroductory Model (Simple)

• Network of nodes and arcs.

Arcs tell how actions modify the state and when they occur

Places describe the state of the system. A,B, C or C1, C2, S1, S2

Transitions describe the actions of the system i.e. send, receive, encrypt, check

Places carry markers, called tokens.int, string, data

REF. Kurt Jensen And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.htmlIFIF The token is moved from A to B. This means that the packet is successfully transmitted over the network.


Applicable Example:Applicable Example:Applicable Example:

Simulation of scenariosReceiver expectspacket no. 6.

Sender is still sending packetno. 5.

Acknowledgement requesting packetno. 6 is arriving.

May be the package did not arrive (lost)



Abstract Example:Abstract Example:Abstract Example:


Incidence Matrix (State Equation) for CPN..Incidence Matrix (State Equation) for CPN..Incidence Matrix (State Equation) for CPN..


B

BR

02

=

001

σSuppose the initial marking =Μ 0

−−

−−

BRBRR

BRR

2022

000

A=

σΑ+Μ=Μ 01

New concepts of

Addition

subtraction,

Multiplication

…..etc.

BR

B2

0

=Μ1Then we can compute


Examples of Industrial Use of CPExamples of Industrial Use of CP--netsnetsThe following projects document large-scale practical use of CP-nets and their tools. Many of the projects have been carried out in an industrial environment. For all projects one or more papers are available

CP-Nets ApplicationsCPCP--Nets ApplicationsNets Applications

• Protocols and Networks• Software• Hardware• Control of Systems• Military Systems• Other Systems

REF. And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html

http://www.daimi.au.dk/CPnets/intro/1.html










Application areasProtocols and Networks

Intelligent Networks at Deutsche Telekom IEEE 802.6 Configuration Control at Telstra Research LabsAllocation Policies in the Fieldbus Protocol in Japan ISDN Services at Telstra Research Laboratories Protocol for an Audio/Video System at Bang & OlufsenTCP Protocols at Hewlett-Packard Local Area Network at University of Las Palmas UPC Algorithms in ATM Networks at University of AarhusBRI Protocol in ISDN Networks Network Management System at RC International A/SInterprocess Communication in Pool IDA at King's College

SoftwareMobile Phones at Nokia Bank Transactions & Interconnect Fabric at Hewlett-Packard Mutual Exclusion Algorithm at University of Aarhus Distributed Program Execution at University of Aarhus Internet Cache at the Hungarian Academy of Science Electronic Funds Transfer in the US Document Storage System at Bull AG ADA Program at Draper Laboratories

ApplicationsApplicationsApplications



Control of SystemsSecurity and Access Control Systems at Dalcotech A/S Mechatronic Systems in Cars at Peugeot-Citroën in France European Train Control System in Germany Flowmeter System at Danfoss Traffic Signals in Brazil Chemical Production in Germany Model Train System at University of Kiel

Hardware Superscalar Processor Architectures at University of Newcastle VLSI Chip in the US Arbiter Cascade at Meta Software Corp.

Military SystemsMilitary Communications Gateway in Australia Influence Nets for the US Air Force Missile Simulator in Australia Naval Command and Control System in Canada

Other Systems

ApplicationsApplicationsApplications

Bank Courier Network at Shawmut National Coop. Nuclear Waste Management Programme in the US



Automatic code generationImportant applicationImportant applicationImportant application

• CPN models are often used to specify and validate new software:

• It is also possible to implement the software by automatic code generation.– This method has been applied to develop a system

for access control to buildings.– The source code for the final implementation was

generated automatically from the CPN specification - by extracting parts of the Standard ML code used by the CPN simulator.

– The approach is only sensible for systems that are not time critical and systems that are produced in small numbers.



Computer tools• Design/CPN was developed in the late 80'ies

and early 90'ies. – Today it is the most widely used Petri net package.– 750 different organisations in 50 countries– including 200 commercial companies.

• CPN Tools is the next generation of tool support forColoured Petri Nets.– Within the next 1-2 years the CPN Tools is

expected to replace Design/CPN and obtain the same number of users.



• One of the reasons for the success of CP-nets is the fact that we simultaneously have worked in all three areas.




CP-Net AspectsCPCP--Net AspectsNet Aspects



Verification of Security Protocols using Colored Petri Nets

• Why• How• Results• Improvement


Colored Petri Net Objects ColoredColored PetriPetri Net Objects Net Objects

Introductory Example:Introductory Example:Introductory Example:


CP-net Intruder ModelCPCP--net Intruder Modelnet Intruder Model

simple model


Modeling Protocols Using Colored Petri NetsModeling Protocols Using ColoredModeling Protocols Using Colored PetriPetri NetsNets

The model consists of the following steps:Step1: describe the protocol in a CP-Net form.Step2: write Acceptance Check Steps (ACS).Step3: describe the intruder model.Step4: find the insecure states.Step5: apply the Matrix Analysis Steps (MAS).

Then run your computer program to solve the equation

σΑ+Μ=Μ 0n


MAS Flow Chart and Implementation

MAS Flow Chart MAS Flow Chart and Implementation and Implementation

This flow chart supposes we know the insecure state and want to verify and test whether the vector exists or not

σ


STS Protocol MessagesSTS Protocol MessagesSTS Protocol Messages

B to A : )),,((,mod pyx

Bky BSE

sααα Ρ

Ρ=Κ mod)( yxα

Sign_mess with server secret key and encrypted by computed session keyThe server sends after generating a secret random Ρmodyα y

Ρmodxα xA to B: Ρmod, xA αThe client sends after generating a secret random

A to B : )),,(( pyx

Ak ASEs

ααΡ=Κ mod)( xyα

Sign_mess with client secret key and encrypted by computed session key.


STS Protocol ScenarioSTS Protocol ScenarioSTS Protocol Scenario



Steps of AnalysisSteps of AnalysisSteps of AnalysisStep1: model the STS using CP-net illustrated in the previous figure

M1: Ρmod, xA α

M2: )),,((,mod pyx

Bky BSE

sααα Ρ

)),,(( pyx

Ak ASEs

ααStep2: applying the Acceptance Check Step (ACS) to STS messages

M3:

Step3: add the proposed intruder side in the model as in the figure



Part I: Specifying STSPart I: Specifying STSPart I: Specifying STS

Step4.I: by analyzing the protocol, we find that man-in-middle attack has the ability to direct the negotiation between the client and server. The intruder shares K1 with the client and K2 with the server.

=TM 0 [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], where n = 20

And the insecure state

=TnM [0,0,0,0,M2\,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0], where n = 20



computem1

send m1

receivem2\

decryptm2\

verify m2\

receive m1

store m1

compute

m1\

send m1\

receive m1\

sign m2

encrypt m2

send m2

receive m2

a1 M1 -M1

a2 -M2\ M2\

a3 M2\ -M2\

a4 M2\

a5 M2\

c1 M1 -M1

c2 M1\ -M1\

c3 M2 -M2

c4 -M2\

b1 M1\ -M1\

b2 M2 -M2

b3 M2 -M2

i1 M1 -M1

i2 M1 -M1

i3 M2 -M2

i4 M2


compute m1

send m1

receivem2\

decrypt m2\

verify m2\

receive m1

store m1

compute m1\

send m1\

receive m1\

sign m2

encrypt m2

send m2

receive m2

decrypt m2

sign m2\

encrypt m2\

send m2\

a1 M1 -M1

a2 -M2\ M2\

a3 M2\ -M2\

a4 M2\

a5 M2\

c1 M1 -M1

c2 M1\ -M1\

c3 M2 -M2

c4 -M2\ M2\

b1 M1\ -M1\

b2 M2 -M2

b3 M2 -M2

i1 M1 -M1

i2 M1 -M1

i3 M2 -M2

i4 M2 -M2

i5 M2 -M2

i6 M2\ -M2\

i7 M2\ -M2\

i8 M1 -M1


ContinueStep5.I: Applying MAS, we find that the defined final insecure state is reachable from the initial state, which is considered a major problem in the security of STS protocol.

σΑ+Μ=Μ 0n



ConclusionConclusionConclusion

STS Protocol has been verified and specified using Colored Petri netsthe insecure states in STS Protocol have been provedMore research needs to be conducted in verification of protocols (sp. security protocols)Analysis complex security protocolsCompute the performance of security protocols using CP-nets

Compare between different tools for verification and analysis of security protocols


Conclusion

• One of the reasons for the success of CP-nets is the fact that we simultaneously have worked in all three areas.






References and Links

• http://www.daimi.au.dk/CPnets/• www.students.depaul.edu/~saly.html• http://www.daimi.au.dk/PetriNets/research/• A list of of more than 50 published papers describing

different industrial applications of CP-nets and the CPN tools. http://www.daimi.au.dk/CPnets/intro/example_indu.html

REF. And Details: http://www.daimi.au.dk/CPnets/intro/example_indu.html


Questions ??Questions ??Open DiscussionOpen Discussion

????

?? ??