A self-adaptive resource provisioning on demand is a critical factor in cloud computing.The selection of accurate amount of resources at run time is not easy due to dynamic nature of requests.Therefore,a self-adaptive...A self-adaptive resource provisioning on demand is a critical factor in cloud computing.The selection of accurate amount of resources at run time is not easy due to dynamic nature of requests.Therefore,a self-adaptive strategy of resources is required to deal with dynamic nature of requests based on run time change in workload.In this paper we proposed a Cloud-based Adaptive Resource Scheduling Strategy(CARSS)Framework that formally addresses these issues and is more expressive than traditional approaches.The decision making in CARSS is based on more than one factors.TheMAPE-K based framework determines the state of the resources based on their current utilization.Timed-Arc Petri Net(TAPN)is used to model system formally and behaviour is expressed in TCTL,while TAPAAL model checker verifies the underline properties of the system.展开更多
To makesystem-of-systems combat simulation models easy to be developed and reused, simulation model formal specification and representation are researched. According to the view of system-of-systems combat simulation,...To makesystem-of-systems combat simulation models easy to be developed and reused, simulation model formal specification and representation are researched. According to the view of system-of-systems combat simulation, and based on DEVS, the simulation model's fundamental formalisms are explored. It includes entity model, system-of-systems model and experiment model. It also presents rigorous formal specification. XML data exchange standard is combined to design the XML based language, SCSL, to support simulation model representation. The corresponding relationship between SCSL and simulation model formalism is discussed and the syntax and semantics of elements in SCSL are detailed. Based on simulation model formal specification, the abstract simulation algorithm is given and SCSL virtual machine, which is capable of automatically interpreting and executing simulation model represented by SCSL, is designed. Finally an application case is presented, which can show the validation of the theory and verification of SCSL.展开更多
Formal state space models of quantum control systems are deduced and a scheme to establish formal state space models via quantization could been obtained for quantum control systems is proposed. State evolution of qua...Formal state space models of quantum control systems are deduced and a scheme to establish formal state space models via quantization could been obtained for quantum control systems is proposed. State evolution of quantum control systems must accord with Schrdinger equations, so it is foremost to obtain Hamiltonian operators of systems. There are corresponding relations between operators of quantum systems and corresponding physical quantities of classical systems, such as momentum, energy and Hamiltonian, so Schrdinger equation models of corresponding quantum control systems via quantization could been obtained from classical control systems, and then establish formal state space models through the suitable transformation from Schrdinger equations for these quantum control systems. This method provides a new kind of path for modeling in quantum control.展开更多
A simple model of the phase-detection autofocus device based on the partially masked sensor pixels is described. The cross-correlation function of the half-images registered by the masked pixels is proposed as a focus...A simple model of the phase-detection autofocus device based on the partially masked sensor pixels is described. The cross-correlation function of the half-images registered by the masked pixels is proposed as a focus function. It is shown that—in such setting—focusing is equivalent to searching of the cross-correlation function maximum. Application of stochastic approximation algorithms to unimodal and non-unimodal focus functions is shortly discussed.展开更多
The formal modeling and verification of aircraft takeoff is a challenge because it is a complex safety-critical operation.The task of aircraft takeoff is distributed amongst various computer-based controllers,however,...The formal modeling and verification of aircraft takeoff is a challenge because it is a complex safety-critical operation.The task of aircraft takeoff is distributed amongst various computer-based controllers,however,with the growing malicious threats a secure communication between aircraft and controllers becomes highly important.This research serves as a starting point for integration of BB84 quantum protocol with petri nets for secure modeling and verification of takeoff procedure.The integrated model combines the BB84 quantum cryptographic protocol with powerful verification tool support offered by petri nets.To model certain important properties of BB84,a new variant of petri nets coined as Quantum Nets are proposed by defining their mathematical foundations and overall system dynamics,furthermore,some important system properties are also abstractly defined.The proposed QuantumNets are then applied for modeling of aircraft takeoff process by defining three quantum nets:namely aircraft,runway controller and gate controller.For authentication between quantum nets,the use of external places and transitions is demonstrated to describe the encryptiondecryption process of qubits stream.Finally,the developed takeoff quantum network is verified through simulation offered by colored petri-net(CPN)Tools.Moreover,reachability tree(RT)analysis is also performed to have greater confidence in feasibility and correctness of the proposed aircraft takeoff model through the Quantum Nets.展开更多
Model integration is an important section of the model management research area. The paper puts forward a formalization representation of model, and presents some concepts, such as the compound model re- lation, the c...Model integration is an important section of the model management research area. The paper puts forward a formalization representation of model, and presents some concepts, such as the compound model re- lation, the composite model and so on. Additionally, the existence of model integration is also analyzed in de- tail and several sufficient conditions are proved.展开更多
Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in ...Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.展开更多
The application of metamorphic testing(MT)on automatic program repair(APR-MT)is used to generate a patch without test oracles by examining whether the input metamorphic relation(MR)is satisfied or not.However,the deli...The application of metamorphic testing(MT)on automatic program repair(APR-MT)is used to generate a patch without test oracles by examining whether the input metamorphic relation(MR)is satisfied or not.However,the delivered patch is plausible since it may satisfy the input MR but violate other MRs.This inspires us to propose an improved approach to enhance the effectiveness of APR-MT with metamorphic relation group.Ourapproach involves three major steps.First,we formally define the repair process of APR-MT by building the model of automatic program repair and metamorphic testing separately.Then,we propose the advanced model of automatic program repair based on metamorphic relation group,named METARO^(3),which takes several MRs as input while only one MR is used in APR-MT.We additionally present two kinds of selection strategies to rank MRs in descending order of the fault detection capability,which helps shorten the repair time of finding a patch.To demonstrate the feasibility and procedure of our approach,an illustration example was conducted.The results show that METARO^(3) can improve the effectiveness of APR-MT significantly.展开更多
Existing university training curricular are usually presented using text and tables.Semantics and inter-relationships between courses are often implicit or even not defined.This paper tentatively presents a formal mod...Existing university training curricular are usually presented using text and tables.Semantics and inter-relationships between courses are often implicit or even not defined.This paper tentatively presents a formal model of the joint UB1-HIT international master curriculum.The courses of the two years are modelled using UML and the relationships between the two years are explicitly shown.Complementarities between years 1 and 2 are also identified and possible improvements are discussed.展开更多
There were mainly six types of formalization models found in the study for 95 city and county names in China’s Hunan province,namely,the environment in a place for the place,the wish of the nomenclator for the place,...There were mainly six types of formalization models found in the study for 95 city and county names in China’s Hunan province,namely,the environment in a place for the place,the wish of the nomenclator for the place,the relative position of a place for the place,the resident for the place,the legend for the place,and the function of a place for the place.In the six formalization models,environment in a place for the place was the most in number,forging 47 names.Besides,the wish of the nomenclator for the place and the relative position of a place for the place came the second,taking 20 names respectively.The cognitive operation participating in the formalization was primarily single metonymy with only a few complex metonymies.Metaphtonymy could be only noted in the model of the wish of the nomenclator for the place.It was notable that single metaphor was missing in the cognitive operations.展开更多
There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition ...There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented, and the role is assigned a logical location domain to specify the spatial boundary. Roles are activated based on the current physical position of the user which obtsined from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, con- strained SC-RBAC allows express various spatial separations of duty constraints, location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 in- variants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.展开更多
In order to provide integrity protection for the secure operating system to satisfy the structured protection class' requirements, a DTE technique based integrity protection formalization model is proposed after the ...In order to provide integrity protection for the secure operating system to satisfy the structured protection class' requirements, a DTE technique based integrity protection formalization model is proposed after the implications and structures of the integrity policy have been analyzed in detail. This model consists of some basic rules for configuring DTE and a state transition model, which are used to instruct how the domains and types are set, and how security invariants obtained from initial configuration are maintained in the process of system transition respectively. In this model, ten invariants are introduced, especially, some new invariants dealing with information flow are proposed, and their relations with corresponding invariants described in literatures are also discussed. The thirteen transition rules with well-formed atomicity are presented in a well-operational manner. The basic security theorems correspond to these invariants and transition rules are proved. The rationalities for proposing the invariants are further annotated via analyzing the differences between this model and ones described in literatures. At last but not least, future works are prospected, especially, it is pointed out that it is possible to use this model to analyze SE-Linux security.展开更多
Self-adaptive software(SAS)is gaining popularity as it can reconfigure itself in response to the dynamic changes in the operational context or itself.However,early modeling and formal analysis of SAS systems becomes i...Self-adaptive software(SAS)is gaining popularity as it can reconfigure itself in response to the dynamic changes in the operational context or itself.However,early modeling and formal analysis of SAS systems becomes increasingly difficult,as the system scale and complexity is rapidly increasing.To tackle the modeling difficulty of SAS systems,we present a refinement-based modeling and verification approach called Easy Model.Easy Model integrates the intuitive Unified Modeling Language(UML)model with the stepwise refinement Event-B model.Concretely,EasyModel:1)creates a UML profile called AdaptML that provides an explicit description of SAS characteristics,2)proposes a refinement modeling mechanism for SAS systems that can deal with system modeling complexity,3)offers a model transformation approach and bridges the gap between the design model and the formal model of SAS systems,and 4)provides an efficient way to verify and guarantee the correct behaviour of SAS systems.To validate EasyModel,we present an example application and a subject-based experiment.The results demonstrate that EasyModel can effectively reduce the modeling and formal verification difficulty of SAS systems,and can incorporate the intuitive merit of UML and the correct-by-const ruction merit of Event-B.展开更多
Survivability should be considered beyond security for information system. To assess system survivability accurately, for improvement, a formal modeling and analysis method based on stochastic process algebra is propo...Survivability should be considered beyond security for information system. To assess system survivability accurately, for improvement, a formal modeling and analysis method based on stochastic process algebra is proposed in this article. By abstracting the interactive behaviors between intruders and information system, a transferring graph of system state oriented survivability is constructed. On that basis, parameters are defined and system behaviors are characterized precisely with performance evaluation process algebra (PEPA), simultaneously considering the influence of different attack modes. Ultimately the formal model for survivability is established and quantitative analysis results are obtained by PEPA Workbench tool. Simulation experiments show the effectiveness and feasibility of the developed method, and it can help to direct the designation of survivable system.展开更多
In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is very difficult because a process always changes as time ch...In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is very difficult because a process always changes as time changes. In this paper, based on the analysis on how the process privilege is generated and how it works, a hierarchy implementing the least privilege principle with three layers, i.e. administration layer, functionality control layer and performance layer, is posed. It is clearly demonstrated that to bound privilege's working scope is a critical part for controlling privilege, but this is only mentioned implicitly while not supported in POSIX capability mechanism. Based on analysis of existing control mechanism for privilege, not only an improved capability inheritance formula but also a new complete formal model for controlling process based on integrating RBAC, DTE, and POSIX capability mechanism is introduced. The new invariants in the model show that this novel privilege control mechanism is different from RBAC's, DTE's, and POSIX's, and it generalizes subdomain control mechanism and makes this mechanism dynamic.展开更多
There were various conventional modeling techniques with varied semantics for system reliability assessment, such as fault trees(FT), Markov process(MP), and Petri nets. However, it is strenuous to construct and to ma...There were various conventional modeling techniques with varied semantics for system reliability assessment, such as fault trees(FT), Markov process(MP), and Petri nets. However, it is strenuous to construct and to maintain models utilizing these formalisms throughout the life cycle of system under development. This paper proposes a unified formal modeling language to build a general reliability model. The method eliminates the gap between the actual system and reliability model and shows details of the system clearly. Furthermore,the model could be transformed into FT and MP through specific rules defined by a formal language to assess system-level reliability.展开更多
The considerable and significant progress achieved in the design and development of new interaction devices between man and machine has enabled the emergence of various powerful and efficient input and/or output devic...The considerable and significant progress achieved in the design and development of new interaction devices between man and machine has enabled the emergence of various powerful and efficient input and/or output devices. Each of these new devices brings specific interaction modes. With the emergence of these devices, new interaction techniques and modes arise and new interaction capabilities are offered. New user interfaces need to be designed or former ones need to evolve. The design of so called plastic user interfaces contributes to handling such evolutions. The key requirement for the design of such a user interface is that the new obtained user interface shall be adapted to the application and have, at least, the same behavior as the previous (adapted) one. This paper proposes to address the problem of user interface evolution due to the introduction of new interaction devices and/or new interaction modes. More, precisely, we are interested by the study of the design process of a user interface resulting from the evolution of a former user interface due to the introduction of new devices and/or new interaction capabilities. We consider that interface behaviors are described by labelled transition systems and comparison between user interfaces is handled by an extended definition of the bi-simulation relationship to compare user interface behaviors when interaction modes are replaced by new ones.展开更多
This paper presents a high-throughput memory efficient decoder for low density parity check(LDPC)codes in the high-rate wireless personal area network application.The novel techniques which can apply to our selected L...This paper presents a high-throughput memory efficient decoder for low density parity check(LDPC)codes in the high-rate wireless personal area network application.The novel techniques which can apply to our selected LDPC code is proposed,including parallel blocked layered decoding architecture and simplification of the WiGig networks.State-of-the-art flexible LDPC decoders cannot simultaneously achieve the high throughput mandated by these standards and the low power needed for mobile applications.This work develops a flexible,fully pipelined architecture for the IEEE 802.11ad standard capable of achieving both goals.We use Real Time–Performance Evaluation Process Algebra(RT-PEPA)to evaluate a typical LDPC Decoder system’s performance.The approach is more convenient,flexible,and lower cost than the former simulation method which needs to develop special hardware and software tools.Moreover,we can easily analyze how changes in performance depend on changes in a particular mode by supplying ranges for parameter values.展开更多
Temporal colored Petri nets, an extension of temporal Petri nets, areintroduced in this paper. It can distinguish the personality of individuals (tokens), describeclearly the causal and temporal relationships between ...Temporal colored Petri nets, an extension of temporal Petri nets, areintroduced in this paper. It can distinguish the personality of individuals (tokens), describeclearly the causal and temporal relationships between events in concurrent systems, and representelegantly certain fundamental properties of concurrent systems, such as eventuality and fairness.The use of this method is illustrated with an example of modeling and formal verification of anonline stock trading system. The functional correctness of the modeled system is formally verifiedbased on the temporal colored Petri net model and temporal assertions. Also, some main properties ofthe system are analyzed. It has been demonstrated sufficiently that temporal colored Petri nets canverify efficiently some time-related properties of concurrent systems, and provide both the powerof dynamic representation graphically and the function of logical inference formally. Finally,future work is described.展开更多
We analyze the drawbacks of generally distributed time transition stochastic Petri nets(GDTT_SPN) in evaluating the performance of parallel systems,and propose a more general model,stochastic individual predicate/tran...We analyze the drawbacks of generally distributed time transition stochastic Petri nets(GDTT_SPN) in evaluating the performance of parallel systems,and propose a more general model,stochastic individual predicate/transition nets(SIPTN). SIPTN has higher modeling power and could provide more realistic models compared to GDTT_SPN,because in SIPTN the sojourn time distribution is determined not only by the transition,but also by the individuals. It is further proved that GDTT_SPN is a subset of SIPTN. As SIPTN introduces folding techniques from predicate/transition nets,SIPTN models have simpler and more intuitive graphic notations and accordingly higher usability,and thus are suitable for constructing simulation models for parallel systems.展开更多
文摘A self-adaptive resource provisioning on demand is a critical factor in cloud computing.The selection of accurate amount of resources at run time is not easy due to dynamic nature of requests.Therefore,a self-adaptive strategy of resources is required to deal with dynamic nature of requests based on run time change in workload.In this paper we proposed a Cloud-based Adaptive Resource Scheduling Strategy(CARSS)Framework that formally addresses these issues and is more expressive than traditional approaches.The decision making in CARSS is based on more than one factors.TheMAPE-K based framework determines the state of the resources based on their current utilization.Timed-Arc Petri Net(TAPN)is used to model system formally and behaviour is expressed in TCTL,while TAPAAL model checker verifies the underline properties of the system.
文摘To makesystem-of-systems combat simulation models easy to be developed and reused, simulation model formal specification and representation are researched. According to the view of system-of-systems combat simulation, and based on DEVS, the simulation model's fundamental formalisms are explored. It includes entity model, system-of-systems model and experiment model. It also presents rigorous formal specification. XML data exchange standard is combined to design the XML based language, SCSL, to support simulation model representation. The corresponding relationship between SCSL and simulation model formalism is discussed and the syntax and semantics of elements in SCSL are detailed. Based on simulation model formal specification, the abstract simulation algorithm is given and SCSL virtual machine, which is capable of automatically interpreting and executing simulation model represented by SCSL, is designed. Finally an application case is presented, which can show the validation of the theory and verification of SCSL.
文摘Formal state space models of quantum control systems are deduced and a scheme to establish formal state space models via quantization could been obtained for quantum control systems is proposed. State evolution of quantum control systems must accord with Schrdinger equations, so it is foremost to obtain Hamiltonian operators of systems. There are corresponding relations between operators of quantum systems and corresponding physical quantities of classical systems, such as momentum, energy and Hamiltonian, so Schrdinger equation models of corresponding quantum control systems via quantization could been obtained from classical control systems, and then establish formal state space models through the suitable transformation from Schrdinger equations for these quantum control systems. This method provides a new kind of path for modeling in quantum control.
基金supported by the NCN grant UMO-2011/01/B/ST7/00666.
文摘A simple model of the phase-detection autofocus device based on the partially masked sensor pixels is described. The cross-correlation function of the half-images registered by the masked pixels is proposed as a focus function. It is shown that—in such setting—focusing is equivalent to searching of the cross-correlation function maximum. Application of stochastic approximation algorithms to unimodal and non-unimodal focus functions is shortly discussed.
文摘The formal modeling and verification of aircraft takeoff is a challenge because it is a complex safety-critical operation.The task of aircraft takeoff is distributed amongst various computer-based controllers,however,with the growing malicious threats a secure communication between aircraft and controllers becomes highly important.This research serves as a starting point for integration of BB84 quantum protocol with petri nets for secure modeling and verification of takeoff procedure.The integrated model combines the BB84 quantum cryptographic protocol with powerful verification tool support offered by petri nets.To model certain important properties of BB84,a new variant of petri nets coined as Quantum Nets are proposed by defining their mathematical foundations and overall system dynamics,furthermore,some important system properties are also abstractly defined.The proposed QuantumNets are then applied for modeling of aircraft takeoff process by defining three quantum nets:namely aircraft,runway controller and gate controller.For authentication between quantum nets,the use of external places and transitions is demonstrated to describe the encryptiondecryption process of qubits stream.Finally,the developed takeoff quantum network is verified through simulation offered by colored petri-net(CPN)Tools.Moreover,reachability tree(RT)analysis is also performed to have greater confidence in feasibility and correctness of the proposed aircraft takeoff model through the Quantum Nets.
基金Supported by the National Natural Science Foundationof China (No.60474041).
文摘Model integration is an important section of the model management research area. The paper puts forward a formalization representation of model, and presents some concepts, such as the compound model re- lation, the composite model and so on. Additionally, the existence of model integration is also analyzed in de- tail and several sufficient conditions are proved.
基金This work is supported by National Natural Science Foundation of China under contract 60902008.
文摘Denial of Service Distributed Denial of Service (DOS) attack, especially (DDoS) attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange (IKE) easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol (JFK) is resistant against DoS attack for the server, respectively.
基金The work was supported by a grant from National Natural Science Foundation of China(No.61772423).
文摘The application of metamorphic testing(MT)on automatic program repair(APR-MT)is used to generate a patch without test oracles by examining whether the input metamorphic relation(MR)is satisfied or not.However,the delivered patch is plausible since it may satisfy the input MR but violate other MRs.This inspires us to propose an improved approach to enhance the effectiveness of APR-MT with metamorphic relation group.Ourapproach involves three major steps.First,we formally define the repair process of APR-MT by building the model of automatic program repair and metamorphic testing separately.Then,we propose the advanced model of automatic program repair based on metamorphic relation group,named METARO^(3),which takes several MRs as input while only one MR is used in APR-MT.We additionally present two kinds of selection strategies to rank MRs in descending order of the fault detection capability,which helps shorten the repair time of finding a patch.To demonstrate the feasibility and procedure of our approach,an illustration example was conducted.The results show that METARO^(3) can improve the effectiveness of APR-MT significantly.
文摘Existing university training curricular are usually presented using text and tables.Semantics and inter-relationships between courses are often implicit or even not defined.This paper tentatively presents a formal model of the joint UB1-HIT international master curriculum.The courses of the two years are modelled using UML and the relationships between the two years are explicitly shown.Complementarities between years 1 and 2 are also identified and possible improvements are discussed.
文摘There were mainly six types of formalization models found in the study for 95 city and county names in China’s Hunan province,namely,the environment in a place for the place,the wish of the nomenclator for the place,the relative position of a place for the place,the resident for the place,the legend for the place,and the function of a place for the place.In the six formalization models,environment in a place for the place was the most in number,forging 47 names.Besides,the wish of the nomenclator for the place and the relative position of a place for the place came the second,taking 20 names respectively.The cognitive operation participating in the formalization was primarily single metonymy with only a few complex metonymies.Metaphtonymy could be only noted in the model of the wish of the nomenclator for the place.It was notable that single metaphor was missing in the cognitive operations.
文摘There is an emerging recognition of the importance of utilizing contextual information in authorization decisions. Controlling access to resources in the field of wireless and mobile networking require the definition of a formal model for access control with supporting spatial context. However, traditional RBAC model does not specify these spatial requirements. In this paper, we extend the existing RBAC model and propose the SC-RBAC model that utilizes spatial and location-based information in security policy definitions. The concept of spatial role is presented, and the role is assigned a logical location domain to specify the spatial boundary. Roles are activated based on the current physical position of the user which obtsined from a specific mobile terminal. We then extend SC-RBAC to deal with hierarchies, modeling permission, user and activation inheritance, and prove that the hierarchical spatial roles are capable of constructing a lattice which is a means for articulate multi-level security policy and more suitable to control the information flow security for safety-critical location-aware information systems. Next, con- strained SC-RBAC allows express various spatial separations of duty constraints, location-based cardinality and temporal constraints for specify fine-grained spatial semantics that are typical in location-aware systems. Finally, we introduce 9 in- variants for the constrained SC-RBAC and its basic security theorem is proven. The constrained SC-RBAC provides the foundation for applications in need of the constrained spatial context aware access control.
基金supported by the Beijing Natural Science Foundation(Grant No.4052016)the National Natural Science Foundation of China(Grant No.60573042)the National Grand Fundamental Research 973 Program of China(Grant No.G1999035802).
文摘In order to provide integrity protection for the secure operating system to satisfy the structured protection class' requirements, a DTE technique based integrity protection formalization model is proposed after the implications and structures of the integrity policy have been analyzed in detail. This model consists of some basic rules for configuring DTE and a state transition model, which are used to instruct how the domains and types are set, and how security invariants obtained from initial configuration are maintained in the process of system transition respectively. In this model, ten invariants are introduced, especially, some new invariants dealing with information flow are proposed, and their relations with corresponding invariants described in literatures are also discussed. The thirteen transition rules with well-formed atomicity are presented in a well-operational manner. The basic security theorems correspond to these invariants and transition rules are proved. The rationalities for proposing the invariants are further annotated via analyzing the differences between this model and ones described in literatures. At last but not least, future works are prospected, especially, it is pointed out that it is possible to use this model to analyze SE-Linux security.
基金supported by the National Key Research and Development Program of China under Grant No.2017YFC0704100.
文摘Self-adaptive software(SAS)is gaining popularity as it can reconfigure itself in response to the dynamic changes in the operational context or itself.However,early modeling and formal analysis of SAS systems becomes increasingly difficult,as the system scale and complexity is rapidly increasing.To tackle the modeling difficulty of SAS systems,we present a refinement-based modeling and verification approach called Easy Model.Easy Model integrates the intuitive Unified Modeling Language(UML)model with the stepwise refinement Event-B model.Concretely,EasyModel:1)creates a UML profile called AdaptML that provides an explicit description of SAS characteristics,2)proposes a refinement modeling mechanism for SAS systems that can deal with system modeling complexity,3)offers a model transformation approach and bridges the gap between the design model and the formal model of SAS systems,and 4)provides an efficient way to verify and guarantee the correct behaviour of SAS systems.To validate EasyModel,we present an example application and a subject-based experiment.The results demonstrate that EasyModel can effectively reduce the modeling and formal verification difficulty of SAS systems,and can incorporate the intuitive merit of UML and the correct-by-const ruction merit of Event-B.
基金the National Natural Science Foundation of China (90718003)the Hi-Tech Research and Development Program of China (2007AA01Z401)the Specialized Research Fund for the Doctoral Program of Higher Education (20050217007)
文摘Survivability should be considered beyond security for information system. To assess system survivability accurately, for improvement, a formal modeling and analysis method based on stochastic process algebra is proposed in this article. By abstracting the interactive behaviors between intruders and information system, a transferring graph of system state oriented survivability is constructed. On that basis, parameters are defined and system behaviors are characterized precisely with performance evaluation process algebra (PEPA), simultaneously considering the influence of different attack modes. Ultimately the formal model for survivability is established and quantitative analysis results are obtained by PEPA Workbench tool. Simulation experiments show the effectiveness and feasibility of the developed method, and it can help to direct the designation of survivable system.
基金supported by the National Key Basic Research Program of China(Grant No.G1999035802)the National Natural Science Foundation of China(Grant No.60083007)
文摘In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is very difficult because a process always changes as time changes. In this paper, based on the analysis on how the process privilege is generated and how it works, a hierarchy implementing the least privilege principle with three layers, i.e. administration layer, functionality control layer and performance layer, is posed. It is clearly demonstrated that to bound privilege's working scope is a critical part for controlling privilege, but this is only mentioned implicitly while not supported in POSIX capability mechanism. Based on analysis of existing control mechanism for privilege, not only an improved capability inheritance formula but also a new complete formal model for controlling process based on integrating RBAC, DTE, and POSIX capability mechanism is introduced. The new invariants in the model show that this novel privilege control mechanism is different from RBAC's, DTE's, and POSIX's, and it generalizes subdomain control mechanism and makes this mechanism dynamic.
文摘There were various conventional modeling techniques with varied semantics for system reliability assessment, such as fault trees(FT), Markov process(MP), and Petri nets. However, it is strenuous to construct and to maintain models utilizing these formalisms throughout the life cycle of system under development. This paper proposes a unified formal modeling language to build a general reliability model. The method eliminates the gap between the actual system and reliability model and shows details of the system clearly. Furthermore,the model could be transformed into FT and MP through specific rules defined by a formal language to assess system-level reliability.
文摘The considerable and significant progress achieved in the design and development of new interaction devices between man and machine has enabled the emergence of various powerful and efficient input and/or output devices. Each of these new devices brings specific interaction modes. With the emergence of these devices, new interaction techniques and modes arise and new interaction capabilities are offered. New user interfaces need to be designed or former ones need to evolve. The design of so called plastic user interfaces contributes to handling such evolutions. The key requirement for the design of such a user interface is that the new obtained user interface shall be adapted to the application and have, at least, the same behavior as the previous (adapted) one. This paper proposes to address the problem of user interface evolution due to the introduction of new interaction devices and/or new interaction modes. More, precisely, we are interested by the study of the design process of a user interface resulting from the evolution of a former user interface due to the introduction of new devices and/or new interaction capabilities. We consider that interface behaviors are described by labelled transition systems and comparison between user interfaces is handled by an extended definition of the bi-simulation relationship to compare user interface behaviors when interaction modes are replaced by new ones.
文摘This paper presents a high-throughput memory efficient decoder for low density parity check(LDPC)codes in the high-rate wireless personal area network application.The novel techniques which can apply to our selected LDPC code is proposed,including parallel blocked layered decoding architecture and simplification of the WiGig networks.State-of-the-art flexible LDPC decoders cannot simultaneously achieve the high throughput mandated by these standards and the low power needed for mobile applications.This work develops a flexible,fully pipelined architecture for the IEEE 802.11ad standard capable of achieving both goals.We use Real Time–Performance Evaluation Process Algebra(RT-PEPA)to evaluate a typical LDPC Decoder system’s performance.The approach is more convenient,flexible,and lower cost than the former simulation method which needs to develop special hardware and software tools.Moreover,we can easily analyze how changes in performance depend on changes in a particular mode by supplying ranges for parameter values.
文摘Temporal colored Petri nets, an extension of temporal Petri nets, areintroduced in this paper. It can distinguish the personality of individuals (tokens), describeclearly the causal and temporal relationships between events in concurrent systems, and representelegantly certain fundamental properties of concurrent systems, such as eventuality and fairness.The use of this method is illustrated with an example of modeling and formal verification of anonline stock trading system. The functional correctness of the modeled system is formally verifiedbased on the temporal colored Petri net model and temporal assertions. Also, some main properties ofthe system are analyzed. It has been demonstrated sufficiently that temporal colored Petri nets canverify efficiently some time-related properties of concurrent systems, and provide both the powerof dynamic representation graphically and the function of logical inference formally. Finally,future work is described.
基金supported by the National Natural Science Foundation of China (No. 60576027)the Hi-Tech Research and Development Program (863) of China (No. 2006AA01Z415)
文摘We analyze the drawbacks of generally distributed time transition stochastic Petri nets(GDTT_SPN) in evaluating the performance of parallel systems,and propose a more general model,stochastic individual predicate/transition nets(SIPTN). SIPTN has higher modeling power and could provide more realistic models compared to GDTT_SPN,because in SIPTN the sojourn time distribution is determined not only by the transition,but also by the individuals. It is further proved that GDTT_SPN is a subset of SIPTN. As SIPTN introduces folding techniques from predicate/transition nets,SIPTN models have simpler and more intuitive graphic notations and accordingly higher usability,and thus are suitable for constructing simulation models for parallel systems.