Paper | |
---|---|
edit | |
description | |
id | Vol-3170/poster1 |
wikidataid | Q117351476→Q117351476 |
title | Adaptative Systems Based on Continuous Observation of Petri Net Product Lines |
pdfUrl | https://ceur-ws.org/Vol-3170/poster1.pdf |
dblpUrl | https://dblp.org/rec/conf/apn/Gomez-MartinezR22 |
volume | Vol-3170→Vol-3170 |
session | → |
Paper | |
---|---|
edit | |
description | |
id | Vol-3170/poster1 |
wikidataid | Q117351476→Q117351476 |
title | Adaptative Systems Based on Continuous Observation of Petri Net Product Lines |
pdfUrl | https://ceur-ws.org/Vol-3170/poster1.pdf |
dblpUrl | https://dblp.org/rec/conf/apn/Gomez-MartinezR22 |
volume | Vol-3170→Vol-3170 |
session | → |
Adaptative Systems Based on Continuous Observation of Petri Net Product Lines Elena Gómez-Martínez1 , José Ignacio Requeno2 1 Universidad Autónoma de Madrid, C/Francisco Tomás y Valiente, 11, Madrid, 28049, Spain 2 Universidad Complutense de Madrid, C/Prof. José García Santesmases, 9, Madrid, 28040, Spain Abstract Traditionally, critical systems have been deployed in isolation, that is, in closed environments where the access control was easily managed. However, the increasing complexity and connectivity of these systems make them vulnerable to cy- berattacks, malfunctioning or any kind of uncontrolled events. In this work, we propose a framework that is capable of automatically adapt its configuration for addressing the challenges of an environmental change. To this end, we model the critical system as a Petri net which is enriched with product lines that implement actions for different scenarios. The ex- ecution traces are then continuously monitored and provide information to the control logic responsible for achieving the critical system goals by means of the product lines. Keywords Petri net, Product line, Runtime verification 1. Introduction Traditionally, critical systems have been deployed in iso- lation, that is, in closed environments where the access control was easily managed. Recently reports indicate that these systems are vulnerable to cyberattacks as well [1]. Security flaws may directly impact safety in critical systems. Current approaches and tools concerning secu- rity do not ensure their adequacy to industrial standards for safety level. 2. Background We combine the following concepts for our approach: 1) Petri nets as formal model, 2) Product Lines for designing, and 3) Runtime verification for system monitoring. A Petri net will model the critical system, where each Figure 1: Titan framework product line implements a specific configuration. De- pending on the Key Performance Indicators (KPI) defined by the customer and the measurements the monitor ex- tracts by simulation of the formal model, our new frame- • A framework for modelling product lines with work checks if the critical system will manage to achieve Petri nets, using an eclipse plug-in, called Titan the user requirements by switching on/off the product [2]. lines on runtime. • A framework for abstracting data and datatypes We are basing our approach on the following previous as colours and hierarchies in Coloured Petri Nets works: [3, 4]. • A transformation of product Lines with Petri nets into Coloured Petri Nets [5]. PNSE’22: International Workshop on Petri Nets and Software • A language for the specification and runtime ver- Engineering, June 21, 2022, Bergen, NO ification of systems [6]. " mariaelena.gomez@uam.es (E. Gómez-Martínez); jrequeno@ucm.es (J. I. Requeno) � 0000-0002-7753-3345 (E. Gómez-Martínez); 0000-0001-5111-8357 (J. I. Requeno) © 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings http://ceur-ws.org ISSN 1613-0073 CEUR Workshop Proceedings (CEUR-WS.org) � safety and security requirements and system char- acteristics in a single picture. • automatically adapt the system configuration based on the simulation reports. Acknowledgments This work was supported by the Spanish Ministry of Science and Innovation under projects FAME (RTI2018- 093608-B-C31), MASSIVE (RTI2018-095255-B-I00) and the Comunidad de Madrid under project FORTE-CM (S2018/TCS-4314) co-funded by EIE Funds of the Euro- pean Union. Figure 2: Titan References [1] T. Telford, Cyber attacks on rail network, Computing Security . 3. Approach [2] E. Gómez-Martínez, J. de Lara, E. Guerra, Extensible Structural Analysis of Petri Net Product Lines, Trans. In contrast to [2], our new approach includes a Trans- Petri Nets Other Model. Concurr. 15 (2021) 27–49. formation phase, which maps product lines to colours in [3] M. Westergaard, L. M. Kristensen, The Access/CPN Coloured Petri Nets [3]. Framework: A Tool for Interacting with the CPN Then, the Simulation phase runs the model, which now Tools Simulator, in: G. Franceschinis, K. Wolf (Eds.), supports all the features that the Access/CPN engine Applications and Theory of Petri Nets, 30th Interna- provides such as timed information. tional Conference, PETRI NETS 2009, Paris, France, The Monitoring phase, aimed at detecting concurrence June 22-26, 2009. Proceedings, vol. 5606 of Lecture and performance issues, analyses the simulation traces Notes in Computer Science, Springer, 313–322, 2009. via TeSSLa [6] in order to report performance and con- [4] K. Jensen, L. M. Kristensen, L. Wells, Coloured Petri currence reports. Nets and CPN Tools for modelling and validation During the Assessment phase, the framework will au- of concurrent systems, Int. J. Softw. Tools Technol. tomatically turn on/off specific product lines in order to Transf. 9 (3-4) (2007) 213–254. achieve the target KPI. [5] E. Gómez-Martínez, J. de Lara, E. Guerra, Analysing Product Lines of Concurrent Systems with Coloured Petri Nets, in: Accepted in the 34th International 4. Ongoing work Conference on Software Engineering and Knowledge Engineering, 2022. We are currently working on two directions. Firstly, we [6] M. Leucker, C. Sánchez, T. Scheffel, M. Schmitz, are extending the PNPL modelling framework capabilities A. Schramm, TeSSLa: runtime verification of non- to support additional features such as timed information. synchronized real-time streams, in: H. M. Haddad, Secondly, we explore how to automatically (de)activate R. L. Wainwright, R. Chbeir (Eds.), Proceedings of product lines based on the monitoring of Key Perfor- the 33rd Annual ACM Symposium on Applied Com- mance Indicators (KPI). In particular, we are connecting puting, SAC 2018, Pau, France, April 09-13, 2018, Titan with 1) AccessCPN, the kernel of CPNTools, for ACM, 1925–1933, 2018. simulation purposes; and 2) TeSSLa, a runtime monitor- ing engine, for providing information to the control logic responsible for managing the product lines. 5. Conclusions In this work in process, our aim is to: • augment our framework for enabling software engineers to express and monitor performance, �
Adaptative Systems Based on Continuous Observation of Petri Net Product Lines Elena Gómez-Martínez1 , José Ignacio Requeno2 1 Universidad Autónoma de Madrid, C/Francisco Tomás y Valiente, 11, Madrid, 28049, Spain 2 Universidad Complutense de Madrid, C/Prof. José García Santesmases, 9, Madrid, 28040, Spain Abstract Traditionally, critical systems have been deployed in isolation, that is, in closed environments where the access control was easily managed. However, the increasing complexity and connectivity of these systems make them vulnerable to cy- berattacks, malfunctioning or any kind of uncontrolled events. In this work, we propose a framework that is capable of automatically adapt its configuration for addressing the challenges of an environmental change. To this end, we model the critical system as a Petri net which is enriched with product lines that implement actions for different scenarios. The ex- ecution traces are then continuously monitored and provide information to the control logic responsible for achieving the critical system goals by means of the product lines. Keywords Petri net, Product line, Runtime verification 1. Introduction Traditionally, critical systems have been deployed in iso- lation, that is, in closed environments where the access control was easily managed. Recently reports indicate that these systems are vulnerable to cyberattacks as well [1]. Security flaws may directly impact safety in critical systems. Current approaches and tools concerning secu- rity do not ensure their adequacy to industrial standards for safety level. 2. Background We combine the following concepts for our approach: 1) Petri nets as formal model, 2) Product Lines for designing, and 3) Runtime verification for system monitoring. A Petri net will model the critical system, where each Figure 1: Titan framework product line implements a specific configuration. De- pending on the Key Performance Indicators (KPI) defined by the customer and the measurements the monitor ex- tracts by simulation of the formal model, our new frame- • A framework for modelling product lines with work checks if the critical system will manage to achieve Petri nets, using an eclipse plug-in, called Titan the user requirements by switching on/off the product [2]. lines on runtime. • A framework for abstracting data and datatypes We are basing our approach on the following previous as colours and hierarchies in Coloured Petri Nets works: [3, 4]. • A transformation of product Lines with Petri nets into Coloured Petri Nets [5]. PNSE’22: International Workshop on Petri Nets and Software • A language for the specification and runtime ver- Engineering, June 21, 2022, Bergen, NO ification of systems [6]. " mariaelena.gomez@uam.es (E. Gómez-Martínez); jrequeno@ucm.es (J. I. Requeno) � 0000-0002-7753-3345 (E. Gómez-Martínez); 0000-0001-5111-8357 (J. I. Requeno) © 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings http://ceur-ws.org ISSN 1613-0073 CEUR Workshop Proceedings (CEUR-WS.org) � safety and security requirements and system char- acteristics in a single picture. • automatically adapt the system configuration based on the simulation reports. Acknowledgments This work was supported by the Spanish Ministry of Science and Innovation under projects FAME (RTI2018- 093608-B-C31), MASSIVE (RTI2018-095255-B-I00) and the Comunidad de Madrid under project FORTE-CM (S2018/TCS-4314) co-funded by EIE Funds of the Euro- pean Union. Figure 2: Titan References [1] T. Telford, Cyber attacks on rail network, Computing Security . 3. Approach [2] E. Gómez-Martínez, J. de Lara, E. Guerra, Extensible Structural Analysis of Petri Net Product Lines, Trans. In contrast to [2], our new approach includes a Trans- Petri Nets Other Model. Concurr. 15 (2021) 27–49. formation phase, which maps product lines to colours in [3] M. Westergaard, L. M. Kristensen, The Access/CPN Coloured Petri Nets [3]. Framework: A Tool for Interacting with the CPN Then, the Simulation phase runs the model, which now Tools Simulator, in: G. Franceschinis, K. Wolf (Eds.), supports all the features that the Access/CPN engine Applications and Theory of Petri Nets, 30th Interna- provides such as timed information. tional Conference, PETRI NETS 2009, Paris, France, The Monitoring phase, aimed at detecting concurrence June 22-26, 2009. Proceedings, vol. 5606 of Lecture and performance issues, analyses the simulation traces Notes in Computer Science, Springer, 313–322, 2009. via TeSSLa [6] in order to report performance and con- [4] K. Jensen, L. M. Kristensen, L. Wells, Coloured Petri currence reports. Nets and CPN Tools for modelling and validation During the Assessment phase, the framework will au- of concurrent systems, Int. J. Softw. Tools Technol. tomatically turn on/off specific product lines in order to Transf. 9 (3-4) (2007) 213–254. achieve the target KPI. [5] E. Gómez-Martínez, J. de Lara, E. Guerra, Analysing Product Lines of Concurrent Systems with Coloured Petri Nets, in: Accepted in the 34th International 4. Ongoing work Conference on Software Engineering and Knowledge Engineering, 2022. We are currently working on two directions. Firstly, we [6] M. Leucker, C. Sánchez, T. Scheffel, M. Schmitz, are extending the PNPL modelling framework capabilities A. Schramm, TeSSLa: runtime verification of non- to support additional features such as timed information. synchronized real-time streams, in: H. M. Haddad, Secondly, we explore how to automatically (de)activate R. L. Wainwright, R. Chbeir (Eds.), Proceedings of product lines based on the monitoring of Key Perfor- the 33rd Annual ACM Symposium on Applied Com- mance Indicators (KPI). In particular, we are connecting puting, SAC 2018, Pau, France, April 09-13, 2018, Titan with 1) AccessCPN, the kernel of CPNTools, for ACM, 1925–1933, 2018. simulation purposes; and 2) TeSSLa, a runtime monitor- ing engine, for providing information to the control logic responsible for managing the product lines. 5. Conclusions In this work in process, our aim is to: • augment our framework for enabling software engineers to express and monitor performance, �