Vol-3170/poster1


Wolfgang Fahl

Paper

Paper
edit
description  
id  Vol-3170/poster1
wikidataid  Q117351476→Q117351476
title  Adaptative Systems Based on Continuous Observation of Petri Net Product Lines
pdfUrl  https://ceur-ws.org/Vol-3170/poster1.pdf
dblpUrl  https://dblp.org/rec/conf/apn/Gomez-MartinezR22
volume  Vol-3170→Vol-3170
session  →

Paper[edit]

Paper
edit
description  
id  Vol-3170/poster1
wikidataid  Q117351476→Q117351476
title  Adaptative Systems Based on Continuous Observation of Petri Net Product Lines
pdfUrl  https://ceur-ws.org/Vol-3170/poster1.pdf
dblpUrl  https://dblp.org/rec/conf/apn/Gomez-MartinezR22
volume  Vol-3170→Vol-3170
session  →

Adaptative Systems Based on Continuous Observation of Petri Net Product Lines[edit]

load PDF

Adaptative Systems Based on Continuous Observation of
Petri Net Product Lines
Elena Gómez-Martínez1 , José Ignacio Requeno2
1
    Universidad Autónoma de Madrid, C/Francisco Tomás y Valiente, 11, Madrid, 28049, Spain
2
    Universidad Complutense de Madrid, C/Prof. José García Santesmases, 9, Madrid, 28040, Spain


                                             Abstract
                                             Traditionally, critical systems have been deployed in isolation, that is, in closed environments where the access control
                                             was easily managed. However, the increasing complexity and connectivity of these systems make them vulnerable to cy-
                                             berattacks, malfunctioning or any kind of uncontrolled events. In this work, we propose a framework that is capable of
                                             automatically adapt its configuration for addressing the challenges of an environmental change. To this end, we model the
                                             critical system as a Petri net which is enriched with product lines that implement actions for different scenarios. The ex-
                                             ecution traces are then continuously monitored and provide information to the control logic responsible for achieving the
                                             critical system goals by means of the product lines.

                                             Keywords
                                             Petri net, Product line, Runtime verification



1. Introduction
Traditionally, critical systems have been deployed in iso-
lation, that is, in closed environments where the access
control was easily managed. Recently reports indicate
that these systems are vulnerable to cyberattacks as well
[1]. Security flaws may directly impact safety in critical
systems. Current approaches and tools concerning secu-
rity do not ensure their adequacy to industrial standards
for safety level.


2. Background
We combine the following concepts for our approach: 1)
Petri nets as formal model, 2) Product Lines for designing,
and 3) Runtime verification for system monitoring.
   A Petri net will model the critical system, where each Figure 1: Titan framework
product line implements a specific configuration. De-
pending on the Key Performance Indicators (KPI) defined
by the customer and the measurements the monitor ex-
tracts by simulation of the formal model, our new frame-       • A framework for modelling product lines with
work checks if the critical system will manage to achieve        Petri nets, using an eclipse plug-in, called Titan
the user requirements by switching on/off the product            [2].
lines on runtime.                                              • A framework for abstracting data and datatypes
   We are basing our approach on the following previous          as colours and hierarchies in Coloured Petri Nets
works:                                                           [3, 4].
                                                               • A transformation of product Lines with Petri nets
                                                                 into Coloured Petri Nets [5].
PNSE’22: International Workshop on Petri Nets and Software     • A language for the specification and runtime ver-
Engineering, June 21, 2022, Bergen, NO
                                                                 ification of systems [6].
" mariaelena.gomez@uam.es (E. Gómez-Martínez);
jrequeno@ucm.es (J. I. Requeno)
� 0000-0002-7753-3345 (E. Gómez-Martínez);
0000-0001-5111-8357 (J. I. Requeno)
                                       © 2022 Copyright for this paper by its authors. Use permitted under Creative
                                       Commons License Attribution 4.0 International (CC BY 4.0).
    CEUR
    Workshop
    Proceedings
                  http://ceur-ws.org
                  ISSN 1613-0073       CEUR Workshop Proceedings (CEUR-WS.org)
�                                                                    safety and security requirements and system char-
                                                                    acteristics in a single picture.
                                                                  • automatically adapt the system configuration
                                                                    based on the simulation reports.


                                                             Acknowledgments
                                                             This work was supported by the Spanish Ministry of
                                                             Science and Innovation under projects FAME (RTI2018-
                                                             093608-B-C31), MASSIVE (RTI2018-095255-B-I00) and
                                                             the Comunidad de Madrid under project FORTE-CM
                                                             (S2018/TCS-4314) co-funded by EIE Funds of the Euro-
                                                             pean Union.


Figure 2: Titan
                                                             References
                                                             [1] T. Telford, Cyber attacks on rail network, Computing
                                                                 Security .
3. Approach                                                  [2] E. Gómez-Martínez, J. de Lara, E. Guerra, Extensible
                                                                 Structural Analysis of Petri Net Product Lines, Trans.
In contrast to [2], our new approach includes a Trans-           Petri Nets Other Model. Concurr. 15 (2021) 27–49.
formation phase, which maps product lines to colours in      [3] M. Westergaard, L. M. Kristensen, The Access/CPN
Coloured Petri Nets [3].                                         Framework: A Tool for Interacting with the CPN
   Then, the Simulation phase runs the model, which now          Tools Simulator, in: G. Franceschinis, K. Wolf (Eds.),
supports all the features that the Access/CPN engine             Applications and Theory of Petri Nets, 30th Interna-
provides such as timed information.                              tional Conference, PETRI NETS 2009, Paris, France,
   The Monitoring phase, aimed at detecting concurrence          June 22-26, 2009. Proceedings, vol. 5606 of Lecture
and performance issues, analyses the simulation traces           Notes in Computer Science, Springer, 313–322, 2009.
via TeSSLa [6] in order to report performance and con-       [4] K. Jensen, L. M. Kristensen, L. Wells, Coloured Petri
currence reports.                                                Nets and CPN Tools for modelling and validation
   During the Assessment phase, the framework will au-           of concurrent systems, Int. J. Softw. Tools Technol.
tomatically turn on/off specific product lines in order to       Transf. 9 (3-4) (2007) 213–254.
achieve the target KPI.                                      [5] E. Gómez-Martínez, J. de Lara, E. Guerra, Analysing
                                                                 Product Lines of Concurrent Systems with Coloured
                                                                 Petri Nets, in: Accepted in the 34th International
4. Ongoing work                                                  Conference on Software Engineering and Knowledge
                                                                 Engineering, 2022.
We are currently working on two directions. Firstly, we
                                                             [6] M. Leucker, C. Sánchez, T. Scheffel, M. Schmitz,
are extending the PNPL modelling framework capabilities
                                                                 A. Schramm, TeSSLa: runtime verification of non-
to support additional features such as timed information.
                                                                 synchronized real-time streams, in: H. M. Haddad,
Secondly, we explore how to automatically (de)activate
                                                                 R. L. Wainwright, R. Chbeir (Eds.), Proceedings of
product lines based on the monitoring of Key Perfor-
                                                                 the 33rd Annual ACM Symposium on Applied Com-
mance Indicators (KPI). In particular, we are connecting
                                                                 puting, SAC 2018, Pau, France, April 09-13, 2018,
Titan with 1) AccessCPN, the kernel of CPNTools, for
                                                                 ACM, 1925–1933, 2018.
simulation purposes; and 2) TeSSLa, a runtime monitor-
ing engine, for providing information to the control logic
responsible for managing the product lines.


5. Conclusions
In this work in process, our aim is to:

     • augment our framework for enabling software
       engineers to express and monitor performance,
�

Adaptative Systems Based on Continuous Observation of Petri Net Product Lines[edit]

load PDF

Adaptative Systems Based on Continuous Observation of
Petri Net Product Lines
Elena Gómez-Martínez1 , José Ignacio Requeno2
1
    Universidad Autónoma de Madrid, C/Francisco Tomás y Valiente, 11, Madrid, 28049, Spain
2
    Universidad Complutense de Madrid, C/Prof. José García Santesmases, 9, Madrid, 28040, Spain


                                             Abstract
                                             Traditionally, critical systems have been deployed in isolation, that is, in closed environments where the access control
                                             was easily managed. However, the increasing complexity and connectivity of these systems make them vulnerable to cy-
                                             berattacks, malfunctioning or any kind of uncontrolled events. In this work, we propose a framework that is capable of
                                             automatically adapt its configuration for addressing the challenges of an environmental change. To this end, we model the
                                             critical system as a Petri net which is enriched with product lines that implement actions for different scenarios. The ex-
                                             ecution traces are then continuously monitored and provide information to the control logic responsible for achieving the
                                             critical system goals by means of the product lines.

                                             Keywords
                                             Petri net, Product line, Runtime verification



1. Introduction
Traditionally, critical systems have been deployed in iso-
lation, that is, in closed environments where the access
control was easily managed. Recently reports indicate
that these systems are vulnerable to cyberattacks as well
[1]. Security flaws may directly impact safety in critical
systems. Current approaches and tools concerning secu-
rity do not ensure their adequacy to industrial standards
for safety level.


2. Background
We combine the following concepts for our approach: 1)
Petri nets as formal model, 2) Product Lines for designing,
and 3) Runtime verification for system monitoring.
   A Petri net will model the critical system, where each Figure 1: Titan framework
product line implements a specific configuration. De-
pending on the Key Performance Indicators (KPI) defined
by the customer and the measurements the monitor ex-
tracts by simulation of the formal model, our new frame-       • A framework for modelling product lines with
work checks if the critical system will manage to achieve        Petri nets, using an eclipse plug-in, called Titan
the user requirements by switching on/off the product            [2].
lines on runtime.                                              • A framework for abstracting data and datatypes
   We are basing our approach on the following previous          as colours and hierarchies in Coloured Petri Nets
works:                                                           [3, 4].
                                                               • A transformation of product Lines with Petri nets
                                                                 into Coloured Petri Nets [5].
PNSE’22: International Workshop on Petri Nets and Software     • A language for the specification and runtime ver-
Engineering, June 21, 2022, Bergen, NO
                                                                 ification of systems [6].
" mariaelena.gomez@uam.es (E. Gómez-Martínez);
jrequeno@ucm.es (J. I. Requeno)
� 0000-0002-7753-3345 (E. Gómez-Martínez);
0000-0001-5111-8357 (J. I. Requeno)
                                       © 2022 Copyright for this paper by its authors. Use permitted under Creative
                                       Commons License Attribution 4.0 International (CC BY 4.0).
    CEUR
    Workshop
    Proceedings
                  http://ceur-ws.org
                  ISSN 1613-0073       CEUR Workshop Proceedings (CEUR-WS.org)
�                                                                    safety and security requirements and system char-
                                                                    acteristics in a single picture.
                                                                  • automatically adapt the system configuration
                                                                    based on the simulation reports.


                                                             Acknowledgments
                                                             This work was supported by the Spanish Ministry of
                                                             Science and Innovation under projects FAME (RTI2018-
                                                             093608-B-C31), MASSIVE (RTI2018-095255-B-I00) and
                                                             the Comunidad de Madrid under project FORTE-CM
                                                             (S2018/TCS-4314) co-funded by EIE Funds of the Euro-
                                                             pean Union.


Figure 2: Titan
                                                             References
                                                             [1] T. Telford, Cyber attacks on rail network, Computing
                                                                 Security .
3. Approach                                                  [2] E. Gómez-Martínez, J. de Lara, E. Guerra, Extensible
                                                                 Structural Analysis of Petri Net Product Lines, Trans.
In contrast to [2], our new approach includes a Trans-           Petri Nets Other Model. Concurr. 15 (2021) 27–49.
formation phase, which maps product lines to colours in      [3] M. Westergaard, L. M. Kristensen, The Access/CPN
Coloured Petri Nets [3].                                         Framework: A Tool for Interacting with the CPN
   Then, the Simulation phase runs the model, which now          Tools Simulator, in: G. Franceschinis, K. Wolf (Eds.),
supports all the features that the Access/CPN engine             Applications and Theory of Petri Nets, 30th Interna-
provides such as timed information.                              tional Conference, PETRI NETS 2009, Paris, France,
   The Monitoring phase, aimed at detecting concurrence          June 22-26, 2009. Proceedings, vol. 5606 of Lecture
and performance issues, analyses the simulation traces           Notes in Computer Science, Springer, 313–322, 2009.
via TeSSLa [6] in order to report performance and con-       [4] K. Jensen, L. M. Kristensen, L. Wells, Coloured Petri
currence reports.                                                Nets and CPN Tools for modelling and validation
   During the Assessment phase, the framework will au-           of concurrent systems, Int. J. Softw. Tools Technol.
tomatically turn on/off specific product lines in order to       Transf. 9 (3-4) (2007) 213–254.
achieve the target KPI.                                      [5] E. Gómez-Martínez, J. de Lara, E. Guerra, Analysing
                                                                 Product Lines of Concurrent Systems with Coloured
                                                                 Petri Nets, in: Accepted in the 34th International
4. Ongoing work                                                  Conference on Software Engineering and Knowledge
                                                                 Engineering, 2022.
We are currently working on two directions. Firstly, we
                                                             [6] M. Leucker, C. Sánchez, T. Scheffel, M. Schmitz,
are extending the PNPL modelling framework capabilities
                                                                 A. Schramm, TeSSLa: runtime verification of non-
to support additional features such as timed information.
                                                                 synchronized real-time streams, in: H. M. Haddad,
Secondly, we explore how to automatically (de)activate
                                                                 R. L. Wainwright, R. Chbeir (Eds.), Proceedings of
product lines based on the monitoring of Key Perfor-
                                                                 the 33rd Annual ACM Symposium on Applied Com-
mance Indicators (KPI). In particular, we are connecting
                                                                 puting, SAC 2018, Pau, France, April 09-13, 2018,
Titan with 1) AccessCPN, the kernel of CPNTools, for
                                                                 ACM, 1925–1933, 2018.
simulation purposes; and 2) TeSSLa, a runtime monitor-
ing engine, for providing information to the control logic
responsible for managing the product lines.


5. Conclusions
In this work in process, our aim is to:

     • augment our framework for enabling software
       engineers to express and monitor performance,
�
🖨 🚪