Results 1  10
of
48
Modelbased evaluation: From dependability to security
 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
, 2004
"... The development of techniques for quantitative, modelbased evaluation of computer system dependability has a long and rich history. A wide array of modelbased evaluation techniques are now available, ranging from combinatorial methods, which are useful for quick, roughcut analyses, to statebased ..."
Abstract

Cited by 56 (2 self)
 Add to MetaCart
The development of techniques for quantitative, modelbased evaluation of computer system dependability has a long and rich history. A wide array of modelbased evaluation techniques are now available, ranging from combinatorial methods, which are useful for quick, roughcut analyses, to statebased methods, such as Markov reward models, and detailed, discreteevent simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red teambased approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound modelbased methodology for quantifying the security one can expect from a particular design. In this work, we survey existing modelbased techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.
On combining functional verification and performance evaluation using CADP
 FME 2002: International Symposium of Formal Methods Europe, volume 2391 of LNCS
, 2002
"... Abstract. Considering functional correctness and performance evaluation in a common framework is desirable, both for scientific and economic reasons. In this paper, we describe how the Cadp toolbox, originally designed for verifying the functional correctness of Lotos specifications, can also be use ..."
Abstract

Cited by 30 (7 self)
 Add to MetaCart
Abstract. Considering functional correctness and performance evaluation in a common framework is desirable, both for scientific and economic reasons. In this paper, we describe how the Cadp toolbox, originally designed for verifying the functional correctness of Lotos specifications, can also be used for performance evaluation. We illustrate the proposed approach by the performance study of the Scsi2 bus arbitration protocol. 1
The Need for and the Advantages of Generalized Tensor Algebra for Kronecker Structured Representations
 International Journal of Simulation: Systems, Science & Technology
, 2004
"... Abstract. This paper presents the advantages in extending Classical Tensor Algebra (CTA), also known as Kronecker Algebra, to allow the definition of functions, i.e., functional dependencies among its operands. Such extended tensor algebra have been called Generalized Tensor Algebra (GTA). Stochasti ..."
Abstract

Cited by 24 (13 self)
 Add to MetaCart
Abstract. This paper presents the advantages in extending Classical Tensor Algebra (CTA), also known as Kronecker Algebra, to allow the definition of functions, i.e., functional dependencies among its operands. Such extended tensor algebra have been called Generalized Tensor Algebra (GTA). Stochastic Automata Networks (SAN) and Superposed Generalized Stochastic Petri Nets (SGSPN) formalisms use such Kronecker representations. The advantages of GTA do not imply in a reduction or augmentation of application scope, since there is a representation equivalence between SAN, which uses GTA, and SGSPN, which uses only CTA. Two modeling examples are presented in order to draw comparisons between the memory needs and CPU time required for the generation and solution using both formalisms, showing the computational advantages in using GTA. 1
Using the exact state space of a Markov model to compute approximate stationary measures
 Proc. 2000 ACM SIGMETRICS Conf. on Measurement and Modeling of Computer Systems
, 2000
"... We present a new approximation algorithm based on an exact representation of the state space S, using decision diagrams, and of the transition rate matrix R, using Kronecker algebra, for a Markov model with K submodels. Our algorithm builds and solves K Markov chains, each corresponding to a differe ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
We present a new approximation algorithm based on an exact representation of the state space S, using decision diagrams, and of the transition rate matrix R, using Kronecker algebra, for a Markov model with K submodels. Our algorithm builds and solves K Markov chains, each corresponding to a different aggregation of the exact process, guided by the structure of the decision diagram, and iterates on their solution until their entries are stable. We prove that exact results are obtained if the overall model has a productform solution. Advantages of our method include good accuracy, low memory requirements, fast execution times, and a high degree of automation, since the only additional information required to apply it is a partition of the model into the K submodels. As far as we know, this is the first time an approximation algorithm has been proposed where knowledge of the exact state space is explicitly used. 1.
Structural symbolic CTL model checking of asynchronous systems
 Computer Aided Verification (CAV’03), LNCS 2725
, 2003
"... Abstract. In previous work, we showed how structural information can be used to efficiently generate the statespace of asynchronous systems. Here, we apply these ideas to symbolic CTL model checking. Thanks to a Kronecker encoding of the transition relation, we detect and exploit event locality and ..."
Abstract

Cited by 16 (10 self)
 Add to MetaCart
Abstract. In previous work, we showed how structural information can be used to efficiently generate the statespace of asynchronous systems. Here, we apply these ideas to symbolic CTL model checking. Thanks to a Kronecker encoding of the transition relation, we detect and exploit event locality and apply better fixedpoint iteration strategies, resulting in ordersofmagnitude reductions for both execution times and memory consumption in comparison to wellestablished tools such as NuSMV. 1
Symbolic Statespace Exploration and Numerical Analysis of Statesharing Composed Models
 IN PROCEEDINGS OF NSMC ’03: THE FOURTH INTERNATIONAL CONFERENCE ON THE NUMERICAL SOLUTION OF MARKOV CHAINS
, 2004
"... The complexity of stochastic models of realworld systems is usually managed by abstracting details and structuring models in a hierarchical manner. Systems are often built by replicating and joining subsystems, making possible the creation of a model structure that yields lumpable state spaces. Thi ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
The complexity of stochastic models of realworld systems is usually managed by abstracting details and structuring models in a hierarchical manner. Systems are often built by replicating and joining subsystems, making possible the creation of a model structure that yields lumpable state spaces. This fact has been exploited to facilitate modelbased numerical analysis. Likewise, recent results on model construction suggest that decision diagrams can be used to compactly represent large Continuous Time Markov Chains (CTMCs). In this paper, we present an approach that combines and extends these two approaches. In particular, we propose methods that apply to hierarchically structured models with hierarchies based on sharing state variables. The hierarchy is constructed in a way that exposes structural symmetries in the constructed model, thus facilitating lumping. In addition, the methods allow one to derive a symbolic representation of the associated CTMC directly from the given model without the need to compute and store the overall state space or CTMC explicitly. The resulting representation of a generator matrix allows the analysis of large CTMCs in lumped form. The efficiency of the approach is demonstrated with the help of two example models.
A Structured PathBased Approach for Computing Transient Rewards of Large CTMCs
"... Structured (a.k.a. symbolic) representation techniques of Markov models have, to a large extent, been used effectively for representing very large transition matrices and their associated state spaces. However, their success means that the largest space requirement encountered when analyzing these m ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
Structured (a.k.a. symbolic) representation techniques of Markov models have, to a large extent, been used effectively for representing very large transition matrices and their associated state spaces. However, their success means that the largest space requirement encountered when analyzing these models is often the representation of their iteration and solution vectors. In this paper, we present a new approach for computing bounds on solutions of transient measures in large continuoustime Markov chains (CTMCs). The approach extends existing path and uniformizationbased methods by identifying sets of paths that are equivalent with respect to a reward measure and related to one another via a simple structural relationship. This relationship allows us to explore multiple paths at the same time, thus significantly increasing the number of paths that can be explored in a given amount of time. Furthermore, the use of a structured representation for the state space and the direct computation of the desired reward measure (without ever storing the solution vector) allow us to analyze very large models using a very small amount of storage. In addition to presenting the method itself, we illustrate its use to compute the reliability and the availability of a large distributed information service system in which faults may propagate across subsystems.
Distributed and structured analysis approaches to study large and complex systems
 Lectures on Formal Methods and Performance Analysis, LNCS 2090
, 2001
"... Abstract. Both the logic and the stochastic analysis of discretestate systems are hindered by the combinatorial growth of the state space underlying a highlevel model. In this work, we consider two orthogonal approaches to cope with this “statespace explosion”. Distributed algorithms that make us ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract. Both the logic and the stochastic analysis of discretestate systems are hindered by the combinatorial growth of the state space underlying a highlevel model. In this work, we consider two orthogonal approaches to cope with this “statespace explosion”. Distributed algorithms that make use of the processors and memory overall available on a network of N workstations can manage models with state spaces approximately N times larger than what is possible on a single workstation. A second approach, constituting a fundamental paradigm shift, is instead based on decision diagrams and related implicit data structures that efficiently encode the state space or the transition rate matrix of a model, provided that it has some structure to guide its decomposition; with these implicit methods, enormous sets can be managed efficiently, but the numerical solution of the stochastic model, if desired, is still a bottleneck, as it requires vectors of the size of the state space. 1
Split: a flexible and efficient algorithm to vectordescriptor product
 in ValueTools’07
"... Many Markovian stochastic structured modeling formalisms like Petri nets, automata networks and process algebra represent the infinitesimal generator of the underlying Markov chain as a descriptor instead of a traditional sparse matrix. A descriptor is a compact and structured storage based on a sum ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
Many Markovian stochastic structured modeling formalisms like Petri nets, automata networks and process algebra represent the infinitesimal generator of the underlying Markov chain as a descriptor instead of a traditional sparse matrix. A descriptor is a compact and structured storage based on a sum of tensor (Kronecker) products of small matrices that can be handled by many algorithms allowing affordable stationary and transient solutions even for very large Markovian models. One of the most efficient algorithms used to compute iterative solutions of descriptors is the Shuffle algorithm which is used to perform the multiplication by a probability vector. In this paper we propose an alternative algorithm called Split, since it offers a flexible solution between the pure sparse matrix approach and the Shuffle algorithm using a hybrid solution. The Split algorithm puts the Shuffle approach in perspective by presenting a faster execution time for many cases and at least the same efficiency for the worst cases. The Split algorithm is applied to solve two SAN models based on real problems showing the practical contribution of this paper.
On the benefits of using functional transitions and Kronecker algebra, Performance Evaluation 58 (4
, 2004
"... Much attention has been paid recently to the use of Kronecker or tensor product modelling techniques for evaluating the performance of parallel and distributed systems. While this approach facilitates the description of such systems and mimimizes memory requirements, it has suffered in the past from ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
Much attention has been paid recently to the use of Kronecker or tensor product modelling techniques for evaluating the performance of parallel and distributed systems. While this approach facilitates the description of such systems and mimimizes memory requirements, it has suffered in the past from the fact that computation times have been excessively long. In this paper we propose a suite of modelling strategems and numerical procedures that go a long way to alleviating this drawback. Of particular note, are the benefits obtained by using functional transitions that are implemented via a generalized tensor algebra. Examples are presented which illustrate the reduction in computation time as each suggested improvement is deployed.