Automated Verification of Critical Systems. (AVOCS 2009) ... Abstract: In this paper, we study a pervasive message delivery system, called Scat- terbox, and ... Scatterbox's email handler connects to the user's email server as an IMAP client.
Electronic Communications of the EASST Volume ? (2009)
Proceedings of the Ninth International Workshop on Automated Verification of Critical Systems (AVOCS 2009)
Verification of a Message Delivery System using PRISM Savas Konur, Ahmed Al Zahrani, Michael Fisher 3 pages
Guest Editors: Markus Roggenbach Managing Editors: Tiziana Margaria, Julia Padberg, Gabriele Taentzer ECEASST Home Page: http://www.easst.org/eceasst/
ISSN 1863-2122
ECEASST
Verification of a Message Delivery System using PRISM ∗ Savas Konur, Ahmed Al Zahrani, Michael Fisher 1 1
Department of Computer Science, University of Liverpool, Liverpool L69 3BX
Abstract: In this paper, we study a pervasive message delivery system, called Scatterbox, and formally analyze its message forwarding component. Keywords: Pervasive systems, specification, verification,model checking
1. Introduction Pervasive computing spans mobile systems that have ability to sense their environment using sensors and other devices and respond the inputs accordingly. Pervasive systems are often mobile, autonomous, distributed and concurrent, and involve humans, agents and artifacts in the system together. The success of pervasive computing depends crucially on verifying interoperability requirements for the interaction between the devices and their environment. Due to its complex nature, formal specification and verification of these requirements is very difficult and a single formal framework usually will likely be insufficient for this purpose. In the project “Verifying Interoperability Requirements in Pervasive Systems”, we aim to bring together qualitative techniques, including deductive methods, model checking, and abstraction methods, with quantitative techniques, including probabilistic and performance analysis, in order to tackle the problem of verifying pervasive systems. In this paper, we study the specification and verification of a pervasive message delivery system, called Scatterbox [KSC+ 08]. As an initial step we only consider a simplified version of the message delivery component of the Scatterbox system. While the whole system is complex and a single formal framework is insufficient, the basic delivery properties of a simplified system are suitable to be investigated using the probabilistic model checking tool, PRISM.
2. Scatterbox: A Message Delivery System The Scatterbox system is summarised as follows [KSC+ 08]: “The Scatterbox system has been designed to serve as a test bed for context-aware computing in a pervasive computing environment. It provides a content-filtering service to its users by forwarding relevant messages to their mobile phone. The user’s context is derived by tracking his/her location and monitoring his/her daily schedule. This context data is analysed, and situations are identified that indicate the user’s level of interruptibility. As messages arrive, Scatterbox forwards them to subscribed users provided the user’s available context suggests they are in a situation where they may be interrupted. Scatterbox’s email handler connects to the user’s email server as an IMAP client. Throughout the day, it downloads all unread messages and extracts information from them that will be used by Scatterbox’s reasoning component to determine their importance. If Scatterbox decides to ∗
Work is part of an ongoing project on “Verifying Interoperability Requirements in Pervasive Systems”, funded by EPSRC (EP/F033567) and involving collaboration with the universities of Birmingham and Glasgow.
1/3
Volume ? (2009)
Verification of a Message Delivery System using PRISM 1
Figure 1: A simple model of the message forwarding component of the Scatterbox system.
forward a message to the user’s mobile device, the transmission is done through Bluetooth’s Push protocol, which allows a file to be transferred between devices. If a user’s Bluetooth device is in range of a Bluetooth-enabled node, a message can be routed to that node and pushed to the mobile device. When it arrives on the user’s handset, the user has the opportunity to accept or reject the message.”
3. Verifying Properties of the Scatterbox System Modeling the System. We model the message forwarding component as a transition system, in particular, as a discrete time Markov chain (DTMC). A DTMC consists of discrete states that represent the system configurations, and transitions associated by a discrete probability distribution on the target states [Kwi07]. A simplified model of the message forwarding component is shown in Figure 1. As can be seen, there is one transition system for the user movement, where the states are the actual user position, one transition system for the belief change, where the states are belief of the system on user position and one transition system for the message forwarding action. In this very simplified scenario, we assume that the one user has only three positions (position1, position2 and position3) and that the Scatterbox system has only three belief states regarding the position of the user (belief1, belief2 and belief3). Informally, the system forwards a message to a user position according to its belief. The belief of the system is jointly determined by the sensor information and calendar information of the user. But due to error on sensors, the system’s belief of the user position, and the actual user position may be different. The transition probabilities we use are just estimated probabilities, which currently do not rely on statistical results from the real Scatterbox system. Verifying the System using PRISM. We model the transition system of the message forwardProc. AVOCS 2009
2/3
ECEASST
ing component in PRISM [HKNP06]. PRISM is a probabilistic model checker, which provides support for analysis of DTMCs, MDPs and CTMCs. Models are described in the PRISM modelling language, based reactive modules (a state-based formalism), and properties are expressed in the logic PCTL [HJ94]. The system is implemented in the PRISM input language and some safety and liveness properties are specified in PCTL. As an example, consider the property denoting “what is the probability, from the initial state of the model, of a message eventually being accepted or rejected?”. This property is specified in PCTL as follows: P=?[F (s= 15 or s=16) ] where states 15 and 16 are the “accept” and “reject” states, respectively.
4. Concluding Remarks Our analysis has shown that PRISM can be used for the specification and verification of a simple version of the message forwarding component of the Scatterbox system. This tool might still be useful for more complex situations, such as considering user movement, transmission through SMS, etc. However, if we consider the whole system, including information access through sensors, security issues, e-mail classification etc., a single formalization tool will not be sufficient for the formal analysis of the system. Therefore, we will try to combine and synthesise different techniques to tackle the problem of verifying pervasive systems. The project aims to leverage the power of established techniques, notably: • model checking, particularly work on extensions such as parametrised model checking, infinite state model checking and probabilistic model checking; • use of both deductive and abstraction techniques, allowing larger problems to be tackled; • a variety of different formalisms, including logic, automata, and process calculi, thus allowing descriptions of interaction, communication and synchronisation to be given at varying levels. Although some of our effort will involve pushing each technique further, the majority of it will be on combinations of tools and techniques, i.e. bending and synthesising techniques such as [BDFF08] to make them give meaningful results in our case studies.
Bibliography [BDFF08] R. H. Bordini, L. A. Dennis, B. Farwer, M. Fisher. Automated Verification of Multi-Agent Programs. In Proc. 23rd IEEE/ACM Int. Conf. on ASE. Pp. 69–78. 2008. [HJ94]
H. Hansson, B. Jonsson. A Logic for Reasoning about Time and Reliability. Formal Aspects of Computing 6:102–111, 1994.
[HKNP06] A. Hinton, M. Kwiatkowska, G. Norman, D. Parker. PRISM: A Tool for Automatic Verification of Probabilistic Systems. In Proc. TACAS. LNCS 3920, pp. 441–444. Springer, 2006. [KSC+ 08] S. Knox, R. Shannon, L. Coyle, A. Clear, S. Dobson, A. Quigley, P. Nixon. Scatterbox: Context-Aware Message Management. Revue d’Intelligence Artificielle 22(5):549–568, 2008. [Kwi07]
3/3
M. Kwiatkowska. Quantitative Verification: Models, Techniques and Tools. In Proc. 6th joint meeting of ESEC and FSE. Pp. 449–458. ACM Press, September 2007.
Volume ? (2009)
