Transcript Practical Experiences in Model

Towards a (De-)Compositional
Strategy for SAML
Michael Lipaczewski
Otto-von-Guericke Universität Magdeburg
SAML
Security Assertion Markup Language
System Analysis Modeling Language
Michael Lipaczewski
SAML
• Intermediate Language for traditional and
probabilistic analysis of formal models
Michael Lipaczewski
What is SAML?
constant double myProp0 := 0.1;
constant double myProp1 := 0.8;
constant double myProp2 := 0.1;
formula myForm := state = 0 & state2 < 3;
module mySys
state : [0..2] init 0;
state = 0 -> choice: (1: (state' = 0))
+ choice: (1: (state' = 1));
state = 1 -> choice: (myProp0: (state' = 0)
+ myProp1: (state' = 1)
+ myProp2: (state'= 2));
state = 2 -> choice: (1: (state' = 1));
endmodule
Michael Lipaczewski
Case Study
control unit, contains:
sensor validator (SV),
redundant crash detectors (CD),
detection monitor (DM)
Airbag Model
Extended Model
time for model construction
0.703 seconds
7.72 seconds
states
528363
499456001
transitions
4527444
16590774822
choices
0
998912002
nodes
60705
345934
magnetic sensor (MagSen)
airbag
mechanic sensor (MechSen)
[Kloos/Hussain/Eschbach08]
Michael Lipaczewski
Ideas
Brute Force
Composition
Sparse Matrix
Michael Lipaczewski
Interfaces
Software
Michael Lipaczewski
Interfaces
Mech.
Sensor
?
Mag.
Sensor
?
Software
Michael Lipaczewski
?
Airbag
Error Merging
• Especially in SAML: model is divided into functional behavior
and failure pattern
•
•
Functional behavior: n states
Failure pattern: k states
• functional behavior already includes failure behavior
•
 include failure pattern into functional behavior
•
 will save k-1 states
Error_DetA
Error_MagSensor
Error_Airbag
Error_Val
Error_Monitor
Error_MechSensor
Error_DetA
Michael Lipaczewski
Conclusion
• Target: making large models quantitative
checkable
• Problems:
• Approximation necessary
• Functional behavior is lost
• Next Steps:
• How big is the approximation error?
• How big is the impact of local used states to the
computational complexity?
Michael Lipaczewski
Thanks for your attention
Questions?
Michael Lipaczewski