Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of South Australia CPN’05 Oct-25-2005 1 Enhancing the CES Protocol and its Verification Lin Liu 1,2 and Jonathan Billington 2 1 School of Computer.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "University of South Australia CPN’05 Oct-25-2005 1 Enhancing the CES Protocol and its Verification Lin Liu 1,2 and Jonathan Billington 2 1 School of Computer."— Presentation transcript:

1 University of South Australia CPN’05 Oct-25-2005 1 Enhancing the CES Protocol and its Verification Lin Liu 1,2 and Jonathan Billington 2 1 School of Computer and Information Science 2 Computer Systems Engineering Centre University of South Australia Presented by Guy Edward Gallasch

2 University of South Australia CPN’05 Oct-25-2005 2 Background n The Capability Exchange Signalling (CES) protocol is a sub- protocol of H.245, “Control protocol for multimedia communication”, a recommendation developed by the International Telecommunication Union (ITU). n H.245 is included as one of the core standards of ITU recommendation H.323, ITU’s framework standard for multimedia over packet-based networks, including the Internet. n The original goal of the first author’s PhD thesis was to verify H.323 protocols, starting with the verification of the CES protocol. n Finally the aim of the PhD thesis has been revised to comprise: u verification of the functional correctness of CES protocol, and u investigation of a new approach to parametric verification of protocols over unbounded channels, using the CES protocol as an example. n This paper reports some of the results of the first part.

3 University of South Australia CPN’05 Oct-25-2005 3 Outline n An overview of the CES protocol n Verification of the CES protocol u Desired properties u The CES protocol CPN and the analysis result from previous work u Language analysis on the CES protocol n The revised CES protocol n Verification of the revised CES protocol u State space analysis u Language analysis n Conclusion and future work

4 University of South Australia CPN’05 Oct-25-2005 4 Outline n An overview of the CES protocol n Verification of the CES protocol u Desired properties u The CES protocol CPN and the analysis result from previous work u Language analysis on the CES protocol n The revised CES protocol n Verification of the revised CES protocol u State space analysis u Language analysis n Conclusion and future work CPN’01 paper This paper Contribution:

5 University of South Australia CPN’05 Oct-25-2005 5 The CES protocol The Capability Exchange Signalling (CES) protocol is used by a communication party to inform its peer of its multimedia receive and transmit capabilities. OK, John. Thank you. Hi Mary, I can only transmit and receive G.711 audio.

6 University of South Australia CPN’05 Oct-25-2005 6 The CES protocol - primitives and messages outgoing CESE incoming CESE Two CES Entities: Outgoing (initiator) Incoming (responder)

7 University of South Australia CPN’05 Oct-25-2005 7 The CES protocol - primitives and messages TRANSFER.indication TRANSFER.request outgoing CESE incoming CESE outgoing CES user incoming CES user underlying medium TRANSFER.response REJECT.request (CAUSE) REJECT.indication (SOURCE, CAUSE) TRANSFER.confirm TerminalCapabilitySet TerminalCapabilitySetRelease TerminalCapabilitySetAck TerminalCapabilitySetReject 6 Service Primitives:4 CES messages:

8 University of South Australia CPN’05 Oct-25-2005 8 The CES protocol – CPN model 1`(1,awaiting) 1`[(1,capSet)] 1`(1,awaiting) 1`[(1,capAck)] 1`(0,idle) TRANSFERreq 1`(0,idle) REJECTindPout TRANSFERind 1`[] TRANSFERresREJECTreq TRANSFERcnf 1`(1,idle)

9 University of South Australia CPN’05 Oct-25-2005 9 The CES protocol – CPN model

10 University of South Australia CPN’05 Oct-25-2005 10 The CES protocol – desired properties n Initial state as a home state n Absence of deadlocks n Absence of livelocks: u the protocol must not be trapped in a set of states where useless or undesired sequences of actions occur repeatedly without ending. n No dead code n Language property: the CES protocol language must be included in the CES service language (i.e. Language Inclusion must hold) u The service language of a protocol comprises the allowable sequences of user observable events (known as service primitives). u The protocol language of a protocol comprises the sequences of service primitives implemented by the protocol. Implies

11 University of South Australia CPN’05 Oct-25-2005 11 The CES protocol – state space analysis n The CPN model of the CES protocol has an infinite state space due to the infinite capacity of the channels. n State space analysis was applied to a restricted form of the CPN model: u The maximum queue length of places forChannel and revChannel was set to 3 respectively, and u The maximum sequence number was set to 1, i.e. the sequence numbers in use are 0 and 1.

12 University of South Australia CPN’05 Oct-25-2005 12 The CES protocol – state space analysis n The CES protocol satisfies all the four general properties, i.e. deadlocks and live locks free, initial state is a home state, and no dead code. n However, further analysis of the state space reveals that the protocol could fail if wrapping of the protocol’s sequence numbers occurs. n As result, a user may be misinformed about the acceptance or otherwise of the capabilities it has just sent. This could lead to the failure of the multimedia session.

13 University of South Australia CPN’05 Oct-25-2005 13 The CES protocol – state space analysis Misinterpreted acknowledgement

14 University of South Australia CPN’05 Oct-25-2005 14 The CES protocol – state space analysis Occurrence of supposedly “dead” transitions

15 University of South Australia CPN’05 Oct-25-2005 15 The CES protocol – language analysis n Language comparison shows that there are sequences of primitives that are in the protocol language but not in the service language (illegal sequences). n The illegal sequences reveals the same CES protocol error discovered by state space analysis.

16 University of South Australia CPN’05 Oct-25-2005 16 The CES protocol – desired properties n Initial state as a home state n Absence of deadlocks n Absence of livelocks n No dead code n Language property: the CES protocol language must be included in the CES service language (i.e. Language Inclusion must hold) No unexpected dead code TRANSFERindT and REJECTindUin should be dead when underlying medium is reliable! [14]

17 University of South Australia CPN’05 Oct-25-2005 17 Revising the CES protocol

18 University of South Australia CPN’05 Oct-25-2005 18 Revising the CES protocol Add a state variable to count the number of outstanding requests

19 University of South Australia CPN’05 Oct-25-2005 19 Revising the CES protocol Update arcs and inscriptions appropriately

20 University of South Australia CPN’05 Oct-25-2005 20 Revising the CES protocol Add a guard to prevent more than 256 outstanding requests (when MaxSeqNo=255)

21 University of South Australia CPN’05 Oct-25-2005 21 Revising the CES protocol TerminalCapabilitySetAbort message is sent when Reject.Ind(SOURCE=PROTOCOL) occurs

22 University of South Australia CPN’05 Oct-25-2005 22 Revising the CES protocol Add guards to limit channel capacity

23 University of South Australia CPN’05 Oct-25-2005 23 The revised CES protocol – state space analysis n The revised CES protocol satisfies all the four general properties, i.e. deadlocks and live locks free, initial state is a home state, and no unexpected dead code.

24 University of South Australia CPN’05 Oct-25-2005 24 The revised CES protocol – language analysis n No illegal sequences have been found in the protocol language. n The revised CES protocol implements a subset of the requirements specified in the CES service n However, the missing sequences are caused by the capacity and maximum sequence number constraints, and the way the protocol implements rejection. So the revised CES protocol is an acceptable implementation of the CES service.

25 University of South Australia CPN’05 Oct-25-2005 25 Conclusion and future work n This paper u Analyses the language properties of the CES protocol u Revises the protocol to eliminate the error found by state space and language analyses u Verifies the revised CES protocol by state space and language analyses n Parallel to the work presented in this paper, we have explored parametric verification of the (revised) CES protocol (for arbitrary channel capacities), by discovering and using structural regularities of the state spaces of the systems in language analysis. It has been shown to be a very promising approach for parametric verification of a class of protocols over unbounded channels. n In the future, we shall complete the verification of the CES protocol and its revision for any values of channel capacity, and generalise our parametric verification results to other protocols over unbounded channels.

26 University of South Australia CPN’05 Oct-25-2005 26

27 University of South Australia CPN’05 Oct-25-2005 27 The revised CES protocol – language analysis

Download ppt "University of South Australia CPN’05 Oct-25-2005 1 Enhancing the CES Protocol and its Verification Lin Liu 1,2 and Jonathan Billington 2 1 School of Computer."

Similar presentations

Implementation and Verification of a Cache Coherence protocol using Spin Steven Farago.

Implementation and Verification of a Cache Coherence protocol using Spin Steven Farago.
Modelling and Analysis of the CES Protocol of H.245 Lin Liu and Jonathan Billington Computer Systems Engineering Centre University of South Australia.

Modelling and Analysis of the CES Protocol of H.245 Lin Liu and Jonathan Billington Computer Systems Engineering Centre University of South Australia.
Global States.

Global States.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Simulation Verification of Different Constraints in System Level Design in SystemC Piyush Ranjan Satapathy CS220 Class Project Presentation.

Simulation Verification of Different Constraints in System Level Design in SystemC Piyush Ranjan Satapathy CS220 Class Project Presentation.
H. 323 Chapter 4.

H. 323 Chapter 4.
Grey Box testing Tor Stålhane. What is Grey Box testing Grey Box testing is testing done with limited knowledge of the internal of the system. Grey Box.

Grey Box testing Tor Stålhane. What is Grey Box testing Grey Box testing is testing done with limited knowledge of the internal of the system. Grey Box.
Secure Socket Layer.

Secure Socket Layer.
Packet Switching Network One of the common communications method is packet switching, which divides messages into packets and sends each packet individually.packet.

Packet Switching Network One of the common communications method is packet switching, which divides messages into packets and sends each packet individually.packet.
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
Banker’s Algorithm Implementation in CPN Tools Michal Žarnay Department of Transportation Networks University of Žilina, Slovakia.

Banker’s Algorithm Implementation in CPN Tools Michal Žarnay Department of Transportation Networks University of Žilina, Slovakia.
OSI and TCP Reference Models RD-CSY10171.  To understand  Basic definitions  Protocol  Application  Understand communication process using Reference.

OSI and TCP Reference Models RD-CSY  To understand  Basic definitions  Protocol  Application  Understand communication process using Reference.
The Data Link Layer Chapter 3. Position of the data-link layer.

The Data Link Layer Chapter 3. Position of the data-link layer.
Sweep-line Analysis of DCCP Connection Management Somsak Vanit-Anunchai Jonathan Billington Guy Edward Gallasch 25 th October 2006.

Sweep-line Analysis of DCCP Connection Management Somsak Vanit-Anunchai Jonathan Billington Guy Edward Gallasch 25 th October 2006.
20101 Synchronization in distributed systems A collection of independent computers that appears to its users as a single coherent system.

20101 Synchronization in distributed systems A collection of independent computers that appears to its users as a single coherent system.
1 Computer Systems Engineering Centre University of South Australia An Abstract Model of Routing in Mobile Ad Hoc Networks Cong Yuan, Jonathan Billington,

1 Computer Systems Engineering Centre University of South Australia An Abstract Model of Routing in Mobile Ad Hoc Networks Cong Yuan, Jonathan Billington,

Similar presentations

Ads by Google