Consideration on Core Layer Dynamic Network and Server Refinement Using Event-B

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 6, Issue 8, August 2016)

Consideration on Core Layer Dynamic Network and Server

Refinement Using Event-B

Jawid Ahmad Baktash

1

, Mursal Dawodi

2

, Zahra Nazari

3

,

Tomokazu Nagata

4 1,3,4

University of the Ryukyus, Okinawa, Japan 2_{TU Berlin Germany, Berlin, Germany}

Abstract— in computer networks, a server is an instance of a computer that accepts and responds to requests made by users and clients and admins. Less formally, any device that runs server software could be considered a server as well. We are using Servers for managing network resources. A user can setup a server to control access of users and clients to a network, send/receive e-messages, massage passing, manage print jobs, and/or host a website. Servers are committed to a specific task often referred to as dedicated. As a result, there are a number of dedicated server categories, like print servers, file servers, network servers and database servers. However, many servers today are shared servers which can take on the responsibility of e-mail, DNS, FTP, and even multiple websites in the case of a web server. Because they are commonly used to deliver services that are required constantly, most servers are never turned off. If they fail, they cause trouble to the network users. In computer network, servers can be used for these purposes and also to verify the process of checking and logging in to server with Event-B codes as provided.

Keywords-- Formal Method, Event-B, Server

I. INTRODUCTION

Static routing allows routing tables in specific routers to be set up by the network administrator and administrator. It manually sets the IPs in the topology. Dynamic routing uses Routing Protocols that dynamically discover network destinations and a way to get to them. Dynamic routing allows routing tables in routers to change if a router on the route goes down or if a new network is added. In Dynamic Routing, different protocols are running in Routers, continuously exchanging network status updates between each other as a different message passing process. With the help of routing updates, messages sent by the Routing Protocols and routers can continuously update the routing table whenever a network topology change occurs. Here we discuss about Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF). With verification of Event-B. There are three basic types of routing protocols

Distance-vector Routing Protocols: Distance-vector Routing Protocols use simple algorithms that calculate a cumulative distance value between routers based on hop count like Routing Information Protocol Version 1

Link-state Routing Protocols: Link-state Routing Protocols use sophisticated algorithms that maintain a complex database of internetwork topology like Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (IS-IS)

[image:1.595.320.540.424.587.2]

Hybrid Routing Protocols: Hybrid Routing Protocols use a combination of distance-vector and link-state methods that tries to incorporate the advantages of both and minimize their disadvantages. And the core layer is considered the backbone of the network which includes the high-end device (Switches or Routers) and high-speed cables such as fiber cables. At the core layer, the network does not route traffic as the topology. In addition, no packet manipulation is done by the devices in this layer. Rather, this layer is concerned with speed and ensures reliable delivery of packets.

Figure 1: The three layers of the network

II. EVENT-BAND PRO-BSYSTEM

The mathematical foundations for development of event based system in B is discussed in Event based sequential program development by Jean-Raymond Abrial. An abstract machine consists of sets, constants and variables clauses

(2)

Each event in the abstract model is composed of a guard and an action. The events are modelled using generalized substitution which includes the construct-like assignment (x: = E(x)) and guarded statement (WHEN G THEN S END). A typical abstract machine may be outlined as below [1]. Informal principles and formal typing rules were presented by Abadi. The typing method started to take shape then as an aid for his SPI calculus and evolved to a more generic format. The typing rules are used to check the secrecy by defining three possible types of messages and communication channels: Public, Secret and Any. The first two types are obvious; the third refers to an unknown type that has to be sent as if it is secret, since we don’t know its real nature. As per protocol requirements, secret data should not be disclosed, so an appropriate mechanism for testing equivalence is defined for the message type [2]

In addition to this, a fresh entity called Confounder is introduced in order to produce different encrypted messages for two similar plain text messages. The judgments that can be derived about an environment E from the typing rules are the following:









|

:

|

:

E well

formed

E

M

T

the term M is of class T in E

E

P

Ok the process P type checks in E



The expression well-formed refers to an environment that is neither over-specified nor under-specified and is bounded, self-stabilizing and self-adapting. The rules for associating terms with types are the following:

 Zero: 0 is of level Public

 Name: used for determination of the level of names  Variable: used for determination of the level of

variables

 Successor: adding the number one to a message does not change its level

 Pair: if both components have the same level, that is the level of the pair; if one is Public and one is Secret, the pair has the level An

[image:2.595.317.545.155.638.2]

 Public Encryption: if messages of a certain level T are encrypted with a Public level key, the encrypted message has level.

Table 1:

The Following Table Shows the typing Method of ProB

Math ASCII Description













:









.

x p



:

NAT





<: <<

-->

::

{}

\ /

/



|

 

! .

x p

Set Membership Non Negative Number Less than or Equal to Greater or Equal to Sub Set

Strict Sub Set

Denote a total function x A _x _B A B

  _   

Become In Empty Set Union Set

Not Equal Set

(a

|

 

b) a map to b is the order pair of and b

Universal Quantification

1, 2, 3...

MACHINE M

SETS S S S

CONSTANTS C

PROPERTIES P

VARIABLES v v v INVARIANTS I

INI

1 1, 1

2 2, 2 TIALISATION init

EVENTS

E When G Then S END E When G Then S END END

(3)

In the guarded statement (WHEN G THEN S END), the guard (G) of the events are expressed as first order predicates. The actions of an event are specified as simultaneous assignments of state variables using substitution statements(S). The events occur spontaneously whenever their guard holds (true) and they are executed atomically. After building a model of a system as abstract machine, it must be proved that a system is consistent with respect to the invariant properties of the system. The consistency of the machine is shown by proving that each event of the system preserves the invariant.

In the context of the system with formal method to pass messages we are supposed to implement these two approaches

First Approach

[ 1]

R

: Message is passing between any successive events in the process

...

0 Ei



Ci d



d



[ 2]

R

: If

a



Pi

and

a

is sending message,

b



Pj

and

b

is receiving message then

1:

a

is timestamp by

[ 1]

R

2: Every message (m) will be timestamp as

tm



ci a

( )

. 3:

b

is timestamp by

( ) :

( ,

),

Cj b

Max cj tm

tm

tm d





In this approach a clock is defined as a function which assigns a number to an event. For every process Pi there exists a Clock Ci which essentially maps an event to an integer. We define the sequence of events produced by a process.

( )

( ) { ( 1)( 2) }

( ) :

|| ( ) :

||

( , )

:

|| :

; If

m dom sender Then

nVA VA a p VA p p VA m nVA

VA p nVA END

sender send m p Vector approach p proc m Mes

deliver deliver

sa

p m END

ge

Deliver M 

   

 

              

  

              

 





( , );

( ) ^ ( )

^ ^ ( ) ( ) ( )( )

^ ( )( ( )) -1

:

esaage p m if

m dom sender p m deliver

p proc p send m VA p VAT m p VAT m send m

then

deliver deliver p m END

 

 

 _ _ _ 

 

    

 

 _ _{ } 

 

 

Note: if event (a) happen before (b),

(

a



b

)

then

( )

Ts a



Ts b

but if

Ts a

( )



Ts b

( )

, we can’t assert that

(

a



b

)

so we are using vector solution for this case.

Second Approach

[R1]: Before executing an event, process (pi) updates its logical time as follow.

[ ]:

[ ]

...(

0)

(4)

[R2]: if (a



Pi) and ‘a’ is sending message by Pi, (b



Pj) and ‘b’ is receiving message by Pj then.

:

( [ ],

[ ])

[ ]

...(

0)

k Max ci k Tm k

if

Cj i

Tm i

then

Cj i

Tm i

d









In this approach, every process maintains a vector of size N to represent the logical time at that process, where N is equal to the total number of operations in that system.

1

2

3

1

2 (

[{ }] :

{m} (deliver[{p}])

2

3 (

[{ }] :

{m} (deliver[{p}])

1

3 (

[{ }] :

{m} (deliver[{p}])

1 (

[{ }]

2 (

[

approach

m

proc

m

sender

node p

m

sender

node p

m

sender

node p

m

send

p

m

s

L

end

am

         





































{ }]

3 (

[{ }]

p

m

deliver

p







































































_





_







III. SERVER REFINEMENT

In computer networking, serversare devices or computers which are designed to process requests and deliver data to other (client) computers over a local network or the Internet.

Pr { 1, 2}

log _

log _ : (Pr )

log _ :

( )

: Pr & / : log _ log _ : log _ {

MACHINE Server SETS

ocess p p

VARIABLES ged in INVARIANT

ged in POW ocess

INITIALISATION ged in OPERATIONS LogIn pp

PRE pp ocess pp ged in THEN

ged in ged in p

      } ; ( )

: Pr & : log _ log _ : log _ - { }

p END

LogOut pp

PRE pp ocess pp ged in THEN

ged in ged in pp

END END                                                                

(5)

2: Enabled operation of a server Machine

[image:5.595.50.267.143.536.2]

3: Machine’s History

Table 2:

shows the Properties, Operation and the History of the results

Properties Operation History





_

_ 1, 2, 3 Invariant Ok

Logged in R R R



 

2

1

3

LogIn R

 

_ 1

_ 2

_

_ 3

_ 2

_ 1

} {

Log in R

Log out R

Log in R

Initialization

: 0

Conjunct of Invariant

Summary

Analyses

False

Unknown

            

       

        

    

(6)

[image:6.595.338.507.142.399.2]

ProB also provides several graphical user interface visualization features to help the user to analyze and understand the behavior of his B specification. This feedback is good for understanding of the B specifications since human perception is good at identifying structural similarities and symmetries. For more information on this particular topic, the visualization features are in the animate menu, and comprise the command View Visited States and all the commands of the submenu View. It is important to understand that those commands operate on the state space computed by ProB at the current point during the animation. Each time the user animates the B specification, the state space computed by ProB can be expanded if the selected operations lead to states not already computed by ProB

Figure 2: Partial visualization of Login section

Here we have a recursion and recalling log-in and log-out function, which is the process of repeating items in a self-similar way. If we allow allows the program to call a function inside the same function, then it is called a recursive call of the function as shown below.

Figure 3: Visualization section with Recursion

[image:6.595.91.200.316.537.2]

(7)

 BFS is a general technique for traversing the graph.

 Turning a graph into a tree

 Visiting all vertices and edges of graph

 Deterring where graph is connected or note connected.

 Computer the connected graph

 Selecting a source vertex to be the root  Finding it is children, then their children and …  BFS in a graph with n vertices and m edge takes

O (n+m) times.

The date structure for BFS is  Queue

 Adjacent list or adjacency matrix

DFS

 It is another strategy for exploring graph to find the shortest path.

 Generally we are searching path to find the answer and the path can be directed or in directed graph.

 Exploring deeper in graph as much as it is possible.

 Uses two timestamps where (v.d) correspond to the first vertices discovered and (v.f) to those when the search is finishing.

Data structure for the DFS is  Stack

( );

( , )

(

)

:

( );

(

){

( );

( , );}

( );

visit x

push x s

while s

t peek s

pre t

y

y push y s

else

pop s

 













 





 





 

:

; ( , , )

int

{

(

)

{

;

,

;

:

;

(

;

,

)

;

BFS input

graph G

Queue Q

x z y

pre G

x

visit x

Enqueue x Q

pre Q

z

Dequeue Q

for all

y of z

y

Enqueue y Q





 





Dynamic Routing Verification using Event-B

As discussed in pervious chapters regarding the difference between static and dynamic routing, static routing allows routing tables in specific routers to be set up by the network administrator and administrator sets the IPs in the topology manually. Dynamic routing use Routing Protocols that dynamically discover network destinations and how to get to them. Dynamic routing allows routing tables in routers to change if a router on the route goes down or if a new network is added.

In Dynamic Routing, different Protocols are running in Routers which continuously exchange network status updates between each other as different message passing process. With the help of routing updates, messages sent by the Routing Protocols and routers can continuously update the routing table whenever a network topology change happens.

Here we will discuss about Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF) with verifying of Event-B.

(8)

We began by observing the properties through studies on small dynamic routing model topologies and finding structures in the optimal configuration policies. Based on these observations, we propose formal methods to do the proofs and eliminate the ambiguity and subjectivity of the analysis requirements of cloud based routing. This is done by providing a logical and precise argument for the requirement behavior. This enhances the analysis performed for informal reviews and inspections. The use of formal specifications and formal proofs provides a systematic and repeatable approach for analysis which can be supported by computer-based tools.

_

0..15

15

15 :

MACHINE

RIPRouter

ABSTRACT VARIABLES

hops

INVARIANT

hops Î

INITIALISATION hops

OPERATIONS

routed

PRE hops

THEN hops

hops











1 ;

:

- 1

- -

(

0)

;

END

Message

BEGIN hops

hops

END

result

RIP

BEGIN

result

bool hops

END







0 - 1

;

- -

0 ;

message

PRE rout

THEN rout

rout

END

result

RIP

IF rout

THEN

result

TRUE

ELSE

result

FALSE

END











[image:8.595.320.509.143.532.2]



Figure 4: shows visualization section of RIP

IV. CONCLUSION

In this paper, we presented Core Layer Dynamic Network and Server Refinement inspired by autonomous routing protocol for server management. We discussed the network system design architectures in core layer section with formats in formal methods and the decision process along Event-B. As presented, the existence of modifications with formal method is quite common; this evidence provides a remarkable opportunity for improving the core layer section of the network and the refinement of servers with formal methods.

(9)

Acknowledgment

This work was supported in part by the Graduate School of Engineering and Science, University of the Ryukyus, School of Electrical Engineering and Computer Science, Technical University of Berlin, and the Japan International Cooperation Agency – JICA.

REFERENCES

[1] Jawid Ahmad BAKTASH and Tomokazu NAGATA: "Formal Development of Electronic Identity Card System Using Event-B", Information Journal, Vol.17, No.9 (B), pp.4677-4685, 2014/9. [2] Jawid Ahmad BAKTASH, Tadashi SHIROMA, Tomokazu

NAGATA, Yuji TANIGUCHI, Morikazu NAKAMURA and Musal DAWODI : "Formal Implementation of Routing Information Protocol using Event-B", Information Journal, Vol.18, No.2, pp.705-718, 2015/2.

[3] Kazem NASERI, Jawid Ahmad BAKTASH, Dongshik KANG and Tomokazua NAGATA: "Accessibility Assessment of Health Services in Kabul City, Using GIS", Information Journal, Vol.18, No.11, pp.4643-4650, 2015/11

[4] Michael Leuschel and Michael J. Butler. Pro B : A model checker for B. In FME, pages 855{874, 2003.

[5] J.-R. Abrial. The B-Book: Assigning programs to meanings. Cambridge University Press, 1996.

[6] Jean-Raymond Abrial. Event based sequential program development: Application to constructing a pointer

[7] Michael Leuschel and Michael J. Butler. Pro B : Amodel checker for B. In FME, pages 855{874,2003.

[8] J.-R. Abrial. The B-Book: Assigning programs to meanings. Cambridge University Press, 1996.

[9] Jean-Raymond Abrial. Event based sequential program development: Application to constructing a pointer program. In Keijiro Araki, StefaniaGnesi, and Dino Mandrioli, editors, FME, volume 2805 of Lecture Notes in Computer Science, pages 51{74. Springer, 2003

[10] Abrial, J.R.:Modeling in Event-B: System and Software Design. Cambridge University Press, 2010.

[11] Abrial, J.R.: Extending B without Changing it (for developing distributed systems). Proc. of the 1st

[12] Conf. on the B method, H. Habrias (editor), France, pages 169– 190, 1996.

[13] Girish Chandra and DivakarYadav, Analyzing Data Flow in Trustworthy Electronic Payment Systems Using Event-B, Institute of Engineering and Technology U.P. Technical University Lucknow-226021, UP, India ,2013

[14] C Metayer, J R Abrial, and L Voison. Event-B language. RODIN deliverables 3.2,http://rodin.cs.ncl.ac.uk/deliverables/D7.pdf, 2005.

[15] J.-R. Abrial. Extending B without changing it (for developing distributed systems). In H. Habrias, editor, First B Conference, November 1996.

[16] DivakarYadav, Michael Butler,Formal Development of a Total Order Broadcast for Distributed Transactions using Event-B, University of Southampton,

[17] KarthikeyanBhargavan, DavorObradovic, and Carl A. Gunter. Formal verification of standards for distance vector routing protocols. J. ACM, 49(4):538–576, 2002.

[18] Hoang, T.S., Kuruma, H., Basin, D.A., Abrial, J.R.: Developing Topology Discovery in Event-B. [11] Abrial, J.R.: Extending B without changing it (for developing distributed systems). Proc. of the 1st Conf. on the B method, H. Habrias (editor), France, pages 169–190, 1996.

[19] Perkins Charles E., Bhagwat Pravin: Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for Mobile Computers, London England UK, ACM SIGCOMM’94, 1994, pp. 234–244.