097230 Methodologies in Information Systems Development
Model-Based Protocol Engineering:
Specifying Kerberos with Object-Process Methodology
Yaniv Mordecai & Dov DoriTechnion – Israel Institute of Technology, Haifa, Israel
November 3, 2015
Model-Based Protocol Engineering 2
Multiple engineering professionals talk different
languages
Mechanical Engineers Civil Engineers
Software EngineersElectronics Engineers
November 2015
Model-Based Protocol Engineering 3
What is a Model?• A physical, mathematical, or otherwise logical representation of a system, entity,
phenomenon, or process (DoD 1998).• A representation of one or more concepts that may be realized in the physical
world (Friedenthal, Moore, and Steiner 2009).• A simplified representation of a system at some particular point in time or space
intended to promote understanding of the real system (Bellinger 2004).• An abstraction of a system, aimed at understanding, communicating, explaining,
or designing aspects of interest of that system (Dori 2002).• A selective representation of some system whose form and content are chosen
based on a specific set of concerns (Object Management Group 2010).
• Source: http://www.sebokwiki.org/wiki/What_is_a_Model%3F
November 2015
Model-Based Protocol Engineering 4
Systems Engineering Languages
– Systems Modeling Language – SysML• OMG Standard since 2007
– Object-Process Methodology – OPM • OPM book published in 2002• ISO Standard 19450 as of Aug. 2014(formally: 19450 Publically Available Specification)
OPM software: OPCAT, freely downloadable from http://esml.iem.technion.ac.il/
Along with papers and other resources
November 2015
Model-Based Protocol Engineering
The idea behind conceptual modeling
5
conceived reality modeled reality
Is modeled by
Bus
Aircraft
Vehicle
Gas Filling
Is modeled by
Is modeled by
Using graphical symbols, the model expresses physical things – objects and processes – and relations among them.
is a
is a
affects
Object
Process
Energy Replenishing
is
Car
affects
November 2015
Model-Based Protocol Engineering 6
OPM Entities – the bricks: Things and States
• Object: A thing that exists or might exist physically or informatically.– Objects are stateful:
• Objects can have states• At each point in time a stateful object is
– at one of its states - static, or – in transition between two states – undergoing change
• Process: A thing that transforms an object.– Transforming an object is:
• creating it, • consuming it, or • changing its state.
Object
Processing
State 1 State 2
November 2015
Model-Based Protocol Engineering 7November
2015
OPM unifies the system’s structure and behavior throughout the analysis and design of the system within one frame of reference using a small alphabet:
– Two types of things: (1) stateful objects (2) processes
– Two families of links:(1) structural links: connect objects with objects(2) procedural links: connect processes with
objects
Compact Ontology: A Minimum Length OPM alphabet
Model-Based Protocol Engineering 8
Hierarchical Decomposition Illustration
November 2015
Model-Based Protocol Engineering 9
• OPM is now approved ISO standard 19450.
• ISO 19450 is meant to provide a basis for a new generation of model-based standards.
• Official standards need formal semantics to ensure the standard’s consistency and integrity.
• Several standards we’ve tested were found to include contradictions and ambiguities that could be avoided, had a model-based approach been used to author and specify the standard.
November 2015
ISO Standardization
Model-Based Protocol Engineering 10
Unblocking the Paradigm Shift
• “Standards/protocols are not systems” – But they are processes, procedures, or sets of definitions, eventually pertaining to
a system at some level.• “Standards should be solution-independent”
– But their underlying semantics must be well defined.– You don’t have to design the system that implements the standard with OPM, but
you know that it is well-defined thanks to OPM. • “Standards should be defined in natural language text rather than
conceptual modeling languages”– But we want to make sure that the text is valid and verified.– OPM lets you generate semi-natural language text based on the model.
• “You can’t capture everything in the standard with a model”– Right! Focus the model on the core procedural, functional, and/or structural
aspects being standardized.
November 2015
Model-Based Protocol Engineering 11
Kerberos
• Common, widely-accepted protocol for computer user and device authentication across insecure computer networks.
• Based on trusted 3-rd party authentication service.• Invented and developed at MIT with the support of
Microsoft, Google, Apple, Oracle, and others. • MIT Kerberos Consortium has not provided a well-
formed model-based protocol representation.
November 2015
Model-Based Protocol Engineering 12
Why Kerberos
• It’s simple• It’s standardized• It’s well known to domain professionals• It consists of several components, services,
information objects, and processes.
November 2015
Model-Based Protocol Engineering 13
Kerberos Procedure
November 2015
Model-Based Protocol Engineering 14
UML Sequence Diagram of Kerberos
November 2015
Model-Based Protocol Engineering 15
UML Sequence Diagram of Kerberos
November 2015
Model-Based Protocol Engineering 16
UML Sequence Diagram of Kerberos
November 2015
Model-Based Protocol Engineering 17
Problems with the UML Sequence Diagram
• Notation problems.• Mixture sequence diagram, activity diagram, and some informal
diagram semantics.• Confusing use of rectangular blocks for different types of entities
(processes and objects).• Extensive use of in-diagram free text.• Lack of capability to execute the visualized model.• The diagram does not show branches of the process, i.e., what
happens when one of the subsequences fails. • The diagram captures only the first two levels of the internal
processes conducted by each participant.November
2015
Model-Based Protocol Engineering 18
Why Did Those Problems Occur?
• UML has 13 different diagrams to capture various aspects, each highlighting a different aspect.
• Each diagram has different notation for similar concepts (e.g. Use Case, Activity, Method, Process)
• UML does not generate a formal textual specification.
Eventually, the analyst works for the model more than the model works for the analyst!
November 2015
Model-Based Protocol Engineering 19
Kerberos in OPM
November 2015
Model-Based Protocol Engineering 20
Summary
• Model-based approach to standard authoring.• Object-Process Methodology (ISO 19450) as a
conceptual modeling framework for protocol specification.
• OPM-based specification and simulation of Kerberos, a well-known protocol.
November 2015
Model-Based Protocol Engineering 21
Protocol Modeling Assignment
• Model a formal procedure (a standard or a protocol) with Object-Process Methodology (OPM) – ISO 19450 for complex system and process modeling and simulation.
November 2015
Model-Based Protocol Engineering 22
Important Dates
• Preliminary submission Dec. 19, 2015, Sat, 23:59.– Preliminary version of report
• Introduction and literature review.• Description of the protocol. • A preliminary high-level OPM model of your protocol.
– Preliminary version of the model• Presentation Jan. 12, 2016, Tue, 10:30.• Final submission Feb. 27, 2016, Sat, 23:59.
November 2015
Model-Based Protocol Engineering 23
Assignment Grading
November 2015
MODULE TASK WEIGHTAssignment (77%)
Preliminary report 10%Preliminary version of OPM model 10%Presentation 12%Final report 15%Final version of OPM model 30%
Coursework (23%)
Attendance 13%Participation, involvement, and consultation 10%
TOTAL 100%
Model-Based Protocol Engineering 24
Submission Guidelines
• All submissions are to be made through Moodle.• Submit your report in the form of an
IEEE Conference Paper (up to 8 pages).• Submit your model file separately.• The report should contain at most 3-4 OPDs for
introductory and impression purposes. • In the text, refer to model views and diagrams in the file.• Focus on the most relevant and applicable parts of the
protocol or standard that you’re modeling.
November 2015
Model-Based Protocol Engineering 25
Modeling Guidelines• Build the OPM model iteratively, using the detail decomposition approach.• Keep your model executable – this is a mandatory and significant!• Make assumptions and abstractions, employ modeling patterns and techniques as
you see fit. Record your decisions and references.• Find issues in the technical specification (two contradicting sequences of the
stages of the procedure; mismatch between the total time required for the protocol to end, and the sum of minimal durations of the individual steps, unclear or ambiguous specification…). Use the model and reasonable assumptions to resolve them.
• Your OPM model should eventually contain 20-30 processes and subprocesses across at least four levels (0..3).
• All processes must be connected to objects, states, or other processes. • All objects must be connected to processes (directly or through a state) or other
objects.
November 2015
Model-Based Protocol Engineering 26
Further Reading• Alex Blekhman and Dov
Dori, Model-Based Requirements Authoring. INCOSE 2011 – the 6th International conference on System Engineering. March, 2011.
• Alex Blekhman and Dov Dori, Tesperanto – A Model-Based System Specification Methodology and Language. Proc. 23 rd
Annual INCOSE International Symposium, Philadelphia, PA, USA, June 24-27, 2013• Yaniv Mordecai and Dov
Dori, Conceptual Modeling of System-Based Decision-Making. Proc. 24th
Annual INCOSE International Symposium, Las Vegas, NV, USA, June 30 – July 3, 2014.• Juan Wachs, Boaz Frenkel, and Dov
Dori, Operation room tool handling and miscommunication scenarios: An Object-Process Methodology conceptual model. Artificial Intelligence in Medicine, Nov. 2014.
• Yaniv Mordecai and Dov Dori, Model-Based Protocol Engineering: Specifying Kerberos with Object-Process Methodology. IEEE 28th Convention of Electrical and Electronics Engineers in Israel, Eilat, Israel, Dec. 2014.
• ISO/PDPAS 19450 - Automation systems and integration — Object-Process MethodologyNovember
2015
Questions:
Yaniv Mordecai, [email protected]