In: Computer Science 2004: 27th Australasian Computer Science Conference (ACSC2004), pages 31-39. January 2004. Dunedin, New Zealand.
Abstract: The Internet is a very complex system, comprising a dynamically changing network of networks. The Internet's original designers created the Transmission Control Protocol (TCP) to provide a reliable end to end data service to its users, that would operate correctly in the face of failures in the network infrastructure. TCP handles the vast majority of the ever increasing traffic over the Internet and it is therefore of utmost importance that it operates correctly as the Internet grows and as speeds on the Internet increase. This paper provides a step towards its formal verification by providing a general formalisation of TCP requirements in the knowledge that it operates over a medium of very large and unknown capacity. These requirements are expressed in what is termed a service specification. Once the intent of the service that TCP is to provide to its users is defined in the service specification, TCP can be verified against this intent. A central part of the service specification is the definition of the sequences of user observable events (known as service primitives) that can occur at the user/TCP boundary. This is known as the service language. An important verification task is then to prove that TCP complies with this service language. The formal verification of a protocol as complex as TCP is an ambitious undertaking. To simplify the task, we consider the connection management and data transfer parts of the protocol and service separately. In this paper, we are concerned with the data transfer part of the service. Unfortunately the TCP Data Transfer Service language grows exponentially with the size of the medium over which it operates, which in general is unbounded. This implies that the automaton that represents the Data Transfer Service language is infinite. To tackle this problem, we parameterise the Data Transfer Service by the size of the medium. We provide a Coloured Petri Net model of the Data Transfer Service based on previous work and establish closed form expressions for its state space parameterised by the medium capacity. The state space is the automaton that represents the Data Transfer Service language. These expressions eliminate the need for reachability analysis and determine a parameterised automaton that embodies the Data Transfer Service language for arbitrary medium capacity.
Keywords: Networking; Internet; TCP; Unbounded Systems; Modelling and Tools.
Back to the Petri Nets Bibliography