Reasoning about Network Topologies in Space

  • Lenore D. Zuck
  • Kenneth L. McMillan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8415)


“Traditional” satellite systems consist of special-purpose monolithic satellites. Future ones aim to comprise of a small number of inexpensive generalpurpose spacecraft that communicate with one another to carry out missions, with a certification requirement. Such certification would guarantee the security and correctness of all mission software.

In this work we focus on proving correctness of a proposed protocol for aggregation of the data of member nodes in such a system. The modeling and verification of such a system is complicated by a number of factors, including real-time constraints and the unusual topology of the network, which does not fit wellstudied cases such as clique, star and ring topologies.

We show how to use decomposition and abstraction to isolate the topologydependent reasoning in the the proof into a simple lemma. This allows us to use finite-state model checking techniques to perform this reasoning, and to quickly assess classes of network topologies. The assumptions we made in abstracting the model (the premises of our lemma) can in principle be verified locally, without concern for the network topology.

This case study can be seen as an instance of a general proof strategy: separate the complicating aspects of the proof of a complex system so that each can be handled by an appropriate tool.


  1. 1.
    Behrmann, G., David, A., Larsen, K.G.: A tutorial on Uppaal. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 200–236. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Castelluccia, C., Chan, A.C.-F., Mykletun, E., Tsudik, G.: Efficient and provably secure aggregation of encrypted data in wireless sensor networks, pp. 1–36CrossRefGoogle Scholar
  4. 4.
    Eiríksson, Á.T.: The formal design of 1M-gate ASICs. Form. Methods Syst. Des. 16(1), 7–22 (2000)CrossRefGoogle Scholar
  5. 5.
    Felsner, S., Liotta, G., Wismath, S.K.: Straight-line drawings on restricted integer grids in two and three dimensions. In: Mutzel, P., Jünger, M., Leipert, S. (eds.) GD 2001. LNCS, vol. 2265, pp. 328–342. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Feo-Arenis, S., Iskander, M.K., Lee, A.J., Mossé, D., Zuck, L.D.: Verifying protocols for f6. Inernal document, available upon request (November 2012)Google Scholar
  7. 7.
    Gobriel, S., Khattab, S., Mossé, D., Brustoloni, J., Melhem, R.: Ridesharing: Fault tolerant aggregation in sensor networks using corrective actions. In: The 3rd Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), pp. 595–604 (2006)Google Scholar
  8. 8.
    Kwiatkowska, M.Z., Norman, G., Parker, D.: Probabilistic symbolic model checking with prism: a hybrid approach. STTT 6(2), 128–142 (2004)CrossRefGoogle Scholar
  9. 9.
    Lee, A.J., Iskander, M.K., Mossé, D.: Confidentiality-preserving and fault-tolerant in-network aggregation for collaborative wsns. In: Proceedings of the 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom (October 2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Lenore D. Zuck
    • 1
  • Kenneth L. McMillan
    • 2
  1. 1.University of Illinois at ChicagoUSA
  2. 2.MSR RedmondUSA

Personalised recommendations