Scalable CP-nets Modeling for BitTorrent Protocol Jing Liu

1,2,3 Haibo Wu

1,2,3 Xinming Ye

2 Jun Li

1

1Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China

2Inner Mongolia University, Hohhot, China

3Graduate University of Chinese Academy of Sciences, Beijing, China

{liujing, wuhaibo, lijun}@ict.ac.cn xmy@imu.edu.cn

ABSTRACT

Generating scalable formal models for the BitTorrent protocol facilitates specifying the protocol functionalities accurately, and analyzing the protocol behaviors efficiently. We have constructed a Colored Petri nets (CP-nets) model for the BitTorrent protocol, where basic protocol functionalities are modeled, and a file shar-ing scenario between two peers is analyzed [3]. However, that CP-nets model is difficult to extend for specifying more compli-cated scenarios, where more peers participate in the file sharing process. In this paper, a more scalable CP-nets model for the Bit-Torrent protocol is proposed, and the model is sufficiently vali-dated through an integrated model analysis process.

Categories and Subject Descriptors

C.2.2 [Computer-Communication Networks]: Network Proto-cols – Protocol verification

General Terms

Design, Verification

Keywords

BitTorrent protocol, colored Petri nets, scalable modeling

1. INTRODUCTION In the BitTorrent protocol [1], individual peers participate in an application level overlay network, and behave as both client and server to make the file sharing process more effective and efficient. Formal models for the BitTorrent protocol could not only behave as an unambiguous protocol specification, but also facilitate pro-tocol behavior analysis. However, intricate communication and concurrent behaviors in the protocol make such modeling and analysis activities more complicated.

Coloured Petri Nets (CP-nets) are quite suitable for modeling and validating the system in which concurrence, communication and synchronization play a major role [2]. Using CP-nets to model the BitTorrent protocol sounds a good choice, because CP-nets could not only specify the detailed protocol functionalities hierarchically

and unambiguously, but also support visible simulation and effi-cient analysis to complicated and concurrent protocol behaviors. We have made some preliminary work towards the BitTorrent modeling with CP-nets models, where the basic protocol func-tionalities are modeled, and a file sharing scenario between two peers is analyzed [3]. However, that CP-nets model is difficult to extend for specifying more complicated scenarios, where more peers participate in the file sharing process. The major reason is that each peer is modeled as an individual module, and adding a new peer needs adding one more individual module. Therefore, the size of such models becomes too large to control.

In this paper, a modified hierarchical CP-nets model for the Bit-Torrent protocol with high scalability is proposed, in order to specify the complicated communication and concurrent behaviors accurately, under the scenario where more peers participate in the file sharing. Furthermore, such CP-nets models are sufficiently validated through an integrated model analysis by CPN Tools [4]. First, dynamic simulation and basic state space analysis are used together to validate whether detailed functionalities are modeled accurately. Then, we construct an abstract model and perform CP-nets based model checking to verify whether concurrent behaviors are running as expected in the models.

2. SCALABLE MODELING Based on the modeling architecture that proposed in [3], we inte-grate individual modules for different peers into one single mod-ule to unify the specification of peer functionalities. As shown in figure 1, CP-nets models for the BitTorrent protocol in this paper are compose of 21 page instances [2].

Figure 1. The entire CP-nets page instances.

Each of page instance models specific functionalities of the proto-col, for example, “Leecher” specifies the overall workflow of the leecher behaviors [1]; “havePiece” specifies the detailed process-ing when a leecher downloads a file piece. Above models assumes that underlying network is reliable, and there is no vulnerabilities during protocol executions. To revise the CP-nets models in [3],

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. SAC’11, March 21-25, 2011, TaiChung, Taiwan. Copyright 2011 ACM 978-1-4503-0113-8/11/03…$10.00.

542

we firstly modify the data type for the peer identity to make it more scalable, and then modify page instances in every layer con-sequently to support communications among multiple peers.

2.1 Peer Identity Modeling The data type for the peer identity is defined as: colset PEERID =

index pid with 1...pno, where pno indicates the maximum number of peers. Variables with this type are used to represent different peer nodes in one page instance and identified by corresponding index values. Besides, we make three key data structure in [3] to record piece distribution and request information for each peer to control the piece sharing process. In order to conform to the pre-ceding modification for the peer identity data type, we integrate them into one data structure, named PIECE_ SET, and specified as list type: PIECE_SET =list PIECE_ENTRY with 0..eno, where eno indicates the maximum number of piece entries, and PIECE_

ENRYT is specified as: PIECE_ENTRY = record file:INFOHASH

×peer:PEERID×bitmaps:BITMAP×reqpics:BITMAP. Each entry in the PIECE_ SET indicates the piece sharing information of a

file in a specific peer: file records the sharing file identity; peer

records the peer identity; bitmaps records pieces that have been

stored; reqpics records pieces that have been requested but not downloaded. This unified data structure is very suited for scalable modeling for multiple peers executing in a unified page instance.

2.2 Hierarchical Modeling The page instance in the network topology layer is shown in fig-ure 2. It represents the communication relation between the leech and the seed. More importantly, different leechers (or seeds) are modeled using a unified page instance, Leecher and Seed, so in-troducing new peers does not need to add more modules.

Leecher Leechers Seed Seed

nets

PACKET

netr

PACKET

net

SeedLeechers

PACKET

Figure 2. The network topology page instance.

Compared with protocol models in [3], the major model modifica-tion in other hierarchical layers comes from two aspects. One is to recognize and differentiate identities of different peers. The other is to rearrange protocol execution orders to make different peers performing their individual behaviors without conflict in a spe-cific page instance. These modifications need multiple refine-ments and analysis, because such mixed behavior execution in one page instance should guarantee no harm to the predefined proto-col functionalities. Besides, if some independent concurrent ac-tions could be modeled as either concurrent execution or sequen-tial execution, we coercively add a specific control place to make their corresponding transitions fired sequentially. It avoids pro-ducing a great number of unnecessary interleaving states.

3. MODEL VALIDATION AND ANALYSIS Having constructed above CP-nets models with high scalability for the BitTorrent protocol, the model validation should be further performed through an integrated analysis process, including vali-dating the correctness of models, and verifying whether key re-quirement properties of the protocol are satisfied in the models. We perform such model validation process under the guidance of the model analysis framework that proposed in [3].

The analysis scenario is assigned to make five peers (one seed, one leecher with empty file, three leechers with different part files) share a file with five pieces. If models in [3] are used to analyze such scenario, 79 page instances are needed. But now, we only need 21 page instances to perform more feasible analysis.

First, we design eight function units with respective initial mark-ings [2] as triggers to make all transitions fired at least once, so all specified functionalities of the protocol are considered. Sufficient simulations towards function units are performed for correcting the inaccurate, removing the redundant, and abstracting the over-detailed. Besides, for each function unit, its boundness, liveness and deadlock properties are automatically checked with CPN Tools to further improve the model accuracy.

Then, through abstracting detailed behaviors from transaction and algorithm layers to the communicating behavior layer, we con-struct an abstract model with concurrent behavior equivalence to the original model. Next, we write several properties, as ASKCTL formulas [4], to describe specific protocol functional requirements that must hold no matter how concurrently the protocol executes. For example, formula POS(not(MODAL(AF("PieceRecv", IsMul-

tiPieceRecv)))) indicates that a leecher would never download the same piece. Based on above abstract model and each properties formula, ASKCTL model checking [4] is performed automatically to verify whether concurrent executions of protocol behaviors are specified correctly. Abstract models could effectively relieve the state space explosion, and as a kind of over-approximation ab-straction, any successfully verified property based on the abstract model is also satisfied in the original detailed model.

4. CONCLUSION In this paper, improved CP-nets hierarchical models with high scalability for the BitTorrent protocol are proposed for specifying complicated communicating scenarios, where multiple peers par-ticipate the overlay file sharing process. Through iterative analysis based on model simulation, basic state space analysis and concur-rent behavior model checking, above hierarchical CP-nets models for the BitTorrent protocol are well improved and validated.

5. ACKNOWLEDGMENT This work was supported partly by the National Natural Science Foundation of China (No. 61003266); the Important National Science & Technology Specific Projects of China (No. 2010ZX03 006-002); the Key Program of Natural Science Foundation of Inner Mongolia of China (No. 20080404ZD20).

6. REFERENCES [1] Cohen, B. Incentives Build Robustness in BitTorrent. In

Proceedings of the Workshop on Economics of Peer-to-Peer

Systems. (Berkeley, CA, USA, Jun. 5-6, 2003). 2003, 1-5.

[2] Jensen, K. and Kristensen, L. M. Coloured Petri Nets: Mod-elling and Validation of Concurrent Systems. Springer, 2009.

[3] Liu, J., Ye, X. M. and Sun, T. Towards Formal Modeling and Analysis of BitTorrent using Colored Petri Nets. In Pro-

ceedings of the CPN Workshop 2009. (Aarhus, Denmark, Oct. 19-21, 2009). CPN Group, 2009, 159~178.

[4] CPN Tools. Online: http://wiki.daimi.au.dk/cpntools/cpntools.wiki.

543