-
Notifications
You must be signed in to change notification settings - Fork 0
/
Case-study.cl1
253 lines (221 loc) · 9.1 KB
/
Case-study.cl1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
**FIXME**
component Z3 {
type Relation;
}
*********
** Skills for employees
component Skill {
let name : String;
}
** Trainings providing new skills
component Training {
let skills : Skill*;
}
** Employees
component Employee {
let skills : Skill*;
let trainings : Training*;
}
** Applications with users and recursively able to host other applications
component Application {
let name : String;
let users : Employee*;
let <<hosts>> : Z3.Relation.Strict_partial_order;
}
** Access right for an application
component Right {
let application : Application;
let level : Integer;
let users : Employee*;
let required_skills : Skill*;
}
** Organizational structure, able to compete with other structures
component Structure {
let name : String;
let employees : Employee*;
let applications : Application*;
let <<competes with>> : Z3.Relation.Symmetric;
}
let guest = 1;
let admin = 5;
********
** A user with access rights to an application must not have priviledged access rights to
** platforms hosting it
for all (application : Application, user : Employee, platform : Application, right : Right) {
(application.users <<has>> user and platform <<hosts>> application and right.users <<has>> user)
=> (right.application != platform or right.level <= guest);
};
** Rights can only be assigned to users with the appropriate skills
for all (user : Employee, right : Right, skill : Skill) {
(user.skills !<<has>> skill and right.required_skills <<has>> skill)
=> right.users !<<can have>> user;
};
** Employees who have completed trainings acquire the skills associated with them
for all (user : Employee, training : Training, skill : Skill) {
(user.trainings <<has>> training and training.skills <<has>> skill)
=> user.skills <<has>> skill;
};
** Users of an application are employees of one theirs companies
for all (right : Right, user : Employee, application : Application) {
(right.application = application and right.users <<has>> user) =>
exists (structure : Structure) {
structure.applications <<has>> application;
structure.employees <<has>> user;
};
};
** Competing companies must use applications hosted on different platforms
for all (structure_1 : Structure, structure_2 : Structure, application_1 : Application,
application_2 : Application, platform_1 : Application, platform_2 : Application) {
(structure_1 <<competes with>> structure_2 and platform_1 <<hosts>> application_1 and
platform_2 <<hosts>> application_2 and structure_1.applications <<has>> application_1 and
structure_2.applications <<has>> application_2)
=> (platform_1 != platform_2);
};
********
** Hypervisors, VMs and applications
********
let hv_1 = Application {};
let hv_2 = Application {};
let hv_3 = Application {};
let hv_4 = Application {};
let hv_5 = Application {};
let hv_6 = Application {};
let hv_7 = Application {};
let hv_8 = Application {};
let vm_01 = Application {};
let vm_02 = Application {};
let vm_03 = Application {};
let vm_04 = Application {};
let vm_05 = Application {};
let vm_06 = Application {};
let vm_07 = Application {};
let vm_08 = Application {};
let vm_09 = Application {};
let vm_10 = Application {};
let vm_11 = Application {};
let vm_12 = Application {};
let vm_13 = Application {};
let vm_14 = Application {};
let vm_15 = Application {};
let vm_16 = Application {};
let vm_17 = Application {};
let vm_18 = Application {};
let vm_19 = Application {};
let vm_20 = Application {};
let vm_21 = Application {};
let vm_22 = Application {};
let vm_23 = Application {};
let vm_24 = Application {};
assert (hv_1 <<hosts>> vm_01);
assert (hv_1 <<hosts>> vm_02);
assert (hv_2 <<hosts>> vm_03);
let application_01 = Application {};
let application_02 = Application {};
let application_03 = Application {};
let application_04 = Application {};
let application_05 = Application {};
let application_06 = Application {};
let application_07 = Application {};
let application_08 = Application {};
let application_09 = Application {};
let application_10 = Application {};
let application_11 = Application {};
let application_12 = Application {};
let application_13 = Application {};
let application_14 = Application {};
let application_15 = Application {};
let application_16 = Application {};
assert (vm_01 <<hosts>> application_01);
assert (vm_02 <<hosts>> application_02);
assert (vm_03 <<hosts>> application_03);
assert (vm_04 <<hosts>> application_04);
assert (vm_05 <<hosts>> application_05);
assert (vm_05 <<hosts>> application_06);
assert (vm_06 <<hosts>> application_07);
assert (vm_06 <<hosts>> application_08);
********
** Companies
********
let company_1 = Structure { applications <- [application_01; application_02; application_03;
application_04]; };
let company_2 = Structure { applications <- [application_02; application_03]; };
let company_3 = Structure { applications <- [application_02; application_03]; };
let company_4 = Structure { applications <- [application_04]; };
let company_5 = Structure { applications <- [application_04]; };
** UNSAT, because both companies use the same application
** assert (company_1 <<competes with>> company_2);
** assert (company_1 <<competes with>> company_3); ** UNSAT
** assert (company_1 <<competes with>> company_4); ** UNSAT
** assert (company_1 <<competes with>> company_5); ** UNSAT
** assert (company_2 <<competes with>> company_3); ** UNSAT
assert (company_2 <<competes with>> company_4);
assert (company_3 <<competes with>> company_5);
** UNSAT, because rival companies would use applications hosted on the same VM
** assert (vm_02 = vm_04); ** UNSAT
********
** Skills and trainings
********
let linux_system_administration = Skill { name <- "Linux system administration"; };
let storage_management = Skill { name <- "Storage management"; };
let data_protection = Skill { name <- "Data protection"; };
let finance = Skill { name <- "Finance"; };
let insurance = Skill { name <- "Insurance"; };
let no_skill = ([]:Skill*);
let sysadmin_101 = Training { skills <- [linux_system_administration; storage_management]; };
let data_protection_101 = Training { skills <- [data_protection]; };
********
** Rights and employees
********
let linux_admin = Right { required_skills <- [linux_system_administration]; };
let hv_1_admin = Right { application <- hv_1; level <- admin;
required_skills <- [linux_system_administration]; };
let employee_1_01 = Employee { skills <- no_skill; };
assert (company_1.employees <<has>> employee_1_01);
let employee_1_02 = Employee { skills <- no_skill; };
assert (company_1.employees <<has>> employee_1_02);
let employee_1_03 = Employee { skills <- no_skill; };
assert (company_1.employees <<has>> employee_1_03);
let employee_1_04 = Employee { skills <- no_skill; };
assert (company_1.employees <<has>> employee_1_04);
let employee_1_05 = Employee { trainings <- [sysadmin_101]; };
assert (company_1.employees <<has>> employee_1_05);
let employee_1_06 = Employee { trainings <- [sysadmin_101]; };
assert (company_1.employees <<has>> employee_1_06);
let employee_1_07 = Employee { trainings <- [sysadmin_101]; };
assert (company_1.employees <<has>> employee_1_07);
let employee_1_08 = Employee { trainings <- [sysadmin_101]; };
assert (company_1.employees <<has>> employee_1_08);
let employee_1_09 = Employee { trainings <- [sysadmin_101]; };
assert (company_1.employees <<has>> employee_1_09);
let employee_1_10 = Employee { trainings <- [sysadmin_101]; };
assert (company_1.employees <<has>> employee_1_10);
let employee_1_11 = Employee { trainings <- [sysadmin_101]; };
assert (company_1.employees <<has>> employee_1_11);
let employee_1_12 = Employee { trainings <- [sysadmin_101]; };
assert (company_1.employees <<has>> employee_1_12);
let employee_1_13 = Employee { skills <- [finance]; };
assert (company_1.employees <<has>> employee_1_13);
let employee_1_14 = Employee { skills <- [finance]; };
assert (company_1.employees <<has>> employee_1_14);
let employee_1_15 = Employee { skills <- [finance]; };
assert (company_1.employees <<has>> employee_1_15);
let employee_1_16 = Employee { skills <- [finance]; };
assert (company_1.employees <<has>> employee_1_16);
let employee_1_17 = Employee { skills <- [insurance]; };
assert (company_1.employees <<has>> employee_1_17);
let employee_1_18 = Employee { skills <- [insurance]; };
assert (company_1.employees <<has>> employee_1_18);
let employee_1_19 = Employee { skills <- [insurance]; };
assert (company_1.employees <<has>> employee_1_19);
let employee_1_20 = Employee { skills <- [insurance]; };
assert (company_1.employees <<has>> employee_1_20);
let employee_1_21 = Employee { skills <- [finance; insurance]; };
assert (company_1.employees <<has>> employee_1_21);
let employee_1_22 = Employee { skills <- [finance; insurance]; };
assert (company_1.employees <<has>> employee_1_22);
** UNSAT, because the employee does not have the required skills
** assert (linux_admin.users <<has>> employee_1_13); ** UNSAT
** assert (hv_1_admin.users <<has>> employee_1_01); ** UNSAT
assert (hv_1_admin.users <<has>> employee_1_05);
** UNSAT, because the employee uses an application hosted by a VM hosted by the hypervisor
** assert (application_01.users <<has>> employee_1_05); ** UNSAT