75,199 research outputs found
Using schedulers to test probabilistic distributed systems
This is the author's accepted manuscript. The final publication is available at Springer via http://dx.doi.org/10.1007/s00165-012-0244-5. Copyright Ā© 2012, British Computer Society.Formal methods are one of the most important approaches to increasing the confidence in the correctness of software systems. A formal specification can be used as an oracle in testing since one can determine whether an observed behaviour is allowed by the specification. This is an important feature of formal testing: behaviours of the system observed in testing are compared with the specification and ideally this comparison is automated. In this paper we study a formal testing framework to deal with systems that interact with their environment at physically distributed interfaces, called ports, and where choices between different possibilities are probabilistically quantified. Building on previous work, we introduce two families of schedulers to resolve nondeterministic choices among different actions of the system. The first type of schedulers, which we call global schedulers, resolves nondeterministic choices by representing the environment as a single global scheduler. The second type, which we call localised schedulers, models the environment as a set of schedulers with there being one scheduler for each port. We formally define the application of schedulers to systems and provide and study different implementation relations in this setting
Mutation testing from probabilistic finite state machines
Mutation testing traditionally involves mutating a program in order to produce a set of mutants and using these mutants in order to either estimate the effectiveness of a test suite or to drive test generation. Recently, however, this approach has been applied to specifications such as those written as finite state machines. This paper extends mutation testing to finite state machine models in which transitions have associated probabilities. The paper describes several ways of mutating a probabilistic finite state machine (PFSM) and shows how test sequences that distinguish between a PFSM and its mutants can be generated. Testing then involves applying each test sequence multiple times, observing the resultant output sequences and using results from statistical sampling theory in order to compare the observed frequency of each output sequence with that expected
Towards Scalable Synthesis of Stochastic Control Systems
Formal control synthesis approaches over stochastic systems have received
significant attention in the past few years, in view of their ability to
provide provably correct controllers for complex logical specifications in an
automated fashion. Examples of complex specifications of interest include
properties expressed as formulae in linear temporal logic (LTL) or as automata
on infinite strings. A general methodology to synthesize controllers for such
properties resorts to symbolic abstractions of the given stochastic systems.
Symbolic models are discrete abstractions of the given concrete systems with
the property that a controller designed on the abstraction can be refined (or
implemented) into a controller on the original system. Although the recent
development of techniques for the construction of symbolic models has been
quite encouraging, the general goal of formal synthesis over stochastic control
systems is by no means solved. A fundamental issue with the existing techniques
is the known "curse of dimensionality," which is due to the need to discretize
state and input sets and that results in an exponential complexity over the
number of state and input variables in the concrete system. In this work we
propose a novel abstraction technique for incrementally stable stochastic
control systems, which does not require state-space discretization but only
input set discretization, and that can be potentially more efficient (and thus
scalable) than existing approaches. We elucidate the effectiveness of the
proposed approach by synthesizing a schedule for the coordination of two
traffic lights under some safety and fairness requirements for a road traffic
model. Further we argue that this 5-dimensional linear stochastic control
system cannot be studied with existing approaches based on state-space
discretization due to the very large number of generated discrete states.Comment: 22 pages, 3 figures. arXiv admin note: text overlap with
arXiv:1407.273
Contextuality in Measurement-based Quantum Computation
We show, under natural assumptions for qubit systems, that measurement-based
quantum computations (MBQCs) which compute a non-linear Boolean function with
high probability are contextual. The class of contextual MBQCs includes an
example which is of practical interest and has a super-polynomial speedup over
the best known classical algorithm, namely the quantum algorithm that solves
the Discrete Log problem.Comment: Version 3: probabilistic version of Theorem 1 adde
Formal Verification of Differential Privacy for Interactive Systems
Differential privacy is a promising approach to privacy preserving data
analysis with a well-developed theory for functions. Despite recent work on
implementing systems that aim to provide differential privacy, the problem of
formally verifying that these systems have differential privacy has not been
adequately addressed. This paper presents the first results towards automated
verification of source code for differentially private interactive systems. We
develop a formal probabilistic automaton model of differential privacy for
systems by adapting prior work on differential privacy for functions. The main
technical result of the paper is a sound proof technique based on a form of
probabilistic bisimulation relation for proving that a system modeled as a
probabilistic automaton satisfies differential privacy. The novelty lies in the
way we track quantitative privacy leakage bounds using a relation family
instead of a single relation. We illustrate the proof technique on a
representative automaton motivated by PINQ, an implemented system that is
intended to provide differential privacy. To make our proof technique easier to
apply to realistic systems, we prove a form of refinement theorem and apply it
to show that a refinement of the abstract PINQ automaton also satisfies our
differential privacy definition. Finally, we begin the process of automating
our proof technique by providing an algorithm for mechanically checking a
restricted class of relations from the proof technique.Comment: 65 pages with 1 figur
The Random Oracle Methodology, Revisited
We take a critical look at the relationship between the security of
cryptographic schemes in the Random Oracle Model, and the security of the
schemes that result from implementing the random oracle by so called
"cryptographic hash functions". The main result of this paper is a negative
one: There exist signature and encryption schemes that are secure in the Random
Oracle Model, but for which any implementation of the random oracle results in
insecure schemes.
In the process of devising the above schemes, we consider possible
definitions for the notion of a "good implementation" of a random oracle,
pointing out limitations and challenges.Comment: 31 page
- ā¦