1,875 research outputs found
Probabilistic Opacity for Markov Decision Processes
Opacity is a generic security property, that has been defined on (non
probabilistic) transition systems and later on Markov chains with labels. For a
secret predicate, given as a subset of runs, and a function describing the view
of an external observer, the value of interest for opacity is a measure of the
set of runs disclosing the secret. We extend this definition to the richer
framework of Markov decision processes, where non deterministic choice is
combined with probabilistic transitions, and we study related decidability
problems with partial or complete observation hypotheses for the schedulers. We
prove that all questions are decidable with complete observation and
-regular secrets. With partial observation, we prove that all
quantitative questions are undecidable but the question whether a system is
almost surely non opaque becomes decidable for a restricted class of
-regular secrets, as well as for all -regular secrets under
finite-memory schedulers
Bounded Model Checking for Probabilistic Programs
In this paper we investigate the applicability of standard model checking
approaches to verifying properties in probabilistic programming. As the
operational model for a standard probabilistic program is a potentially
infinite parametric Markov decision process, no direct adaption of existing
techniques is possible. Therefore, we propose an on-the-fly approach where the
operational model is successively created and verified via a step-wise
execution of the program. This approach enables to take key features of many
probabilistic programs into account: nondeterminism and conditioning. We
discuss the restrictions and demonstrate the scalability on several benchmarks
A Hierarchy of Scheduler Classes for Stochastic Automata
Stochastic automata are a formal compositional model for concurrent
stochastic timed systems, with general distributions and non-deterministic
choices. Measures of interest are defined over schedulers that resolve the
nondeterminism. In this paper we investigate the power of various theoretically
and practically motivated classes of schedulers, considering the classic
complete-information view and a restriction to non-prophetic schedulers. We
prove a hierarchy of scheduler classes w.r.t. unbounded probabilistic
reachability. We find that, unlike Markovian formalisms, stochastic automata
distinguish most classes even in this basic setting. Verification and strategy
synthesis methods thus face a tradeoff between powerful and efficient classes.
Using lightweight scheduler sampling, we explore this tradeoff and demonstrate
the concept of a useful approximative verification technique for stochastic
automata
A Taxonomy of Workflow Management Systems for Grid Computing
With the advent of Grid and application technologies, scientists and
engineers are building more and more complex applications to manage and process
large data sets, and execute scientific experiments on distributed resources.
Such application scenarios require means for composing and executing complex
workflows. Therefore, many efforts have been made towards the development of
workflow management systems for Grid computing. In this paper, we propose a
taxonomy that characterizes and classifies various approaches for building and
executing workflows on Grids. We also survey several representative Grid
workflow systems developed by various projects world-wide to demonstrate the
comprehensiveness of the taxonomy. The taxonomy not only highlights the design
and engineering similarities and differences of state-of-the-art in Grid
workflow systems, but also identifies the areas that need further research.Comment: 29 pages, 15 figure
Effective verification of confidentiality for multi-threaded programs
This paper studies how confidentiality properties of multi-threaded programs can be verified efficiently by a combination of newly developed and existing model checking algorithms. In particular, we study the verification of scheduler-specific observational determinism (SSOD), a property that characterizes secure information flow for multi-threaded programs under a given scheduler. Scheduler-specificness allows us to reason about refinement attacks, an important and tricky class of attacks that are notorious in practice. SSOD imposes two conditions: (SSOD-1)~all individual public variables have to evolve deterministically, expressed by requiring stuttering equivalence between the traces of each individual public variable, and (SSOD-2)~the relative order of updates of public variables is coincidental, i.e., there always exists a matching trace. \ud
\ud
We verify the first condition by reducing it to the question whether all traces of \ud
each public variable are stuttering equivalent. \ud
To verify the second condition, we show how\ud
the condition can be translated, via a series of steps, \ud
into a standard strong bisimulation problem. \ud
Our verification techniques can be easily\ud
adapted to verify other formalizations of similar information flow properties.\ud
\ud
We also exploit counter example generation techniques to synthesize attacks for insecure programs that fail either SSOD-1 or SSOD-2, i.e., showing how confidentiality \ud
of programs can be broken
Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems
This thesis addresses the foundational aspects of formal methods for
applications in security and in particular in anonymity. More concretely, we
develop frameworks for the specification of anonymity properties and propose
algorithms for their verification. Since in practice anonymity protocols always
leak some information, we focus on quantitative properties, which capture the
amount of information leaked by a protocol.
The main contribution of this thesis is cpCTL, the first temporal logic that
allows for the specification and verification of conditional probabilities
(which are the key ingredient of most anonymity properties). In addition, we
have considered several prominent definitions of information-leakage and
developed the first algorithms allowing us to compute (and even approximate)
the information leakage of anonymity protocols according to these definitions.
We have also studied a well-known problem in the specification and analysis of
distributed anonymity protocols, namely full-information scheduling. To
overcome this problem, we have proposed an alternative notion of scheduling and
adjusted accordingly several anonymity properties from the literature. Our last
major contribution is a debugging technique that helps on the detection of
flaws in security protocols.Comment: thesis, ISBN: 978-94-91211-74-
- âŠ