Verifying Safety Properties With the TLA+ Proof System

TLAPS, the TLA+ proof system, is a platform for the development and mechanical verification of TLA+ proofs written in a declarative style requiring little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. A Proof Manager uses backend verifiers such as theorem provers, proof assistants, SMT solvers, and decision procedures to check TLA+ proofs. This paper documents the first public release of TLAPS, distributed with a BSD-like license. It handles almost all the non-temporal part of TLA+ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties

A Game Theoretical Analysis of Localization Security in Wireless Sensor Networks with Adversaries

Wireless Sensor Networks (WSN) support data collection and distributed data processing by means of very small sensing devices that are easy to tamper and cloning: therefore classical security solutions based on access control and strong authentication are difficult to deploy. In this paper we look at the problem of assessing security of node localization. In particular, we analyze the scenario in which Verifiable Multilateration (VM) is used to localize nodes and a malicious node (i.e., the adversary) try to masquerade as non-malicious. We resort to non-cooperative game theory and we model this scenario as a two-player game. We analyze the optimal players' strategy and we show that the VM is indeed a proper mechanism to reduce fake positions.Comment: International Congress on Ultra Modern Telecommunications and Control Systems 2010. (ICUMT'10

Finite state verifiers with constant randomness

We give a new characterization of $\mathsf{NL}$ as the class of languages whose members have certificates that can be verified with small error in polynomial time by finite state machines that use a constant number of random bits, as opposed to its conventional description in terms of deterministic logarithmic-space verifiers. It turns out that allowing two-way interaction with the prover does not change the class of verifiable languages, and that no polynomially bounded amount of randomness is useful for constant-memory computers when used as language recognizers, or public-coin verifiers. A corollary of our main result is that the class of outcome problems corresponding to O(log n)-space bounded games of incomplete information where the universal player is allowed a constant number of moves equals NL.Comment: 17 pages. An improved versio