937 research outputs found
Deciding equivalence-based properties using constraint solving
Formal methods have proved their usefulness for analyzing the security of protocols. Most existing results focus on trace properties like secrecy or authentication. There are however several security properties, which cannot be defined (or cannot be naturally defined) as trace properties and require a notion of behavioural equivalence. Typical examples are anonymity, privacy related properties or statements closer to security properties used in cryptography.
In this paper, we consider three notions of equivalence defined in the applied pi calculus: observational equivalence, may-testing equivalence, and trace equivalence. First, we study the relationship between these three notions. We show that for determinate processes, observational equivalence actually coincides with trace equivalence, a notion simpler to reason with. We exhibit a large class of determinate processes, called simple processes, that capture most existing protocols and cryptographic primitives. While trace equivalence and may-testing equivalence seem very similar, we show that may-testing equivalence is actually strictly stronger than trace equivalence. We prove that the two notions coincide for image-finite processes, such as processes without replication.
Second, we reduce the decidability of trace equivalence (for finite processes) to deciding symbolic equivalence between sets of constraint systems. For simple processes without replication and with trivial else branches, it turns out that it is actually sufficient to decide symbolic equivalence between pairs of positive constraint systems. Thanks to this reduction and relying on a result first proved by M. Baudet, this yields the first decidability result of observational equivalence for a general class of equational theories (for processes without else branch nor replication). Moreover, based on another decidability result for deciding equivalence between sets of constraint systems, we get decidability of trace equivalence for processes with else branch for standard primitives
Beyond Language Equivalence on Visibly Pushdown Automata
We study (bi)simulation-like preorder/equivalence checking on the class of
visibly pushdown automata and its natural subclasses visibly BPA (Basic Process
Algebra) and visibly one-counter automata. We describe generic methods for
proving complexity upper and lower bounds for a number of studied preorders and
equivalences like simulation, completed simulation, ready simulation, 2-nested
simulation preorders/equivalences and bisimulation equivalence. Our main
results are that all the mentioned equivalences and preorders are
EXPTIME-complete on visibly pushdown automata, PSPACE-complete on visibly
one-counter automata and P-complete on visibly BPA. Our PSPACE lower bound for
visibly one-counter automata improves also the previously known DP-hardness
results for ordinary one-counter automata and one-counter nets. Finally, we
study regularity checking problems for visibly pushdown automata and show that
they can be decided in polynomial time.Comment: Final version of paper, accepted by LMC
Lengths May Break Privacy â Or How to Check for Equivalences with Length
Security protocols have been successfully analyzed using symbolic models, where messages are represented by terms and protocols by processes. Privacy properties like anonymity or untraceability are typically expressed as equivalence between processes. While some decision procedures have been proposed for automatically deciding process equivalence, all existing approaches abstract away the information an attacker may get when observing the length of messages.
In this paper, we study process equivalence with length tests. We first show that, in the static case, almost all existing decidability results (for static equivalence) can be extended to cope with length tests.
In the active case, we prove decidability of trace equivalence with length tests, for a bounded number of sessions and for standard primitives. Our result relies on a previous decidability result from Cheval et al (without length tests). Our procedure has been implemented and we have discovered a new flaw against privacy in the biometric passport protocol
Equivalence-Checking on Infinite-State Systems: Techniques and Results
The paper presents a selection of recently developed and/or used techniques
for equivalence-checking on infinite-state systems, and an up-to-date overview
of existing results (as of September 2004)
Separability in the Ambient Logic
The \it{Ambient Logic} (AL) has been proposed for expressing properties of
process mobility in the calculus of Mobile Ambients (MA), and as a basis for
query languages on semistructured data. We study some basic questions
concerning the discriminating power of AL, focusing on the equivalence on
processes induced by the logic . As underlying calculi besides MA we
consider a subcalculus in which an image-finiteness condition holds and that we
prove to be Turing complete. Synchronous variants of these calculi are studied
as well. In these calculi, we provide two operational characterisations of
: a coinductive one (as a form of bisimilarity) and an inductive one
(based on structual properties of processes). After showing to be stricly
finer than barbed congruence, we establish axiomatisations of on the
subcalculus of MA (both the asynchronous and the synchronous version), enabling
us to relate to structural congruence. We also present some
(un)decidability results that are related to the above separation properties
for AL: the undecidability of on MA and its decidability on the
subcalculus.Comment: logical methods in computer science, 44 page
Relating two standard notions of secrecy
Two styles of definitions are usually considered to express that a security
protocol preserves the confidentiality of a data s. Reachability-based secrecy
means that s should never be disclosed while equivalence-based secrecy states
that two executions of a protocol with distinct instances for s should be
indistinguishable to an attacker. Although the second formulation ensures a
higher level of security and is closer to cryptographic notions of secrecy,
decidability results and automatic tools have mainly focused on the first
definition so far.
This paper initiates a systematic investigation of the situations where
syntactic secrecy entails strong secrecy. We show that in the passive case,
reachability-based secrecy actually implies equivalence-based secrecy for
digital signatures, symmetric and asymmetric encryption provided that the
primitives are probabilistic. For active adversaries, we provide sufficient
(and rather tight) conditions on the protocol for this implication to hold.Comment: 29 pages, published in LMC
On the Complexity of Deciding Behavioural Equivalences and Preorders. A Survey
This paper gives an overview of the computational complexity of all the equivalences in the linear/branching time hierarchy [vG90a] and the preordersin the corresponding hierarchy of preorders. We consider finite state or regular processes as well as infinite-state BPA [BK84b] processes. A distinction, which turns out to be important in the finite-state processes, is that of simulation-like equivalences/preorders vs. trace-like equivalencesand preorders. Here we survey various known complexity results for these relations. For regular processes, all simulation-like equivalences and preorders are decidable in polynomial time whereas all trace-like equivalences and preorders are PSPACE-Complete. We also consider interesting specialclasses of regular processes such as deterministic, determinate, unary, locally unary, and tree-like processes and survey the known complexity results inthese special cases. For infinite-state processes the results are quite different. For the class of context-free processes or BPA processes any preorder or equivalence beyond bisimulation is undecidable but bisimulation equivalence is polynomial timedecidable for normed BPA processes and is known to be elementarily decidable in the general case. For the class of BPP processes, all preorders and equivalences apart from bisimilarity are undecidable. However, bisimilarityis decidable in this case and is known to be decidable in polynomial time for normed BPP processes
A Distribution Law for CCS and a New Congruence Result for the pi-calculus
We give an axiomatisation of strong bisimilarity on a small fragment of CCS
that does not feature the sum operator. This axiomatisation is then used to
derive congruence of strong bisimilarity in the finite pi-calculus in absence
of sum. To our knowledge, this is the only nontrivial subcalculus of the
pi-calculus that includes the full output prefix and for which strong
bisimilarity is a congruence.Comment: 20 page
Model-Checking the Higher-Dimensional Modal mu-Calculus
The higher-dimensional modal mu-calculus is an extension of the mu-calculus
in which formulas are interpreted in tuples of states of a labeled transition
system. Every property that can be expressed in this logic can be checked in
polynomial time, and conversely every polynomial-time decidable problem that
has a bisimulation-invariant encoding into labeled transition systems can also
be defined in the higher-dimensional modal mu-calculus. We exemplify the latter
connection by giving several examples of decision problems which reduce to
model checking of the higher-dimensional modal mu-calculus for some fixed
formulas. This way generic model checking algorithms for the logic can then be
used via partial evaluation in order to obtain algorithms for theses problems
which may benefit from improvements that are well-established in the field of
program verification, namely on-the-fly and symbolic techniques. The aim of
this work is to extend such techniques to other fields as well, here
exemplarily done for process equivalences, automata theory, parsing, string
problems, and games.Comment: In Proceedings FICS 2012, arXiv:1202.317
Modal logics are coalgebraic
Applications of modal logics are abundant in computer science, and a large number of structurally different modal logics have been successfully employed in a diverse spectrum of application contexts. Coalgebraic semantics, on the other hand, provides a uniform and encompassing view on the large variety of specific logics used in particular domains. The coalgebraic approach is generic and compositional: tools and techniques simultaneously apply to a large class of application areas and can moreover be combined in a modular way. In particular, this facilitates a pick-and-choose approach to domain specific formalisms, applicable across the entire scope of application areas, leading to generic software tools that are easier to design, to implement, and to maintain. This paper substantiates the authors' firm belief that the systematic exploitation of the coalgebraic nature of modal logic will not only have impact on the field of modal logic itself but also lead to significant progress in a number of areas within computer science, such as knowledge representation and concurrency/mobility
- âŠ