267 research outputs found
Quantifying Timing Leaks and Cost Optimisation
We develop a new notion of security against timing attacks where the attacker
is able to simultaneously observe the execution time of a program and the
probability of the values of low variables. We then show how to measure the
security of a program with respect to this notion via a computable estimate of
the timing leakage and use this estimate for cost optimisation.Comment: 16 pages, 2 figures, 4 tables. A shorter version is included in the
proceedings of ICICS'08 - 10th International Conference on Information and
Communications Security, 20-22 October, 2008 Birmingham, U
Behavioural Preorders on Stochastic Systems - Logical, Topological, and Computational Aspects
Computer systems can be found everywhere: in space, in our homes, in our
cars, in our pockets, and sometimes even in our own bodies. For concerns of
safety, economy, and convenience, it is important that such systems work
correctly. However, it is a notoriously difficult task to ensure that the
software running on computers behaves correctly.
One approach to ease this task is that of model checking, where a model of
the system is made using some mathematical formalism. Requirements expressed in
a formal language can then be verified against the model in order to give
guarantees that the model satisfies the requirements.
For many computer systems, time is an important factor. As such, we need our
formalisms and requirement languages to be able to incorporate real time.
We therefore develop formalisms and algorithms that allow us to compare and
express properties about real-time systems. We first introduce a logical
formalism for reasoning about upper and lower bounds on time, and study the
properties of this formalism, including axiomatisation and algorithms for
checking when a formula is satisfied.
We then consider the question of when a system is faster than another system.
We show that this is a difficult question which can not be answered in general,
but we identify special cases where this question can be answered. We also show
that under this notion of faster-than, a local increase in speed may lead to a
global decrease in speed, and we take step towards avoiding this.
Finally, we consider how to compare the real-time behaviour of systems not
just qualitatively, but also quantitatively. Thus, we are interested in knowing
how much one system is faster or slower than another system. This is done by
introducing a distance between systems. We show how to compute this distance
and that it behaves well with respect to certain properties.Comment: PhD dissertation from Aalborg Universit
Probabilistic Bisimulation for Parameterized Systems (Technical Report)
Probabilistic bisimulation is a fundamental notion of process equivalence for probabilistic systems. Among others, it has important applications including formalizing the anonymity property of several communication protocols. There is a lot of work on verifying probabilistic bisimulation for finite systems. This is however not the case for parameterized systems, where the problem is in general undecidable. In this paper we provide a generic framework for reasoning about probabilistic bisimulation for parameterized systems. Our approach is in the spirit of software verification, wherein we encode proof rules for probabilistic bisimulation and use a decidable first-order theory to specify systems and candidate bisimulation relations, which can then be checked automatically against the proof rules. As a case study, we show that our framework is sufficiently expressive for proving the anonymity property of the parameterized dining cryptographers protocol and the parameterized grades protocol, when supplied with a candidate regular bisimulation relation. Both of these protocols hitherto could not be verified by existing automatic methods. Moreover, with the help of standard automata learning algorithms, we show that the candidate relations can be synthesized fully automatically, making the verification fully automated
- …