Generic Trace Semantics via Coinduction

Trace semantics has been defined for various kinds of state-based systems, notably with different forms of branching such as non-determinism vs. probability. In this paper we claim to identify one underlying mathematical structure behind these "trace semantics," namely coinduction in a Kleisli category. This claim is based on our technical result that, under a suitably order-enriched setting, a final coalgebra in a Kleisli category is given by an initial algebra in the category Sets. Formerly the theory of coalgebras has been employed mostly in Sets where coinduction yields a finer process semantics of bisimilarity. Therefore this paper extends the application field of coalgebras, providing a new instance of the principle "process semantics via coinduction."Comment: To appear in Logical Methods in Computer Science. 36 page

Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems

This thesis addresses the foundational aspects of formal methods for applications in security and in particular in anonymity. More concretely, we develop frameworks for the specification of anonymity properties and propose algorithms for their verification. Since in practice anonymity protocols always leak some information, we focus on quantitative properties, which capture the amount of information leaked by a protocol. The main contribution of this thesis is cpCTL, the first temporal logic that allows for the specification and verification of conditional probabilities (which are the key ingredient of most anonymity properties). In addition, we have considered several prominent definitions of information-leakage and developed the first algorithms allowing us to compute (and even approximate) the information leakage of anonymity protocols according to these definitions. We have also studied a well-known problem in the specification and analysis of distributed anonymity protocols, namely full-information scheduling. To overcome this problem, we have proposed an alternative notion of scheduling and adjusted accordingly several anonymity properties from the literature. Our last major contribution is a debugging technique that helps on the detection of flaws in security protocols.Comment: thesis, ISBN: 978-94-91211-74-

Probabilistic anonymity via coalgebraic simulations

There is a growing concern about anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. In particular, the importance of probabilistic aspects of anonymity has recently been highlighted by many authors. Several different notions of “probabilistic anonymity” have been studied so far, but proof methods for such probabilistic notions have not yet been elaborated. In this paper we introduce a simulation-based proof method for one notion of probabilistic anonymity introduced by Bhargava and Palamidessi, called strong probabilistic anonymity. The method is a probabilistic adaptation of the one by Kawabe, Sakurada et al. for non-deterministic anonymity; anonymity of a protocol is proved by finding a forward/backward simulation between certain automata. For the jump from non-determinism to probability we exploit a generic, coalgebraic theory of traces and simulations developed by Hasuo, Jacobs and Sokolova. In particular, an appropriate notion of probabilistic simulation is obtained as an instantiation of the generic definition, for which soundness theorem comes for free. Additionally, we show how we can use a similar idea to verify a weaker notion of probabilistic anonymity called probable innocence