Petri Nets with Time and Cost

We consider timed Petri nets, i.e., unbounded Petri nets where each token carries a real-valued clock. Transition arcs are labeled with time intervals, which specify constraints on the ages of tokens. Our cost model assigns token storage costs per time unit to places, and firing costs to transitions. We study the cost to reach a given control-state. In general, a cost-optimal run may not exist. However,we show that the infimum of the costs is computable.Comment: In Proceedings Infinity 2012, arXiv:1302.310

On the connection of probabilistic model checking, planning, and learning for system verification

This thesis presents approaches using techniques from the model checking, planning, and learning community to make systems more reliable and perspicuous. First, two heuristic search and dynamic programming algorithms are adapted to be able to check extremal reachability probabilities, expected accumulated rewards, and their bounded versions, on general Markov decision processes (MDPs). Thereby, the problem space originally solvable by these algorithms is enlarged considerably. Correctness and optimality proofs for the adapted algorithms are given, and in a comprehensive case study on established benchmarks it is shown that the implementation, called Modysh, is competitive with state-of-the-art model checkers and even outperforms them on very large state spaces. Second, Deep Statistical Model Checking (DSMC) is introduced, usable for quality assessment and learning pipeline analysis of systems incorporating trained decision-making agents, like neural networks (NNs). The idea of DSMC is to use statistical model checking to assess NNs resolving nondeterminism in systems modeled as MDPs. The versatility of DSMC is exemplified in a number of case studies on Racetrack, an MDP benchmark designed for this purpose, flexibly modeling the autonomous driving challenge. In a comprehensive scalability study it is demonstrated that DSMC is a lightweight technique tackling the complexity of NN analysis in combination with the state space explosion problem.Diese Arbeit präsentiert Ansätze, die Techniken aus dem Model Checking, Planning und Learning Bereich verwenden, um Systeme verlässlicher und klarer verständlich zu machen. Zuerst werden zwei Algorithmen für heuristische Suche und dynamisches Programmieren angepasst, um Extremwerte für Erreichbarkeitswahrscheinlichkeiten, Erwartungswerte für Kosten und beschränkte Varianten davon, auf generellen Markov Entscheidungsprozessen (MDPs) zu untersuchen. Damit wird der Problemraum, der ursprünglich mit diesen Algorithmen gelöst wurde, deutlich erweitert. Korrektheits- und Optimalitätsbeweise für die angepassten Algorithmen werden gegeben und in einer umfassenden Fallstudie wird gezeigt, dass die Implementierung, namens Modysh, konkurrenzfähig mit den modernsten Model Checkern ist und deren Leistung auf sehr großen Zustandsräumen sogar übertrifft. Als Zweites wird Deep Statistical Model Checking (DSMC) für die Qualitätsbewertung und Lernanalyse von Systemen mit integrierten trainierten Entscheidungsgenten, wie z.B. neuronalen Netzen (NN), eingeführt. Die Idee von DSMC ist es, statistisches Model Checking zur Bewertung von NNs zu nutzen, die Nichtdeterminismus in Systemen, die als MDPs modelliert sind, auflösen. Die Vielseitigkeit des Ansatzes wird in mehreren Fallbeispielen auf Racetrack gezeigt, einer MDP Benchmark, die zu diesem Zweck entwickelt wurde und die Herausforderung des autonomen Fahrens flexibel modelliert. In einer umfassenden Skalierbarkeitsstudie wird demonstriert, dass DSMC eine leichtgewichtige Technik ist, die die Komplexität der NN-Analyse in Kombination mit dem State Space Explosion Problem bewältigt

Tools and Algorithms for the Construction and Analysis of Systems

This open access two-volume set constitutes the proceedings of the 27th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2021, which was held during March 27 – April 1, 2021, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to take place in Luxembourg and changed to an online format due to the COVID-19 pandemic. The total of 41 full papers presented in the proceedings was carefully reviewed and selected from 141 submissions. The volume also contains 7 tool papers; 6 Tool Demo papers, 9 SV-Comp Competition Papers. The papers are organized in topical sections as follows: Part I: Game Theory; SMT Verification; Probabilities; Timed Systems; Neural Networks; Analysis of Network Communication. Part II: Verification Techniques (not SMT); Case Studies; Proof Generation/Validation; Tool Papers; Tool Demo Papers; SV-Comp Tool Competition Papers

Monitoring and Enforcement of Safety Hyperproperties

Certain important security policies such as information flow characterize system-wide behaviors and are not properties of individual executions. It is known that such security policies cannot be expressed in trace-based specification languages such as linear-time temporal logic (LTL). However, formalisms such as hyperproperties and the associated logic HyperLTL allow us to specify such policies. In this thesis, we concentrate on the static enforcement and runtime verification of safety hyperproperties expressed in HyperLTL. For static enforcement of safety hyperproperties, we incorporate program repair techniques, where an input program is modified to satisfy certain properties while preserving its existing specifications. Assuming finite state space for the input program, we show that the complexity of program repair for safety hyperproperties is in general NP-hard. However, there are certain cases in which the problem can be solved in polynomial time. We identify such cases and give polynomial-time algorithms for them. In the context of runtime verification, we make two contributions: we (1) analyze the complexity of decision procedures for verifying safety hyperproperties, (2) provide a syntactic fragment in HyperLTL to express certain k-safety hyperproperties, and (3) develop a general runtime verification technique for HyperLTL k-safety formulas, for cases where verification at run time can be done in polynomial time. Our technique is based on runtime formula progression as well as on-the-fly monitor synthesis across multiple executions

Port Contention for Fun and Profit

Simultaneous Multithreading (SMT) architectures are attractive targets for side-channel enabled attackers, with their inherently broader attack surface that exposes more per physical core microarchitecture components than cross-core attacks. In this work, we explore SMT execution engine sharing as a side-channel leakage source. We target ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks. Implementing said channel on Intel Skylake and Kaby Lake architectures featuring Hyper-Threading, we mount and end-to-end attack that recovers a P-384 private key from an OpenSSL-powered TLS server using a small number of repeated TLS handshake attempts. Furthermore, we show that traces targeting shared libraries, static builds, and SGX enclaves are essentially identical, hence our channel has wide target application

Certificates for decision problems in temporal logic using context-based tableaux and sequent calculi.

115 p.Esta tesis trata de resolver problemas de Satisfactibilidad y Model Checking, aportando certificados del resultado. En ella, se trabaja con tres lógicas temporales: Propositional Linear Temporal Logic (PLTL), Computation Tree Logic (CTL) y Extended Computation Tree Logic (ECTL). Primero se presenta el trabajo realizado sobre Certified Satisfiability. Ahí se muestra una adaptación del ya existente método dual de tableaux y secuentes basados en contexto para satisfactibilidad de fórmulas PLTL en Negation Normal Form. Se ha trabajado la generación de certificados en el caso en el que las fórmulas son insactisfactibles. Por último, se aporta una prueba de soundness del método. Segundo, se ha optimizado con Sat Solvers el método de Certified Satisfiability para el contexto de Certified Model Checking. Se aportan varios ejemplos de sistemas y propiedades. Tercero, se ha creado un nuevo método dual de tableaux y secuentes basados en contexto para realizar Certified Satisfiability para fórmulas CTL yECTL. Se presenta el método y un algoritmo que genera tanto el modelo en el caso de que las fórmulas son satisfactibles como la prueba en el caso en que no lo sean. Por último, se presenta una implementación del método para CTL y una experimentación comparando el método propuesto con otro método de similares características

Tools and Algorithms for the Construction and Analysis of Systems

This open access two-volume set constitutes the proceedings of the 26th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2020, which took place in Dublin, Ireland, in April 2020, and was held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The total of 60 regular papers presented in these volumes was carefully reviewed and selected from 155 submissions. The papers are organized in topical sections as follows: Part I: Program verification; SAT and SMT; Timed and Dynamical Systems; Verifying Concurrent Systems; Probabilistic Systems; Model Checking and Reachability; and Timed and Probabilistic Systems. Part II: Bisimulation; Verification and Efficiency; Logic and Proof; Tools and Case Studies; Games and Automata; and SV-COMP 2020