334,892 research outputs found
Abstract Model Counting: A Novel Approach for Quantification of Information Leaks
acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10We present a novel method for Quantitative Information Flow analysis. We show how the problem of computing information leakage can be viewed as an extension of the Satisfiability Modulo Theories (SMT) problem. This view enables us to develop a framework for QIF analysis based on the framework DPLL(T) used in SMT solvers. We then show that the methodology of Symbolic Execution (SE) also fits our framework. Based on these ideas, we build two QIF analysis tools: the first one employs CBMC, a bounded model checker for ANSI C, and the second one is built on top of Symbolic PathFinder, a Symbolic Executor for Java. We use these tools to quantify leaks in industrial code such as C programs from the Linux kernel, a Java tax program from the European project HATS, and anonymity protocol
Quantitative Safety: Linking Proof-Based Verification with Model Checking for Probabilistic Systems
This paper presents a novel approach for augmenting proof-based verification
with performance-style analysis of the kind employed in state-of-the-art model
checking tools for probabilistic systems. Quantitative safety properties
usually specified as probabilistic system invariants and modeled in proof-based
environments are evaluated using bounded model checking techniques.
Our specific contributions include the statement of a theorem that is central
to model checking safety properties of proof-based systems, the establishment
of a procedure; and its full implementation in a prototype system (YAGA) which
readily transforms a probabilistic model specified in a proof-based environment
to its equivalent verifiable PRISM model equipped with reward structures. The
reward structures capture the exact interpretation of the probabilistic
invariants and can reveal succinct information about the model during
experimental investigations. Finally, we demonstrate the novelty of the
technique on a probabilistic library case study
Recommended from our members
A Monte Carlo model checker for probabilistic LTL with numerical constraints
We define the syntax and semantics of a new temporal logic called probabilistic LTL with numerical constraints (PLTLc).
We introduce an efficient model checker for PLTLc properties. The efficiency of the model checker is through approximation
using Monte Carlo sampling of finite paths through the modelâs state space (simulation outputs) and parallel model checking
of the paths. Our model checking method can be applied to any model producing quantitative output â continuous or
stochastic, including those with complex dynamics and those with an infinite state space. Furthermore, our offline approach
allows the analysis of observed (real-life) behaviour traces. We find in this paper that PLTLc properties with constraints
over free variables can replace full model checking experiments, resulting in a significant gain in efficiency. This overcomes
one disadvantage of model checking experiments which is that the complexity depends on system granularity and number of
variables, and quickly becomes infeasible. We focus on models of biochemical networks, and specifically in this paper on
intracellular signalling pathways; however our method can be applied to a wide range of biological as well as technical
systems and their models. Our work contributes to the emerging field of synthetic biology by proposing a rigourous approach
for the structured formal engineering of biological systems
Probabilistic Model-Based Safety Analysis
Model-based safety analysis approaches aim at finding critical failure
combinations by analysis of models of the whole system (i.e. software,
hardware, failure modes and environment). The advantage of these methods
compared to traditional approaches is that the analysis of the whole system
gives more precise results. Only few model-based approaches have been applied
to answer quantitative questions in safety analysis, often limited to analysis
of specific failure propagation models, limited types of failure modes or
without system dynamics and behavior, as direct quantitative analysis is uses
large amounts of computing resources. New achievements in the domain of
(probabilistic) model-checking now allow for overcoming this problem.
This paper shows how functional models based on synchronous parallel
semantics, which can be used for system design, implementation and qualitative
safety analysis, can be directly re-used for (model-based) quantitative safety
analysis. Accurate modeling of different types of probabilistic failure
occurrence is shown as well as accurate interpretation of the results of the
analysis. This allows for reliable and expressive assessment of the safety of a
system in early design stages
PRISM: a tool for automatic verification of probabilistic systems
Probabilistic model checking is an automatic formal verification technique for analysing quantitative properties of systems which exhibit stochastic behaviour. PRISM is a probabilistic model checking tool which has already been successfully deployed in a wide range of application domains, from real-time communication protocols to biological signalling pathways. The tool has recently undergone a significant amount of development. Major additions include facilities to manually explore models, Monte-Carlo discrete-event simulation techniques for approximate model analysis (including support for distributed simulation) and the ability to compute cost- and reward-based measures, e.g. "the expected energy consumption of the system before the first failure occurs". This paper presents an overview of all the main features of PRISM. More information can be found on the website: www.cs.bham.ac.uk/~dxp/prism
Path Checking for MTL and TPTL over Data Words
Metric temporal logic (MTL) and timed propositional temporal logic (TPTL) are
quantitative extensions of linear temporal logic, which are prominent and
widely used in the verification of real-timed systems. It was recently shown
that the path checking problem for MTL, when evaluated over finite timed words,
is in the parallel complexity class NC. In this paper, we derive precise
complexity results for the path-checking problem for MTL and TPTL when
evaluated over infinite data words over the non-negative integers. Such words
may be seen as the behaviours of one-counter machines. For this setting, we
give a complete analysis of the complexity of the path-checking problem
depending on the number of register variables and the encoding of constraint
numbers (unary or binary). As the two main results, we prove that the
path-checking problem for MTL is P-complete, whereas the path-checking problem
for TPTL is PSPACE-complete. The results yield the precise complexity of model
checking deterministic one-counter machines against formulae of MTL and TPTL
Modelling Chinese Smart Grid: A Stochastic Model Checking Case Study
Cyber-physical systems integrate information and communication technology
functions to the physical elements of a system for monitoring and controlling
purposes. The conversion of traditional power grid into a smart grid, a
fundamental example of a cyber-physical system, raises a number of issues that
require novel methods and applications. In this context, an important issue is
the verification of certain quantitative properties of the system. In this
technical report, we consider a specific Chinese Smart Grid implementation and
try to address the verification problem for certain quantitative properties
including performance and battery consumption. We employ stochastic model
checking approach and present our modelling and analysis study using PRISM
model checker
- âŠ