30 research outputs found
Task-Structured Probabilistic I/O Automata
"May 28, 2009."Modeling frameworks such as Probabilistic I/O Automata (PIOA) and Markov Decision Processes permit both probabilistic and nondeterministic choices. In order to use these frameworks to express claims about probabilities of events, one needs mechanisms for resolving nondeterministic choices. For PIOAs, nondeterministic choices have traditionally been resolved by schedulers that have perfect information about the past execution. However, these schedulers are too powerful for certain settings, such as cryptographic protocol analysis, where information must sometimes be hidden. Here, we propose a new, less powerful nondeterminism-resolution mechanism for PIOAs, consisting of tasks and local schedulers. Tasks are equivalence classes of system actions that are scheduled by oblivious, global task sequences. Local schedulers resolve nondeterminism within system components, based on local information only. The resulting task-PIOA framework yields simple notions of external behavior and implementation, and supports simple compositionality results. We also define a new kind of simulation relation, and show it to be sound for proving implementation. We illustrate the potential of the task-PIOAframework by outlining its use in verifying an Oblivious Transfer protocol
Verifying Statistical Zero Knowledge with Approximate Implementations
Statistical zero-knowledge (SZK) properties play an important role in designing cryptographic protocols that enforce honest behavior while maintaining privacy. This paper presents a novel approach for
verifying SZK properties, using recently developed techniques based on approximate simulation relations. We formulate statistical
indistinguishability as an implementation relation in the Task-PIOA
framework, which allows us to express computational restrictions.
The implementation relation is then proven using approximate
simulation relations. This technique separates proof obligations into two categories: those requiring probabilistic reasoning, as well as those that do not. The latter is a good candidate for mechanization. We illustrate the general method by verifying the SZK property of the well-known identification protocol of Girault, Poupard and Stern
Task-Structured Probabilistic I/O Automata
In the Probabilistic I/O Automata (PIOA) framework, nondeterministicchoices are resolved using perfect-information schedulers,which are similar to history-dependent policies for Markov decision processes(MDPs). These schedulers are too powerful in the setting of securityanalysis, leading to unrealistic adversarial behaviors. Therefore, weintroduce in this paper a novel mechanism of task partitions for PIOAs.This allows us to define partial-information adversaries in a systematicmanner, namely, via sequences of tasks.The resulting task-PIOA framework comes with simple notions of externalbehavior and implementation, and supports simple compositionalityresults. A new type of simulation relation is defined and proven soundwith respect to our notion of implementation. To illustrate the potentialof this framework, we summarize our verification of an ObliviousTransfer protocol, where we combine formal and computational analyses.Finally, we present an extension with extra expressive power, usinglocal schedulers of individual components
A verification framework for hybrid systems
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.Includes bibliographical references (p. 193-205) and index.Combining; discrete state transitions with differential equations, Hybrid system models provide an expressive formalism for describing software systems that interact with a physical environment. Automatically checking properties, such as invariance and stability, is extremely hard for general hybrid models, and therefore current research focuses on models with restricted expressive power. In this thesis we take a complementary approach by developing proof techniques that are not necessarily automatic, but are applicable to a general class of hybrid systems. Three components of this thesis, namely, (i) semantics for ordinary and probabilistic hybrid models, (ii) methods for proving invariance, stability, and abstraction, and (iii) software tools supporting (i) and (ii), are integrated within a common mathematical framework. (i) For specifying nonprobabilistic hybrid models, we present Structured Hybrid I/O Automata (SHIOAs) which adds control theory-inspired structures, namely state models, to the existing Hybrid I/O Automata, thereby facilitating description of continuous behavior. We introduce a generalization of SHIOAs which allows both nondeterministic and stochastic transitions and develop the trace-based semantics for this framework. (ii) We present two techniques for establishing lower-bounds on average dwell time (ADT) for SHIOA models. This provides a sufficient condition of establishing stability for SHIOAs with stable state models. A new simulation-based technique which is sound for proving ADT-equivalence of SHIOAs is proposed. We develop notions of approximate implementation and corresponding proof techniques for Probabilistic I/O Automata. Specifically, a PIOA A is an E-approximate implementation of B, if every trace distribution of A is c-close to some trace distribution of B-closeness being measured by a metric on the space of trace distributions.(cont.) We present a new class of real-valued simulation functions for proving c-approximate implementations, and demonstrate their utility in quantitatively reasoning about probabilistic safety and termination. (iii) We introduce a specification language for SHIOAs and a theorem prover interface for this language. The latter consists of a translator to typed high order logic and a set of PVS-strategies that partially automate the above verification techniques within the PVS theorem prover.by Sayan Mitra.Ph.D
Dynamic Probabilistic Input Output Automata
We present probabilistic dynamic I/O automata, a framework to model dynamic probabilistic systems. Our work extends dynamic I/O Automata formalism of Attie & Lynch [Paul C. Attie and Nancy A. Lynch, 2016] to the probabilistic setting. The original dynamic I/O Automata formalism included operators for parallel composition, action hiding, action renaming, automaton creation, and behavioral sub-typing by means of trace inclusion. They can model mobility by using signature modification. They are also hierarchical: a dynamically changing system of interacting automata is itself modeled as a single automaton. Our work extends all these features to the probabilistic setting. Furthermore, we prove necessary and sufficient conditions to obtain the monotonicity of automata creation/destruction with implementation preorder. Our construction uses a novel proof technique based on homomorphism that can be of independent interest. Our work lays down the foundations for extending composable secure-emulation of Canetti et al. [Ran Canetti et al., 2007] to dynamic settings, an important tool towards the formal verification of protocols combining probabilistic distributed systems and cryptography in dynamic settings (e.g. blockchains, secure distributed computation, cybersecure distributed protocols, etc)
Making Random Choices Invisible to the Scheduler
When dealing with process calculi and automata which express both
nondeterministic and probabilistic behavior, it is customary to introduce the
notion of scheduler to solve the nondeterminism. It has been observed that for
certain applications, notably those in security, the scheduler needs to be
restricted so not to reveal the outcome of the protocol's random choices, or
otherwise the model of adversary would be too strong even for ``obviously
correct'' protocols. We propose a process-algebraic framework in which the
control on the scheduler can be specified in syntactic terms, and we show how
to apply it to solve the problem mentioned above. We also consider the
definition of (probabilistic) may and must preorders, and we show that they are
precongruences with respect to the restricted schedulers. Furthermore, we show
that all the operators of the language, except replication, distribute over
probabilistic summation, which is a useful property for verification
A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems
Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. This approach captures a strong notion of security, guaranteed against all probabilistic polynomial-time attacks. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are treated as black boxes. Since the seminal work of Dolev and Yao, it has been realized that this latter approach enables significantly simpler and often automated proofs. However, the guarantees that it offers have been quite unclear. For more than twenty years the two approaches have coexisted but evolved mostly independently. Recently, significant research efforts attempt to develop paradigms for cryptographic systems analysis that combines the best of both worlds. There are two broad directions that have been followed. {\em Computational soundness} aims to establish sufficient conditions under which results obtained using symbolic models imply security under computational models. The {\em direct approach} aims to apply the principles and the techniques developed in the context of symbolic models directly to computational ones. In this paper we survey existing results along both of these directions. Our goal is to provide a rather complete summary that could act as a quick reference for researchers who want to contribute to the field, want to make use of existing results, or just want to get a better picture of what results already exist
Distributed Synthesis in Continuous Time
We introduce a formalism modelling communication of distributed agents
strictly in continuous-time. Within this framework, we study the problem of
synthesising local strategies for individual agents such that a specified set
of goal states is reached, or reached with at least a given probability. The
flow of time is modelled explicitly based on continuous-time randomness, with
two natural implications: First, the non-determinism stemming from interleaving
disappears. Second, when we restrict to a subclass of non-urgent models, the
quantitative value problem for two players can be solved in EXPTIME. Indeed,
the explicit continuous time enables players to communicate their states by
delaying synchronisation (which is unrestricted for non-urgent models). In
general, the problems are undecidable already for two players in the
quantitative case and three players in the qualitative case. The qualitative
undecidability is shown by a reduction to decentralized POMDPs for which we
provide the strongest (and rather surprising) undecidability result so far
A Cut Principle for Information Flow
We view a distributed system as a graph of active locations with
unidirectional channels between them, through which they pass messages. In this
context, the graph structure of a system constrains the propagation of
information through it.
Suppose a set of channels is a cut set between an information source and a
potential sink. We prove that, if there is no disclosure from the source to the
cut set, then there can be no disclosure to the sink. We introduce a new
formalization of partial disclosure, called *blur operators*, and show that the
same cut property is preserved for disclosure to within a blur operator. This
cut-blur property also implies a compositional principle, which ensures limited
disclosure for a class of systems that differ only beyond the cut.Comment: 31 page
Formal Verification of Differential Privacy for Interactive Systems
Differential privacy is a promising approach to privacy preserving data
analysis with a well-developed theory for functions. Despite recent work on
implementing systems that aim to provide differential privacy, the problem of
formally verifying that these systems have differential privacy has not been
adequately addressed. This paper presents the first results towards automated
verification of source code for differentially private interactive systems. We
develop a formal probabilistic automaton model of differential privacy for
systems by adapting prior work on differential privacy for functions. The main
technical result of the paper is a sound proof technique based on a form of
probabilistic bisimulation relation for proving that a system modeled as a
probabilistic automaton satisfies differential privacy. The novelty lies in the
way we track quantitative privacy leakage bounds using a relation family
instead of a single relation. We illustrate the proof technique on a
representative automaton motivated by PINQ, an implemented system that is
intended to provide differential privacy. To make our proof technique easier to
apply to realistic systems, we prove a form of refinement theorem and apply it
to show that a refinement of the abstract PINQ automaton also satisfies our
differential privacy definition. Finally, we begin the process of automating
our proof technique by providing an algorithm for mechanically checking a
restricted class of relations from the proof technique.Comment: 65 pages with 1 figur