11,063 research outputs found
Adversarial Robustness Verification and Attack Synthesis in Stochastic Systems
Probabilistic model checking is a useful technique for specifying and
verifying properties of stochastic systems including randomized protocols and
reinforcement learning models. Existing methods rely on the assumed structure
and probabilities of certain system transitions. These assumptions may be
incorrect, and may even be violated by an adversary who gains control of system
components.
In this paper, we develop a formal framework for adversarial robustness in
systems modeled as discrete time Markov chains (DTMCs). We base our framework
on existing methods for verifying probabilistic temporal logic properties and
extend it to include deterministic, memoryless policies acting in Markov
decision processes (MDPs). Our framework includes a flexible approach for
specifying structure-preserving and non structure-preserving adversarial
models. We outline a class of threat models under which adversaries can perturb
system transitions, constrained by an ball around the original
transition probabilities.
We define three main DTMC adversarial robustness problems: adversarial
robustness verification, maximal synthesis, and worst case attack
synthesis. We present two optimization-based solutions to these three problems,
leveraging traditional and parametric probabilistic model checking techniques.
We then evaluate our solutions on two stochastic protocols and a collection of
Grid World case studies, which model an agent acting in an environment
described as an MDP. We find that the parametric solution results in fast
computation for small parameter spaces. In the case of less restrictive
(stronger) adversaries, the number of parameters increases, and directly
computing property satisfaction probabilities is more scalable. We demonstrate
the usefulness of our definitions and solutions by comparing system outcomes
over various properties, threat models, and case studies.Comment: To Appear, 35th IEEE Computer Security Foundations Symposium (2022
Deductive Verification of Parallel Programs Using Why3
The Message Passing Interface specification (MPI) defines a portable
message-passing API used to program parallel computers. MPI programs manifest a
number of challenges on what concerns correctness: sent and expected values in
communications may not match, resulting in incorrect computations possibly
leading to crashes; and programs may deadlock resulting in wasted resources.
Existing tools are not completely satisfactory: model-checking does not scale
with the number of processes; testing techniques wastes resources and are
highly dependent on the quality of the test set.
As an alternative, we present a prototype for a type-based approach to
programming and verifying MPI like programs against protocols. Protocols are
written in a dependent type language designed so as to capture the most common
primitives in MPI, incorporating, in addition, a form of primitive recursion
and collective choice. Protocols are then translated into Why3, a deductive
software verification tool. Source code, in turn, is written in WhyML, the
language of the Why3 platform, and checked against the protocol. Programs that
pass verification are guaranteed to be communication safe and free from
deadlocks.
We verified several parallel programs from textbooks using our approach, and
report on the outcome.Comment: In Proceedings ICE 2015, arXiv:1508.0459
Specifying and analysing reputation systems with coordination languages
Reputation systems are nowadays widely used to support decision making in networked systems. Parties in such systems rate each other and use shared ratings to compute reputation scores that drive their interactions. The existence of reputation systems with remarkable differences calls for formal approaches to their analysis. We present a verification methodology for reputation systems that is based on the use of the coordination language Klaim and related analysis tools. First, we define a parametric Klaim specification of a reputation system that can be instantiated with different reputation models. Then, we consider stochastic specification obtained by considering actions with random (exponentially distributed) duration. The resulting specification enables quantitative analysis of properties of the considered system. Feasibility and effectiveness of our proposal is demonstrated by reporting on the analysis of two reputation models
A Logical Verification Methodology for Service-Oriented Computing
We introduce a logical verification methodology for checking behavioural properties of service-oriented computing systems. Service properties are described by means of SocL, a branching-time temporal logic that we have specifically designed to express in an effective way distinctive aspects of services, such as, e.g., acceptance of a request, provision of a response, and correlation among service requests and responses. Our approach allows service properties to be expressed in such a way that
they can be independent of service domains and specifications. We show an instantiation of our general methodology that uses the formal language COWS to conveniently specify services and the expressly developed software tool CMC to assist the user in the task of verifying SocL formulae over service specifications. We demonstrate feasibility and effectiveness of our methodology by means of the specification and the analysis of a case study in the automotive domain
Specifying and Analysing SOC Applications with COWS
COWS is a recently defined process calculus for specifying and combining service-oriented applications, while modelling their dynamic behaviour. Since its introduction, a number of methods and tools have been devised to analyse COWS specifications, like e.g. a type system to check confidentiality properties, a logic and a model checker to express and check functional properties of services. In this paper, by means of a case study in the area of automotive systems, we demonstrate that COWS, with some mild linguistic additions, can model all the phases of the life cycle of service-oriented applications, such as publication, discovery, negotiation, orchestration, deployment, reconfiguration and execution. We also provide a flavour of the properties that can be analysed by using the tools mentioned above
- ā¦