140 research outputs found
Comparing BDD and SAT based techniques for model checking Chaum's Dining Cryptographers Protocol
We analyse different versions of the Dining Cryptographers protocol by means of automatic verification via model checking. Specifically we model the protocol in terms of a network of communicating automata and verify that the protocol meets the anonymity requirements specified. Two different model checking techniques (ordered binary decision diagrams and SAT-based bounded model checking) are evaluated and compared to verify the protocols
Rich Counter-Examples for Temporal-Epistemic Logic Model Checking
Model checking verifies that a model of a system satisfies a given property,
and otherwise produces a counter-example explaining the violation. The verified
properties are formally expressed in temporal logics. Some temporal logics,
such as CTL, are branching: they allow to express facts about the whole
computation tree of the model, rather than on each single linear computation.
This branching aspect is even more critical when dealing with multi-modal
logics, i.e. logics expressing facts about systems with several transition
relations. A prominent example is CTLK, a logic that reasons about temporal and
epistemic properties of multi-agent systems. In general, model checkers produce
linear counter-examples for failed properties, composed of a single computation
path of the model. But some branching properties are only poorly and partially
explained by a linear counter-example.
This paper proposes richer counter-example structures called tree-like
annotated counter-examples (TLACEs), for properties in Action-Restricted CTL
(ARCTL), an extension of CTL quantifying paths restricted in terms of actions
labeling transitions of the model. These counter-examples have a branching
structure that supports more complete description of property violations.
Elements of these counter-examples are annotated with parts of the property to
give a better understanding of their structure. Visualization and browsing of
these richer counter-examples become a critical issue, as the number of
branches and states can grow exponentially for deeply-nested properties.
This paper formally defines the structure of TLACEs, characterizes adequate
counter-examples w.r.t. models and failed properties, and gives a generation
algorithm for ARCTL properties. It also illustrates the approach with examples
in CTLK, using a reduction of CTLK to ARCTL. The proposed approach has been
implemented, first by extending the NuSMV model checker to generate and export
branching counter-examples, secondly by providing an interactive graphical
interface to visualize and browse them.Comment: In Proceedings IWIGP 2012, arXiv:1202.422
MCMAS-SLK: A Model Checker for the Verification of Strategy Logic Specifications
We introduce MCMAS-SLK, a BDD-based model checker for the verification of
systems against specifications expressed in a novel, epistemic variant of
strategy logic. We give syntax and semantics of the specification language and
introduce a labelling algorithm for epistemic and strategy logic modalities. We
provide details of the checker which can also be used for synthesising agents'
strategies so that a specification is satisfied by the system. We evaluate the
efficiency of the implementation by discussing the results obtained for the
dining cryptographers protocol and a variant of the cake-cutting problem
Abstract Model Counting: A Novel Approach for Quantification of Information Leaks
acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10We present a novel method for Quantitative Information Flow analysis. We show how the problem of computing information leakage can be viewed as an extension of the Satisfiability Modulo Theories (SMT) problem. This view enables us to develop a framework for QIF analysis based on the framework DPLL(T) used in SMT solvers. We then show that the methodology of Symbolic Execution (SE) also fits our framework. Based on these ideas, we build two QIF analysis tools: the first one employs CBMC, a bounded model checker for ANSI C, and the second one is built on top of Symbolic PathFinder, a Symbolic Executor for Java. We use these tools to quantify leaks in industrial code such as C programs from the Linux kernel, a Java tax program from the European project HATS, and anonymity protocol
Anonymity and Information Hiding in Multiagent Systems
We provide a framework for reasoning about information-hiding requirements in
multiagent systems and for reasoning about anonymity in particular. Our
framework employs the modal logic of knowledge within the context of the runs
and systems framework, much in the spirit of our earlier work on secrecy
[Halpern and O'Neill 2002]. We give several definitions of anonymity with
respect to agents, actions, and observers in multiagent systems, and we relate
our definitions of anonymity to other definitions of information hiding, such
as secrecy. We also give probabilistic definitions of anonymity that are able
to quantify an observer s uncertainty about the state of the system. Finally,
we relate our definitions of anonymity to other formalizations of anonymity and
information hiding, including definitions of anonymity in the process algebra
CSP and definitions of information hiding using function views.Comment: Replacement. 36 pages. Full version of CSFW '03 paper, submitted to
JCS. Made substantial changes to Section 6; added references throughou
How to Work with Honest but Curious Judges? (Preliminary Report)
The three-judges protocol, recently advocated by Mclver and Morgan as an
example of stepwise refinement of security protocols, studies how to securely
compute the majority function to reach a final verdict without revealing each
individual judge's decision. We extend their protocol in two different ways for
an arbitrary number of 2n+1 judges. The first generalisation is inherently
centralised, in the sense that it requires a judge as a leader who collects
information from others, computes the majority function, and announces the
final result. A different approach can be obtained by slightly modifying the
well-known dining cryptographers protocol, however it reveals the number of
votes rather than the final verdict. We define a notion of conditional
anonymity in order to analyse these two solutions. Both of them have been
checked in the model checker MCMAS
- …