9,048 research outputs found
Certified Impossibility Results for Byzantine-Tolerant Mobile Robots
We propose a framework to build formal developments for robot networks using
the COQ proof assistant, to state and to prove formally various properties. We
focus in this paper on impossibility proofs, as it is natural to take advantage
of the COQ higher order calculus to reason about algorithms as abstract
objects. We present in particular formal proofs of two impossibility results
forconvergence of oblivious mobile robots if respectively more than one half
and more than one third of the robots exhibit Byzantine failures, starting from
the original theorems by Bouzid et al.. Thanks to our formalization, the
corresponding COQ developments are quite compact. To our knowledge, these are
the first certified (in the sense of formally proved) impossibility results for
robot networks
Verifying the interactive convergence clock synchronization algorithm using the Boyer-Moore theorem prover
The application of formal methods to the analysis of computing systems promises to provide higher and higher levels of assurance as the sophistication of our tools and techniques increases. Improvements in tools and techniques come about as we pit the current state of the art against new and challenging problems. A promising area for the application of formal methods is in real-time and distributed computing. Some of the algorithms in this area are both subtle and important. In response to this challenge and as part of an ongoing attempt to verify an implementation of the Interactive Convergence Clock Synchronization Algorithm (ICCSA), we decided to undertake a proof of the correctness of the algorithm using the Boyer-Moore theorem prover. This paper describes our approach to proving the ICCSA using the Boyer-Moore prover
Verifying privacy by little interaction and no process equivalence
While machine-assisted verification of classical security goals such as confidentiality and authentication is
well-established, it is less mature for recent ones. Electronic voting protocols claim properties such as voter
privacy. The most common modelling involves indistinguishability, and is specified via trace equivalence in cryptographic extensions of process calculi. However, it has shown restrictions. We describe a novel model, based on unlinkability between two pieces of information. Specifying it as an extension to the Inductive Method allows us to establish voter privacy without the need for approximation or session bounding. The two
models and their latest specifications are contrasted
Self-stabilizing tree algorithms
Designers of distributed algorithms have to contend with the problem of making the algorithms tolerant to several forms of coordination loss, primarily faulty initialization. The processes in a distributed system do not share a global memory and can only get a partial view of the global state. Transient failures in one part of the system may go unnoticed in other parts and thus cause the system to go into an illegal state. If the system were self-stabilizing, however, it is guaranteed that it will return to a legal state after a finite number of state transitions. This thesis presents and proves self-stabilizing algorithms for calculating tree metrics and for achieving mutual exclusion on a tree structured distributed system
Efficient size estimation and impossibility of termination in uniform dense population protocols
We study uniform population protocols: networks of anonymous agents whose
pairwise interactions are chosen at random, where each agent uses an identical
transition algorithm that does not depend on the population size . Many
existing polylog time protocols for leader election and majority
computation are nonuniform: to operate correctly, they require all agents to be
initialized with an approximate estimate of (specifically, the exact value
). Our first main result is a uniform protocol for
calculating with high probability in time and
states ( bits of memory). The protocol is
converging but not terminating: it does not signal when the estimate is close
to the true value of . If it could be made terminating, this would
allow composition with protocols, such as those for leader election or
majority, that require a size estimate initially, to make them uniform (though
with a small probability of failure). We do show how our main protocol can be
indirectly composed with others in a simple and elegant way, based on the
leaderless phase clock, demonstrating that those protocols can in fact be made
uniform. However, our second main result implies that the protocol cannot be
made terminating, a consequence of a much stronger result: a uniform protocol
for any task requiring more than constant time cannot be terminating even with
probability bounded above 0, if infinitely many initial configurations are
dense: any state present initially occupies agents. (In particular,
no leader is allowed.) Crucially, the result holds no matter the memory or time
permitted. Finally, we show that with an initial leader, our size-estimation
protocol can be made terminating with high probability, with the same
asymptotic time and space bounds.Comment: Using leaderless phase cloc
- …