Verifying Security Properties in Unbounded Multiagent Systems

We study the problem of analysing the security for an unbounded number of concurrent sessions of a cryptographic protocol. Our formal model accounts for an arbitrary number of agents involved in a protocol-exchange which is subverted by a Dolev-Yao attacker. We define the parameterised model checking problem with respect to security requirements expressed in temporal-epistemic logics. We formulate sufficient conditions for solving this problem, by analysing several finite models of the system. We primarily explore authentication and key-establishment as part of a larger class of protocols and security requirements amenable to our methodology. We introduce a tool implementing the technique, and we validate it by verifying the NSPK and ASRPC protocols

Verification of the TESLA protocol in MCMAS-X

We present MCMAS-X, an extension of the OBDD-based model checker MCMAS for multi-agent systems, to explicit and deductive knowledge. We use MCMAS-X to verify authentication properties in the TESLA secure stream protocol

Information sharing among ideal agents

Multi-agent systems operating in complex domains crucially require agents to interact with each other. An important result of this interaction is that some of the private knowledge of the agents is being shared in the group of agents. This thesis investigates the theme of knowledge sharing from a theoretical point of view by means of the formal tools provided by modal logic. More specifically this thesis addresses the following three points. First, the case of hypercube systems, a special class of interpreted systems as defined by Halpern and colleagues, is analysed in full detail. It is here proven that the logic S5WDn constitutes a sound and complete axiomatisation for hypercube systems. This logic, an extension of the modal system S5n commonly used to represent knowledge of a multi-agent system, regulates how knowledge is being shared among agents modelled by hypercube systems. The logic S5WDn is proven to be decidable. Hypercube systems are proven to be synchronous agents with perfect recall that communicate only by broadcasting, in separate work jointly with Ron van der Meyden not fully reported in this thesis. Second, it is argued that a full spectrum of degrees of knowledge sharing can be present in any multi-agent system, with no sharing and full sharing at the extremes. This theme is investigated axiomatically and a range of logics representing a particular class of knowledge sharing between two agents is presented. All the logics but two in this spectrum are proven complete by standard canonicity proofs. We conjecture that these two remaining logics are not canonical and it is an open problem whether or not they are complete. Third, following a influential position paper by Halpern and Moses, the idea of refining and checking of knowledge structures in multi-agent systems is investigated. It is shown that, Kripke models, the standard semantic tools for this analysis are not adequate and an alternative notion, Kripke trees, is put forward. An algorithm for refining and checking Kripke trees is presented and its major properties investigated. The algorithm succeeds in solving the famous muddy-children puzzle, in which agents communicate and reason about each other's knowledge. The thesis concludes by discussing the extent to which combining logics, a promising new area in pure logic, can provide a significant boost in research for epistemic and other theories for multi-agent systems

MCMAS: a model checker for the verification of multi-agent systems

While temporal logic in its various forms has proven essential to reason about reactive systems, agent-based scenarios are typically specified by considering high-level agents attitudes. In particular, specification languages based on epistemic logics, or logics for knowledge, have proven useful in a variety of areas including robotics, security protocols, web-services, etc. For example, security specifications involving anonymity [4] are known to be naturally expressible in epistemic formalisms as they explicitly state the lack of different kinds of knowledge of the principals

Comparing BDD and SAT based techniques for model checking Chaum's Dining Cryptographers Protocol

We analyse different versions of the Dining Cryptographers protocol by means of automatic verification via model checking. Specifically we model the protocol in terms of a network of communicating automata and verify that the protocol meets the anonymity requirements specified. Two different model checking techniques (ordered binary decision diagrams and SAT-based bounded model checking) are evaluated and compared to verify the protocols

MCMAS: an open-source model checker for the verification of multi-agent systems

We present MCMAS, a model checker for the verification of multi-agent systems. MCMAS supports efficient symbolic techniques for the verification of multi-agent systems against specifications representing temporal, epistemic and strategic properties. We present the underlying semantics of the specification language supported and the algorithms implemented in MCMAS, including its fairness and counterexample generation features. We provide a detailed description of the implementation. We illustrate its use by discussing a number of examples and evaluate its performance by comparing it against other model checkers for multi-agent systems on a common case study

Non-elementary speed up for model checking synchronous perfect recall

We analyse the time complexity of the model checking problem for a logic of knowledge and past time in synchronous systems with perfect recall. Previously established bounds are k- exponential in the size of the system for specifications with k nested knowledge modalities.We show that the upper bound for positive (respectively, negative) specifications is polynomial (respectively, exponential) in the size of the system irrespective of the nesting depth