Verification of random behaviours

We introduce abstraction in a probabilistic process algebra. The process algebra can be employed for specifying processes that exhibit both probabilistic and non-deterministic choices in their behaviours. Several rules and axioms are identified, allowing us to rewrite processes to less complex processes by removing redundant internal activity. Using these rules, we have successfully conducted a verification of the Concurrent Alternating Bit Protocol. The verification shows that after abstraction of internal activity, the protocol behaves as a buffer

System evolution by migration coordination

Collaborations between components can bemodeled in the coordination language Paradigm[3]. A collaboration solution is specified by loosely coupling component dynamics to a protocol via their roles. Not only regular, foreseen collaboration can be specified, originally unforeseen collaboration can be modeled too [4]. To explain how, we first look very briefly at Paradigm’s regular coordination specification. Component dynamics are expressed by state-transition diagrams (STDs), see Figure 1(a) for a mock-up STD MU in UML style. MU contributes to a collaboration via a role MU(R). Figure 1(b) specifies MU(R) through a different STD, whose states are so-called phases of MU: temporarily valid, dynamic constraints imposed on MU. The figure mentions four such phases, Clock, Anti, Inter and Small. Figure 1(c) couplesMU and MU(R). It specifies each phase as part of MU, additionally decorated with one or more polygons grouping some states of a phase. Polygons visualize so-called traps: a trap, once entered, cannot be left as long as the phase remains the valid constraint. A trap having been entered, serves as a guard for a phase change. Therefore, traps label transitions in a role STD, cf. Figure 1(b). Single steps from different roles, are synchronized into one protocol step. A protocol step can be coupled to one detailed step of a so-called manager component, driving the protocol. Meanwhile, local variables can be updated. It is through a consistency rule, Paradigm specifies a protocol step: (i) at the left-hand side of a ?? the one, driving manager step is given, if relevant; (ii) the right-hand side lists the role steps being synchronized; (iii) optionally, a change clause [2] can be given updating variables, e.g. one containing the current set of consistency rules. For example, a consistency rule without change clause, MU2:A!B ?? MU1(R):Clock triv ! Anti, MU3(R): Inter toSmall ! Small where a manager step ofMU2 is coupled to the swapping ofMU1 from circling clockwise to anti-clock-wise and swapping MU3 from intermediate inspection into circling on a smaller scale

Strong, Weak and Branching Bisimulation for Transition Systems and Markov Reward Chains: A Unifying Matrix Approach

We first study labeled transition systems with explicit successful termination. We establish the notions of strong, weak, and branching bisimulation in terms of boolean matrix theory, introducing thus a novel and powerful algebraic apparatus. Next we consider Markov reward chains which are standardly presented in real matrix theory. By interpreting the obtained matrix conditions for bisimulations in this setting, we automatically obtain the definitions of strong, weak, and branching bisimulation for Markov reward chains. The obtained strong and weak bisimulations are shown to coincide with some existing notions, while the obtained branching bisimulation is new, but its usefulness is questionable

An example of proving UC-realization with formal methods

In the universal composability framework we consider ideal functionalities for secure messaging and signcryption. Using traditional formal methods techniques we show that the secure messaging functionality can be UC-realized by a hybrid protocol that uses the signcryption functionality and a public key infrastructure functionality. We also discuss that the signcryption functionality can be UC-realized by a secure signcryption scheme

Towards reduction of Paradigm coordination models

The coordination modelling language Paradigm addresses collaboration between components in terms of dynamic constraints. Within a Paradigm model, component dynamics are consistently specified at a detailed and a global level of abstraction. To enable automated verification of Paradigm models, a translation of Paradigm into process algebra has been defined in previous work. In this paper we investigate, guided by a client-server example, reduction of Paradigm models based on a notion of global inertness. Representation of Paradigm models as process algebraic specifications helps to establish a property-preserving equivalence relation between the original and the reduced Paradigm model. Experiments indicate that in this way larger Paradigm models can be analyzed

Architecting security with Paradigm

For large security systems a clear separation of concerns is achieved through architecting. Particularly the dynamic consistency between the architectural components should be addressed, in addition to individual component behaviour. In this paper, relevant dynamic consistency is specified through Paradigm, a coordination modeling language based on dynamic constraints. As it is argued, this fits well with security issues. A smaller example introduces the architectural approach towards implementing security policies. A larger casestudy illustrates the use of Paradigm in analyzing the FOO voting scheme. In addition, translating the Paradigm models into process algebra brings model checking within reach. Security properties of the examples discussed, are formally verified with the model checker mCRL2

Dynamic Consistency in Process Algebra: From Paradigm to ACP

The coordination modelling language Paradigm addresses collaboration between components in terms of dynamic constraints. Within a Paradigm model, component dynamics are consistently specified at vari

Computing Quantiles in Markov Reward Models

Probabilistic model checking mainly concentrates on techniques for reasoning about the probabilities of certain path properties or expected values of certain random variables. For the quantitative system analysis, however, there is also another type of interesting performance measure, namely quantiles. A typical quantile query takes as input a lower probability bound p and a reachability property. The task is then to compute the minimal reward bound r such that with probability at least p the target set will be reached before the accumulated reward exceeds r. Quantiles are well-known from mathematical statistics, but to the best of our knowledge they have not been addressed by the model checking community so far. In this paper, we study the complexity of quantile queries for until properties in discrete-time finite-state Markov decision processes with non-negative rewards on states. We show that qualitative quantile queries can be evaluated in polynomial time and present an exponential algorithm for the evaluation of quantitative quantile queries. For the special case of Markov chains, we show that quantitative quantile queries can be evaluated in time polynomial in the size of the chain and the maximum reward.Comment: 17 pages, 1 figure; typo in example correcte

Towards reduction of Paradigm coordination models

The coordination modelling language Paradigm addresses collaboration between components in terms of dynamic constraints. Within a Paradigm model, component dynamics are consistently specified at a detailed and a global level of abstraction. To enable automated verification of Paradigm models, a translation of Paradigm into process algebra has been defined in previous work. In this paper we investigate, guided by a client-server example, reduction of Paradigm models based on a notion of global inertness. Representation of Paradigm models as process algebraic specifications helps to establish a property-preserving equivalence relation between the original and the reduced Paradigm model. Experiments indicate that in this way larger Paradigm models can be analyzed.Comment: In Proceedings PACO 2011, arXiv:1108.145