37 research outputs found
Analysis of Non-Linear Probabilistic Hybrid Systems
This paper shows how to compute, for probabilistic hybrid systems, the clock
approximation and linear phase-portrait approximation that have been proposed
for non probabilistic processes by Henzinger et al. The techniques permit to
define a rectangular probabilistic process from a non rectangular one, hence
allowing the model-checking of any class of systems. Clock approximation, which
applies under some restrictions, aims at replacing a non rectangular variable
by a clock variable. Linear phase-approximation applies without restriction and
yields an approximation that simulates the original process. The conditions
that we need for probabilistic processes are the same as those for the classic
case.Comment: In Proceedings QAPL 2011, arXiv:1107.074
Computing Distances between Probabilistic Automata
We present relaxed notions of simulation and bisimulation on Probabilistic
Automata (PA), that allow some error epsilon. When epsilon is zero we retrieve
the usual notions of bisimulation and simulation on PAs. We give logical
characterisations of these notions by choosing suitable logics which differ
from the elementary ones, L with negation and L without negation, by the modal
operator. Using flow networks, we show how to compute the relations in PTIME.
This allows the definition of an efficiently computable non-discounted distance
between the states of a PA. A natural modification of this distance is
introduced, to obtain a discounted distance, which weakens the influence of
long term transitions. We compare our notions of distance to others previously
defined and illustrate our approach on various examples. We also show that our
distance is not expansive with respect to process algebra operators. Although L
without negation is a suitable logic to characterise epsilon-(bi)simulation on
deterministic PAs, it is not for general PAs; interestingly, we prove that it
does characterise weaker notions, called a priori epsilon-(bi)simulation, which
we prove to be NP-difficult to decide.Comment: In Proceedings QAPL 2011, arXiv:1107.074
Bisimulation and cocongruence for probabilistic systems
International audienc
Approximate reasoning for real-time probabilistic processes
We develop a pseudo-metric analogue of bisimulation for generalized
semi-Markov processes. The kernel of this pseudo-metric corresponds to
bisimulation; thus we have extended bisimulation for continuous-time
probabilistic processes to a much broader class of distributions than
exponential distributions. This pseudo-metric gives a useful handle on
approximate reasoning in the presence of numerical information -- such as
probabilities and time -- in the model. We give a fixed point characterization
of the pseudo-metric. This makes available coinductive reasoning principles for
reasoning about distances. We demonstrate that our approach is insensitive to
potentially ad hoc articulations of distance by showing that it is intrinsic to
an underlying uniformity. We provide a logical characterization of this
uniformity using a real-valued modal logic. We show that several quantitative
properties of interest are continuous with respect to the pseudo-metric. Thus,
if two processes are metrically close, then observable quantitative properties
of interest are indeed close.Comment: Preliminary version appeared in QEST 0
Recommended from our members
A progress-sensitive flow-sensitive inlined information-flow control monitor (extended version)
We present a novel progress-sensitive, flow-sensitive hybrid information-flow control monitor for an imperative interactive language. Progress-sensitive information-flow control is a strong information security guarantee which ensures that a program's progress (or lack of) does not leak information. Flow-sensitivity means that this strong security guarantee is enforced fairly precisely: our monitor tracks information flow per variable and per program point. We illustrate our approach on an imperative interactive language. Our hybrid monitor is inlined: source programs are translated, by a type-based analysis, into a target language that supports dynamic security levels. A key benefit of this is that the resulting monitored program is amenable to standard optimization techniques such as partial evaluation. One of the distinguishing features of our hybrid monitor is that it uses sets of levels to track the different possible security types of variables. This feature allows us to distinguish outputs that never leak information from those that may leak information.Engineering and Applied Science
Distances for Weighted Transition Systems: Games and Properties
We develop a general framework for reasoning about distances between
transition systems with quantitative information. Taking as starting point an
arbitrary distance on system traces, we show how this leads to natural
definitions of a linear and a branching distance on states of such a transition
system. We show that our framework generalizes and unifies a large variety of
previously considered system distances, and we develop some general properties
of our distances. We also show that if the trace distance admits a recursive
characterization, then the corresponding branching distance can be obtained as
a least fixed point to a similar recursive characterization. The central tool
in our work is a theory of infinite path-building games with quantitative
objectives.Comment: In Proceedings QAPL 2011, arXiv:1107.074
Block-safe Information Flow Control
Flow-sensitive dynamic enforcement mechanisms for information flow labels offer increased permissiveness.
However, these mechanisms may leak sensitive information when deciding to block insecure executions.
When enforcing two labels (e.g., secret and public), sensitive information is leaked from the context in which this decision is taken.
When enforcing arbitrary labels, additional sensitive information is leaked from the labels
involved in the decision to block an execution.
We give examples where, contrary to a common belief, a mechanism designed to enforce
two labels may not be able to enforce arbitrary labels, due to this additional leakage.
In fact, it is not trivial to design
a dynamic enforcement that offers increased permissiveness,
handles multiple labels, and does not introduce information leakage due to blocking insecure executions.
In this paper, we present a dynamic enforcement mechanism of information flow labels
that has all these three attributes.
Our mechanism is not purely dynamic, since it uses a light-weight, on-the-fly,
static analysis of untaken branches. We prove that the set of all normally terminated
and blocked traces of a program, which is executed under our mechanism, satisfies
noninterference, against principals that make observations throughout execution
Labelled Markov processes
We develop a theory of probabilistic continuous processes that is meant ultimately to be part of an interactive systems theory. Our model is a generalization of ordinary labelled transition systems to which we add probabilistic transitions. The four main contributions are: (1) a notion of bisimulation equivalence and simulation preorder, (2) a logic for characterizing bisimulation and simulation, (3) an approximation scheme and (4) a metric on the collection of processes. We prove that bisimulation is characterized by a very simple logic that neither involves negation nor infinite conjunction. We have a similar result for simulation between discrete processes. Moreover, these characterizations are used to construct two algorithms, one that decides whether two finite-state probabilistic processes are bisimilar, and another that decides whether a state simulates another.We show how to approximate any continuous process with finite-state processes, and that one can reconstruct the process from its approximations. These finite approximations can be as close as we want to the original process. Moreover, we define a family of metrics that can tell how far apart or how close two processes are. The metrics also witness the fact that the approximations converge to the original process.Finally, we prove that the processes where the transition graph is a tree and whose transition probabilities are all rational form a basis of the space of labelled Markov processes; this means that labelled Markov processes form a separable metric space
Continuous Stochastic Logic Characterizes Bisimulation of Continuous-time Markov Processes
In a recent paper Baier, Haverkort, Hermanns and Katoen [BHHK00], analyzed a new way of model-checking formulas of a logic for continuoustime processes - called Continuous Stochastic Logic (henceforth CSL) { against continuous-time Markov chains { henceforth CTMCs. One of the important results of that paper was the proof that if two CTMCs were bisimilar then they would satisfy exactly the same formulas of CSL. This raises the converse question { does satisfaction of the same collection of CSL formulas imply bisimilarity? In other words, given two CTMCs which are known to satisfy exactly the same formulas of CSL does it have to be the case that they are bisimilar? We prove that the answer to the question just raised is \yes". In fact we prove a signi cant extension, namely that a subset of CSL suces even for systems where the state-space may be a continuum. Along the way we prove a result to the eect that the set of Zeno paths has measure zero provided that the transition rates are bounded