Results 1  10
of
31
Approximate NonInterference
 Journal of Computer Security
, 2002
"... We address the problem of characterising the security of a program against unauthorised information flows. Classical approaches are based on noninterference models which depend ultimately on the notion of process equivalence. In these models confidentiality is an absolute property stating the absen ..."
Abstract

Cited by 96 (12 self)
 Add to MetaCart
We address the problem of characterising the security of a program against unauthorised information flows. Classical approaches are based on noninterference models which depend ultimately on the notion of process equivalence. In these models confidentiality is an absolute property stating the absence of any illegal information flow. We present a model in which the notion of noninterference is approximated in the sense that it allows for some exactly quantified leakage of information. This is characterised via a notion of process similarity which replaces the indistinguishability of processes by a quantitative measure of their behavioural difference. Such a quantity is related to the number of statistical tests needed to distinguish two behaviours. We also present two semanticsbased analyses of approximate noninterference and we show that one is a correct abstraction of the other.
Quantitative Relations and Approximate Process Equivalences
, 2003
"... We introduce a characterisation of probabilistic transition systems (PTS) in terms of linear operators on some suitably defined vector space representing the set of states. Various notions of process equivalences can then be reformulated as abstract linear operators related to the concrete PTS sem ..."
Abstract

Cited by 22 (12 self)
 Add to MetaCart
We introduce a characterisation of probabilistic transition systems (PTS) in terms of linear operators on some suitably defined vector space representing the set of states. Various notions of process equivalences can then be reformulated as abstract linear operators related to the concrete PTS semantics via a probabilistic abstract interpretation. These process equivalences can be turned into corresponding approximate notions by identifying processes whose abstract operators "differ" by a given quantity, which can be calculated as the norm of the difference operator. We argue that this number can be given a statistical interpretation in terms of the tests needed to distinguish two behaviours.
Linear and Branching Metrics for Quantitative Transition Systems
 In Proceedings of the 31st International Colloquium on Automata, Languages and Programming
, 2004
"... We extend the basic system relations of trace inclusion, trace equivalence, simulation, and bisimulation to a quantitative setting in which propositions are interpreted not as boolean values, but as real values in the interval [0; 1]. Trace inclusion and equivalence give rise to asymmetrical and ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
We extend the basic system relations of trace inclusion, trace equivalence, simulation, and bisimulation to a quantitative setting in which propositions are interpreted not as boolean values, but as real values in the interval [0; 1]. Trace inclusion and equivalence give rise to asymmetrical and symmetrical linear distances, while simulation and bisimulation give rise to asymmetrical and symmetrical branching distances. We study the relationships among these distances, and we provide a full logical characterization of the distances in terms of quantitative versions of LTL and calculus. We show that, while trace inclusion (resp. equivalence) coincides with simulation (resp. bisimulation) for deterministic boolean transition systems, linear and branching distances do not coincide for deterministic quantitative transition systems. Finally, we provide algorithms for computing the distances, together with matching lower and upper complexity bounds.
Weak Bisimulation is Sound and Complete for PCTL
, 2002
"... We investigate weak bisimulation of probabilistic systems in the presence of nondeterminism, i.e. labelled concurrent Markov chains (LCMC) with silent transitions. We build on the work of Philippou, Lee and Sokolsky [1] for finite state LCMCs. Their denition of weak bisimulation destroys the additiv ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
We investigate weak bisimulation of probabilistic systems in the presence of nondeterminism, i.e. labelled concurrent Markov chains (LCMC) with silent transitions. We build on the work of Philippou, Lee and Sokolsky [1] for finite state LCMCs. Their denition of weak bisimulation destroys the additivity property of the probability distributions, yielding instead capacities. The mathematics behind capacities naturally captures the intuition that when we deal with nondeterminism we must work with estimates on the possible probabilities. Our analysis leads to three...
An Intrinsic Characterization of Approximate Probabilistic Bisimilarity
 In: Proceedings of FOSSACS 03. LNCS
, 2003
"... Abstract. In previous work we have investigated a notion of approximate bisimilarity for labelled Markov processes. We argued that such a notion is more realistic and more feasible to compute than (exact) bisimilarity. The main technical tool used in the underlying theory was the Hutchinson metric o ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
Abstract. In previous work we have investigated a notion of approximate bisimilarity for labelled Markov processes. We argued that such a notion is more realistic and more feasible to compute than (exact) bisimilarity. The main technical tool used in the underlying theory was the Hutchinson metric on probability measures. This paper gives a more fundamental characterization of approximate bisimilarity in terms of the notion of (exact) similarity. In particular, we show that the topology of approximate bisimilarity is the Lawson topology with respect to the simulation preorder. To complement this abstract characterization we give a statistical account of similarity, and by extension, of approximate bisimilarity, in terms of the process testing formalism of Larsen and Skou. 1
Duality for Labelled Markov Processes
"... Labelled Markov processes (LMPs) are automata whose transitions are given by probability distributions. In this paper we present a `universal' LMP as the spectrum of a commutative C # algebra consisting of formal linear combinations of labelled trees. We characterize the state space of the univ ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Labelled Markov processes (LMPs) are automata whose transitions are given by probability distributions. In this paper we present a `universal' LMP as the spectrum of a commutative C # algebra consisting of formal linear combinations of labelled trees. We characterize the state space of the universal LMP as the set of homomorphims from an ordered commutative monoid of labelled trees into the multiplicative unit interval. This yields a simple semantics for LMPs which is fully abstract with respect to probabilistic bisimilarity. We also consider LMPs with entry points and exit points in the setting of iteration theories. We define an iteration theory of LMPs by specifying its categorical dual: a certain category of C*algebras. We find that the basic operations for composing LMPs have simple definitions in the dual category.
A Behavioural Pseudometric for Probabilistic Transition Systems
, 2004
"... Booleanvalued logics and associated discrete notions of behavioural equivalence sit uneasily with semantic models featuring quantitative data, like probabilistic transition systems. In this paper we present a pseudometric on a class of probabilistic transition systems yielding a quantitative notion ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Booleanvalued logics and associated discrete notions of behavioural equivalence sit uneasily with semantic models featuring quantitative data, like probabilistic transition systems. In this paper we present a pseudometric on a class of probabilistic transition systems yielding a quantitative notion of behavioural equivalence. The pseudometric is defined via the terminal coalgebra of a functor based on a metric on the space of Borel probability measures on a metric space. States of a probabilistic transition system have distance 0 if and only if they are probabilistic bisimilar. We also characterize our distance function in terms of a realvalued modal logic. Key words: probabilistic transition system, pseudometric, probabilistic bisimilarity, terminal coalgebra, realvalued modal logic 1
Game relations and metrics
 In LICS’07
, 2007
"... We consider twoplayer games played over finite state spaces for an infinite number of rounds. At each state, the players simultaneously choose moves; the moves determine a successor state. It is often advantageous for players to choose probability distributions over moves, rather than single moves. ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
We consider twoplayer games played over finite state spaces for an infinite number of rounds. At each state, the players simultaneously choose moves; the moves determine a successor state. It is often advantageous for players to choose probability distributions over moves, rather than single moves. Given a goal (e.g., “reach a target state”), the question of winning is thus a probabilistic one: “what is the maximal probability of winning from a given state?”. On these game structures, two fundamental notions are those of equivalences and metrics. Given a set of winning conditions, two states are equivalent if the players can win the same games with the same probability from both states. Metrics provide a bound on the difference in the probabilities of winning across states, capturing a quantitative notion of state “similarity”. We introduce equivalences and metrics for twoplayer game structures, and we show that they characterize the difference in probability of winning games whose goals are expressed in the quantitative µcalculus. The quantitative µcalculus can express a large set of goals, including reachability, safety, and ωregular properties. Thus, we claim that our relations and metrics provide the canonical extensions to games, of the classical notion of bisimulation for transition systems. We develop our results both for equivalences and metrics, which generalize bisimulation, and for asymmetrical versions, which generalize simulation.
Metrics for Markov Decision Processes with Infinite State Spaces
, 2005
"... We present metrics for measuring state similarity in Markov decision processes (MDPs) with infinitely many states, including MDPs with continuous state spaces. Such metrics provide a stable quantitative analogue of the notion of bisimulation for MDPs, and are suitable for use in MDP approximation. W ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
We present metrics for measuring state similarity in Markov decision processes (MDPs) with infinitely many states, including MDPs with continuous state spaces. Such metrics provide a stable quantitative analogue of the notion of bisimulation for MDPs, and are suitable for use in MDP approximation. We show that the optimal value function associated with a discounted infinite horizon planning task varies continuously with respect to our metric distances.
Approximate reasoning for realtime probabilistic processes
 of Systems, First International Conference on (QEST’04), 00:304–313
, 2004
"... We develop a pseudometric analogue of bisimulation for generalized semiMarkov processes. The kernel of this pseudometric corresponds to bisimulation; thus we have extended bisimulation for continuoustime probabilistic processes to a much broader class of distributions than exponential distributio ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We develop a pseudometric analogue of bisimulation for generalized semiMarkov processes. The kernel of this pseudometric corresponds to bisimulation; thus we have extended bisimulation for continuoustime probabilistic processes to a much broader class of distributions than exponential distributions. This pseudometric gives a useful handle on approximate reasoning in the presence of numerical information — such as probabilities and time — in the model. We give a fixed point characterization of the pseudometric. This makes available coinductive reasoning principles for reasoning about distances. We demonstrate that our approach is insensitive to potentially ad hoc articulations of distance by showing that it is intrinsic to an underlying uniformity. We provide a logical characterization of this uniformity using a realvalued modal logic. We show that several quantitative properties of interest are continuous with respect to the pseudometric. Thus, if two processes are metrically close, then observable quantitative properties of interest are indeed close. 1