Results 1  10
of
37
Modelbased evaluation: From dependability to security
 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
, 2004
"... The development of techniques for quantitative, modelbased evaluation of computer system dependability has a long and rich history. A wide array of modelbased evaluation techniques are now available, ranging from combinatorial methods, which are useful for quick, roughcut analyses, to statebased ..."
Abstract

Cited by 56 (2 self)
 Add to MetaCart
The development of techniques for quantitative, modelbased evaluation of computer system dependability has a long and rich history. A wide array of modelbased evaluation techniques are now available, ranging from combinatorial methods, which are useful for quick, roughcut analyses, to statebased methods, such as Markov reward models, and detailed, discreteevent simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red teambased approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound modelbased methodology for quantifying the security one can expect from a particular design. In this work, we survey existing modelbased techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.
Using EdgeValued Decision Diagrams for Symbolic Generation of Shortest Paths
 Proc. Fourth International Conference on Formal Methods in ComputerAided Design (FMCAD), LNCS 2517
, 2002
"... We present a new method for the symbolic construction of shortest paths in reachability graphs. Our algorithm relies on a variant of edgevalued decision diagrams that supports efficient fixedpoint iterations for the joint computation of both the reachable states and their distance from the initial ..."
Abstract

Cited by 21 (12 self)
 Add to MetaCart
We present a new method for the symbolic construction of shortest paths in reachability graphs. Our algorithm relies on a variant of edgevalued decision diagrams that supports efficient fixedpoint iterations for the joint computation of both the reachable states and their distance from the initial states. Once the distance function is known, a shortest path from an initial state to a state satisfying a given condition can be easily obtained. Using a few representative examples, we show how our algorithm is vastly superior, in terms of both memory and space, to alternative approaches that compute the same information, such as ordinary or algebraic decision diagrams.
Structural symbolic CTL model checking of asynchronous systems
 Computer Aided Verification (CAV’03), LNCS 2725
, 2003
"... Abstract. In previous work, we showed how structural information can be used to efficiently generate the statespace of asynchronous systems. Here, we apply these ideas to symbolic CTL model checking. Thanks to a Kronecker encoding of the transition relation, we detect and exploit event locality and ..."
Abstract

Cited by 16 (10 self)
 Add to MetaCart
Abstract. In previous work, we showed how structural information can be used to efficiently generate the statespace of asynchronous systems. Here, we apply these ideas to symbolic CTL model checking. Thanks to a Kronecker encoding of the transition relation, we detect and exploit event locality and apply better fixedpoint iteration strategies, resulting in ordersofmagnitude reductions for both execution times and memory consumption in comparison to wellestablished tools such as NuSMV. 1
Symbolic Statespace Exploration and Numerical Analysis of Statesharing Composed Models
 IN PROCEEDINGS OF NSMC ’03: THE FOURTH INTERNATIONAL CONFERENCE ON THE NUMERICAL SOLUTION OF MARKOV CHAINS
, 2004
"... The complexity of stochastic models of realworld systems is usually managed by abstracting details and structuring models in a hierarchical manner. Systems are often built by replicating and joining subsystems, making possible the creation of a model structure that yields lumpable state spaces. Thi ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
The complexity of stochastic models of realworld systems is usually managed by abstracting details and structuring models in a hierarchical manner. Systems are often built by replicating and joining subsystems, making possible the creation of a model structure that yields lumpable state spaces. This fact has been exploited to facilitate modelbased numerical analysis. Likewise, recent results on model construction suggest that decision diagrams can be used to compactly represent large Continuous Time Markov Chains (CTMCs). In this paper, we present an approach that combines and extends these two approaches. In particular, we propose methods that apply to hierarchically structured models with hierarchies based on sharing state variables. The hierarchy is constructed in a way that exposes structural symmetries in the constructed model, thus facilitating lumping. In addition, the methods allow one to derive a symbolic representation of the associated CTMC directly from the given model without the need to compute and store the overall state space or CTMC explicitly. The resulting representation of a generator matrix allows the analysis of large CTMCs in lumped form. The efficiency of the approach is demonstrated with the help of two example models.
Saturationbased symbolic reachability analysis using conjunctive and disjunctive partitioning
 Proc. CHARME, LNCS 3725
, 2005
"... Abstract. We propose a new saturationbased symbolic statespace generation algorithm for finite discretestate systems. Based on the structure of the highlevel model specification, we first disjunctively partition the transition relation of the system, then conjunctively partition each disjunct. O ..."
Abstract

Cited by 14 (12 self)
 Add to MetaCart
Abstract. We propose a new saturationbased symbolic statespace generation algorithm for finite discretestate systems. Based on the structure of the highlevel model specification, we first disjunctively partition the transition relation of the system, then conjunctively partition each disjunct. Our new encoding recognizes identity transformations of state variables and exploits event locality, enabling us to apply a recursive fixedpoint image computation strategy completely different from the standard breadthfirst approach employing a global fixpoint image computation. Compared to breadthfirst symbolic methods, saturation has already been empirically shown to be several orders more efficient in terms of runtime and peak memory requirements for asynchronous concurrent systems. With the new partitioning, the saturation algorithm can now be applied to completely general asynchronous systems, while requiring similar or better runtimes and peak memory than previous saturation algorithms. 1
Distributed and structured analysis approaches to study large and complex systems
 Lectures on Formal Methods and Performance Analysis, LNCS 2090
, 2001
"... Abstract. Both the logic and the stochastic analysis of discretestate systems are hindered by the combinatorial growth of the state space underlying a highlevel model. In this work, we consider two orthogonal approaches to cope with this “statespace explosion”. Distributed algorithms that make us ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Abstract. Both the logic and the stochastic analysis of discretestate systems are hindered by the combinatorial growth of the state space underlying a highlevel model. In this work, we consider two orthogonal approaches to cope with this “statespace explosion”. Distributed algorithms that make use of the processors and memory overall available on a network of N workstations can manage models with state spaces approximately N times larger than what is possible on a single workstation. A second approach, constituting a fundamental paradigm shift, is instead based on decision diagrams and related implicit data structures that efficiently encode the state space or the transition rate matrix of a model, provided that it has some structure to guide its decomposition; with these implicit methods, enormous sets can be managed efficiently, but the numerical solution of the stochastic model, if desired, is still a bottleneck, as it requires vectors of the size of the state space. 1
Saturation for a General Class of Models
, 2004
"... Implicit techniques for construction and representation of the reachability set of a highlevel model have become quite efficient for certain types of models. In particular, previous work developed a “saturation” algorithm that exploits asynchronous behavior to efficiently construct the reachability ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
Implicit techniques for construction and representation of the reachability set of a highlevel model have become quite efficient for certain types of models. In particular, previous work developed a “saturation” algorithm that exploits asynchronous behavior to efficiently construct the reachability set using multiway decision diagrams, but requires each model event to be expressible as a Kronecker product. In this paper, we develop a new version of the saturation algorithm that works for a general class of models: models whose events are not necessarily expressible as Kronecker products, models containing events with complex priority structures, and models whose state variables have unknown bounds. We apply our algorithm to several examples and give detailed experimental results.
Exploiting interleaving semantics in symbolic statespace generation
 Formal Methods in System Design
"... Abstract. Symbolic techniques based on Binary Decision Diagrams (BDDs) are widely employed for reasoning about temporal properties of hardware circuits and synchronous controllers. However, they often perform poorly when dealing with the huge state spaces underlying systems based on interleaving sem ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
Abstract. Symbolic techniques based on Binary Decision Diagrams (BDDs) are widely employed for reasoning about temporal properties of hardware circuits and synchronous controllers. However, they often perform poorly when dealing with the huge state spaces underlying systems based on interleaving semantics, such as communications protocols and distributed software, which are composed of independently acting subsystems that communicate via shared events. This article shows that the efficiency of state–space exploration techniques using decision diagrams can be drastically improved by exploiting the interleaving semantics underlying many event–based and component–based system models. A new algorithm for symbolically generating state spaces is presented that (i) encodes a model’s state vectors with Multi–valued Decision Diagrams (MDDs) rather than flattening them into BDDs and (ii) partitions the model’s Kronecker–consistent next–state function by event and subsystem, thus enabling multiple lightweight next–state transformations rather than a single heavyweight one. Together, this paves the way for a novel iteration order, called saturation, which replaces the breadth–first search order of traditional algorithms. The resulting saturation algorithm is implemented in the tool SMART, and experimental studies show that it is often several orders of magnitude better in terms of time efficiency, final memory consumption, and peak memory consumption than existing symbolic algorithms.
PEPS2007 Stochastic Automata Networks Software Tool
"... PEPS is a tool package for modeling and solving models expressed in Stochastic Automata Networks (SAN). The SAN formalism defines a compact storage scheme for the transition matrix of the Markov chain and it uses tensor algebra to handle the basic vector matrix multiplications. This paper presents a ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
PEPS is a tool package for modeling and solving models expressed in Stochastic Automata Networks (SAN). The SAN formalism defines a compact storage scheme for the transition matrix of the Markov chain and it uses tensor algebra to handle the basic vector matrix multiplications. This paper presents a short timeline of PEPS previous versions and the new features included in version 2007. 1. PEPS Timeline PEPS project started in the late 80’s aiming a software tool to model and to compute numerical solutions for the Stochastic Automata Netwoks (SAN) formalism. The SAN formalism was proposed by Plateau [1] and its basic idea is to represent a whole system by a collection of subsystems with an independent behavior (local events) and occasional interdependencies (functional rates and synchronizing events). The framework proposed by Plateau defines a modular way to describe continuous and discretetime Markovian models, but only continuoustime SAN are implemented in PEPS. The first PEPS version was presented in [2] and implemented a simple vectormatrix multiplication, where the matrix columns were generated, column by column, in each iteration. The full matrix was never generated, only the tensor format descriptor was stored. 1.1. PEPS2000 In 2000 a new version was release, this version implemented a set of new algorithms proposed by Fernandes [3]. The main increasing technique implemented in this version was a vectordescriptor multiplication method, the Shuffle algorithm. With this method, each tensor product term multiplies a part of the vector, never generating any part of the full matrix. After all tensor multiplications, we have a complet vectormatrix multiplication. Still in PEPS2000 version a simple interface compiler, optimized manipulation of functional dependencies [3],
Efficient state space generation of gspns using decision diagrams
 In Proc. DSN
, 2002
"... Implicit techniques for representing and generating the reachability set of a highlevel model have become quite efficient. However, such techniques are usually restricted to models whose events have equal priority. Models containing events with differing classes of priority or complex priority stru ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Implicit techniques for representing and generating the reachability set of a highlevel model have become quite efficient. However, such techniques are usually restricted to models whose events have equal priority. Models containing events with differing classes of priority or complex priority structure, in particular models with immediate events, have thus been required to use explicit reachability set generation techniques. In this paper, we present an efficient implicit technique, based on multivalued decision diagram representations for sets of states and matrix diagram representations for nextstate functions, that can handle models with complex priority structure. If the model contains immediate events, the vanishing states can be eliminated either during generation, by manipulating the matrix diagram, or after generation, by manipulating the multivalued decision diagram. We apply both techniques to several models and give detailed results. 1.