Results 1  10
of
160
Probabilistic Symbolic Model Checking with PRISM: A Hybrid Approach
 International Journal on Software Tools for Technology Transfer (STTT
, 2002
"... In this paper we introduce PRISM, a probabilistic model checker, and describe the ecient symbolic techniques we have developed during its implementation. PRISM is a tool for analysing probabilistic systems. It supports three models: discretetime Markov chains, continuoustime Markov chains and ..."
Abstract

Cited by 201 (32 self)
 Add to MetaCart
(Show Context)
In this paper we introduce PRISM, a probabilistic model checker, and describe the ecient symbolic techniques we have developed during its implementation. PRISM is a tool for analysing probabilistic systems. It supports three models: discretetime Markov chains, continuoustime Markov chains and Markov decision processes. Analysis is performed through model checking speci cations in the probabilistic temporal logics PCTL and CSL. Motivated by the success of model checkers such as SMV, which use BDDs (binary decision diagrams), we have developed an implementation of PCTL and CSL model checking based on MTBDDs (multiterminal BDDs) and BDDs. Existing work in this direction has been hindered by the generally poor performance of MTBDDbased numerical computation, which is often substantially slower than explicit methods using sparse matrices. We present a novel hybrid technique which combines aspects of symbolic and explicit approaches to overcome these performance problems. For typical examples, we achieve orders of magnitude speedup compared to MTBDDs and are able to almost match the speed of sparse matrices whilst maintaining considerable space savings.
Stochastic automata network for modeling parallel systems
 IEEE Trans. Software Eng
, 1991
"... AbstractThis paper is motivated by the study of the performance of parallel systems. The performance models of such systems are often complex to describe and hard to solve. The method presented here uses a modular representation of the system as a network of statetransition graphs. The state spac ..."
Abstract

Cited by 124 (10 self)
 Add to MetaCart
AbstractThis paper is motivated by the study of the performance of parallel systems. The performance models of such systems are often complex to describe and hard to solve. The method presented here uses a modular representation of the system as a network of statetransition graphs. The state space explosion is handled by a decomposition technique. The dynamic behavior of the algorithm is analyzed under Markovian assumptions. The transition matrix of the chain is automatically derived using tensor algebra operators, under a format which involves a very limited storage cost. Index TermsPerformance evaluation, Markov chain, tensor product, parallel systems, discrete time scale.
Efficient DescriptorVector Multiplications in Stochastic Automata Networks
, 1996
"... This paper examines numerical issues in computing solutions to networks of stochastic automata. It is wellknown that when the matrices that represent the automata contain only constant values, the cost of performing the operation basic to all iterative solution methods, that of matrixvector multi ..."
Abstract

Cited by 119 (20 self)
 Add to MetaCart
This paper examines numerical issues in computing solutions to networks of stochastic automata. It is wellknown that when the matrices that represent the automata contain only constant values, the cost of performing the operation basic to all iterative solution methods, that of matrixvector multiply, is given by ae N = N Y i=1 n i \Theta N X i=1 n i ; where n i is the number of states in the i th automaton and N is the number of automata in the network. We introduce the concept of a generalized tensor product and prove a number of lemmas concerning this product. The result of these lemmas allows us to show that this relatively small number of operations is sufficient in many practical cases of interest in which the automata contain functional and not simply constant transitions. Furthermore, we show how the automata should be ordered to achieve this.
Modelbased evaluation: From dependability to security
 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
, 2004
"... The development of techniques for quantitative, modelbased evaluation of computer system dependability has a long and rich history. A wide array of modelbased evaluation techniques are now available, ranging from combinatorial methods, which are useful for quick, roughcut analyses, to statebased ..."
Abstract

Cited by 96 (5 self)
 Add to MetaCart
The development of techniques for quantitative, modelbased evaluation of computer system dependability has a long and rich history. A wide array of modelbased evaluation techniques are now available, ranging from combinatorial methods, which are useful for quick, roughcut analyses, to statebased methods, such as Markov reward models, and detailed, discreteevent simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red teambased approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound modelbased methodology for quantifying the security one can expect from a particular design. In this work, we survey existing modelbased techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.
Complexity of memoryefficient Kronecker operations with applications to the solution of Markov models
 INFORMS J. Comp
, 2000
"... We present new algorithms for the solution of large structured Markov models whose infinitesimal generator can be expressed as a Kronecker expression of sparse matrices. We then compare them with the shufflebased method commonly used in this context and show how our new algorithms can be advantageo ..."
Abstract

Cited by 67 (21 self)
 Add to MetaCart
(Show Context)
We present new algorithms for the solution of large structured Markov models whose infinitesimal generator can be expressed as a Kronecker expression of sparse matrices. We then compare them with the shufflebased method commonly used in this context and show how our new algorithms can be advantageous in dealing with very sparse matrices and in supporting both Jacobistyle and GaussSeidelstyle methods with appropriate multiplication algorithms. Our main contribution is to show how solution algorithms based on Kronecker expression can be modified to consider probability vectors of size equal to the "actual" state space instead of the "potential" state space, thus providing space and time savings. The complexity of our algorithms is compared under different sparsity assumptions. A nontrivial example is studied to illustrate the complexity of the implemented algorithms. Continuous time Markov chains (CTMCs) are an established technique to analyze the performance, reliability, or performability of dynamic systems from a wide range of application areas. CTMCs are usually specied in a highlevel modeling formalism, then a software tool is employed to generate the state space and generator matrix of the underlying CTMC and compute the stationary
Markovian Process Algebra: Composition and Equivalence
, 1994
"... Markovian Process Algebra (MPA) is a process algebra enhanced with exponential timing which allows the mapping of specifications on continuous time Markov chains (CTMCs). This paper introduces a compositional approach to compute the generator matrix of the CTMC underlying a MPA specification which c ..."
Abstract

Cited by 59 (5 self)
 Add to MetaCart
Markovian Process Algebra (MPA) is a process algebra enhanced with exponential timing which allows the mapping of specifications on continuous time Markov chains (CTMCs). This paper introduces a compositional approach to compute the generator matrix of the CTMC underlying a MPA specification which consists of the parallel composition of finite state agents. Furthermore two different equivalence relations covering quantitative and qualitative aspects are introduced. These equivalence relations are shown to be congruences according to parallel composition of agents.
Saturation Unbound
 Proc. TACAS
, 2003
"... In previous work, we proposed a "saturation" algorithm for symbolic statespace generation characterized by the use of multivalued decision diagrams, boolean Kronecker operators, event locality, and a special iteration strategy. This approach outperforms traditional BDDbased techniques by ..."
Abstract

Cited by 51 (23 self)
 Add to MetaCart
(Show Context)
In previous work, we proposed a "saturation" algorithm for symbolic statespace generation characterized by the use of multivalued decision diagrams, boolean Kronecker operators, event locality, and a special iteration strategy. This approach outperforms traditional BDDbased techniques by several orders of magnitude in both space and time but, like them, assumes a priori knowledge of each submodel's state space. We introduce a new algorithm that merges explicit local statespace discovery with symbolic global statespace generation. This relieves the modeler from worrying about the behavior of submodels in isolation.
The Numerical Solution of Stochastic Automata Networks
, 1994
"... Stochastic Automata Networks (SAN's) have recently received attention in the literature as an efficient means of modelling parallel systems such as communicating processes, concurrent processors, shared memory, etc. The advantage that the SAN approach has over generalized stochastic Petri nets, ..."
Abstract

Cited by 48 (11 self)
 Add to MetaCart
Stochastic Automata Networks (SAN's) have recently received attention in the literature as an efficient means of modelling parallel systems such as communicating processes, concurrent processors, shared memory, etc. The advantage that the SAN approach has over generalized stochastic Petri nets, and indeed over any Markovian analysis that requires the generation of a transition matrix, is that its representation remains compact even as the number of states in the underlying Markov chain begins to explode. Our concern in this paper is with the numerical issues that are involved in solving SAN networks. We introduce stochastic automata and consider the numerical difficulties that result from their interaction. We examine how the product of a vector with a compact SAN descriptor may be formed, for this operation is basis to all iterative solution methods. We describe possible solution methods, including the power method, the method of Arnoldi and GMRES, and show that the two latter methods...
Hierarchical Markovian Models Symmetries and Reduction
 Performance Evaluation
, 1992
"... Hierarchical Markovian models are a useful paradigm for the specification and quantitative analysis of models arising from complex systems. Although techniques for a very efficient analysis of large scale hierarchical Markovian models have been developed recently, the size of the Markov chain und ..."
Abstract

Cited by 45 (1 self)
 Add to MetaCart
(Show Context)
Hierarchical Markovian models are a useful paradigm for the specification and quantitative analysis of models arising from complex systems. Although techniques for a very efficient analysis of large scale hierarchical Markovian models have been developed recently, the size of the Markov chain underlying a complex hierarchical model often prohibits an analysis on contemporary computer equipment. However, many realistic models contain a lot of symmetric and identical parts, allowing the construction of a reduced Markov chain yielding exact results for the complete model. Of course, to make use of symmetries in a fairly complex model, a technique is needed that generates automatically a reduced Markov chain from the specification of the model. Such an approach can be integrated in an appropriate modelling tool environment for the analysis of hierarchical models and often yields a dramatic reduction in the state space size allowing the analysis of models that are far too large t...
The Need for and the Advantages of Generalized Tensor Algebra for Kronecker Structured Representations
 International Journal of Simulation: Systems, Science & Technology
, 2005
"... ..."
(Show Context)