Results 1  10
of
112
Probabilistic Symbolic Model Checking with PRISM: A Hybrid Approach
 International Journal on Software Tools for Technology Transfer (STTT
, 2002
"... In this paper we introduce PRISM, a probabilistic model checker, and describe the ecient symbolic techniques we have developed during its implementation. PRISM is a tool for analysing probabilistic systems. It supports three models: discretetime Markov chains, continuoustime Markov chains and ..."
Abstract

Cited by 137 (26 self)
 Add to MetaCart
In this paper we introduce PRISM, a probabilistic model checker, and describe the ecient symbolic techniques we have developed during its implementation. PRISM is a tool for analysing probabilistic systems. It supports three models: discretetime Markov chains, continuoustime Markov chains and Markov decision processes. Analysis is performed through model checking speci cations in the probabilistic temporal logics PCTL and CSL. Motivated by the success of model checkers such as SMV, which use BDDs (binary decision diagrams), we have developed an implementation of PCTL and CSL model checking based on MTBDDs (multiterminal BDDs) and BDDs. Existing work in this direction has been hindered by the generally poor performance of MTBDDbased numerical computation, which is often substantially slower than explicit methods using sparse matrices. We present a novel hybrid technique which combines aspects of symbolic and explicit approaches to overcome these performance problems. For typical examples, we achieve orders of magnitude speedup compared to MTBDDs and are able to almost match the speed of sparse matrices whilst maintaining considerable space savings.
Efficient DescriptorVector Multiplications in Stochastic Automata Networks
, 1996
"... This paper examines numerical issues in computing solutions to networks of stochastic automata. It is wellknown that when the matrices that represent the automata contain only constant values, the cost of performing the operation basic to all iterative solution methods, that of matrixvector multi ..."
Abstract

Cited by 92 (16 self)
 Add to MetaCart
This paper examines numerical issues in computing solutions to networks of stochastic automata. It is wellknown that when the matrices that represent the automata contain only constant values, the cost of performing the operation basic to all iterative solution methods, that of matrixvector multiply, is given by ae N = N Y i=1 n i \Theta N X i=1 n i ; where n i is the number of states in the i th automaton and N is the number of automata in the network. We introduce the concept of a generalized tensor product and prove a number of lemmas concerning this product. The result of these lemmas allows us to show that this relatively small number of operations is sufficient in many practical cases of interest in which the automata contain functional and not simply constant transitions. Furthermore, we show how the automata should be ordered to achieve this.
Complexity of memoryefficient Kronecker operations with applications to the solution of Markov models
 INFORMS J. Comp
, 2000
"... We present new algorithms for the solution of large structured Markov models whose infinitesimal generator can be expressed as a Kronecker expression of sparse matrices. We then compare them with the shufflebased method commonly used in this context and show how our new algorithms can be advantageo ..."
Abstract

Cited by 64 (18 self)
 Add to MetaCart
We present new algorithms for the solution of large structured Markov models whose infinitesimal generator can be expressed as a Kronecker expression of sparse matrices. We then compare them with the shufflebased method commonly used in this context and show how our new algorithms can be advantageous in dealing with very sparse matrices and in supporting both Jacobistyle and GaussSeidelstyle methods with appropriate multiplication algorithms. Our main contribution is to show how solution algorithms based on Kronecker expression can be modified to consider probability vectors of size equal to the "actual" state space instead of the "potential" state space, thus providing space and time savings. The complexity of our algorithms is compared under different sparsity assumptions. A nontrivial example is studied to illustrate the complexity of the implemented algorithms. Continuous time Markov chains (CTMCs) are an established technique to analyze the performance, reliability, or performability of dynamic systems from a wide range of application areas. CTMCs are usually specied in a highlevel modeling formalism, then a software tool is employed to generate the state space and generator matrix of the underlying CTMC and compute the stationary
Modelbased evaluation: From dependability to security
 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
, 2004
"... The development of techniques for quantitative, modelbased evaluation of computer system dependability has a long and rich history. A wide array of modelbased evaluation techniques are now available, ranging from combinatorial methods, which are useful for quick, roughcut analyses, to statebased ..."
Abstract

Cited by 56 (2 self)
 Add to MetaCart
The development of techniques for quantitative, modelbased evaluation of computer system dependability has a long and rich history. A wide array of modelbased evaluation techniques are now available, ranging from combinatorial methods, which are useful for quick, roughcut analyses, to statebased methods, such as Markov reward models, and detailed, discreteevent simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red teambased approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound modelbased methodology for quantifying the security one can expect from a particular design. In this work, we survey existing modelbased techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.
Markovian Process Algebra: Composition and Equivalence
, 1994
"... Markovian Process Algebra (MPA) is a process algebra enhanced with exponential timing which allows the mapping of specifications on continuous time Markov chains (CTMCs). This paper introduces a compositional approach to compute the generator matrix of the CTMC underlying a MPA specification which c ..."
Abstract

Cited by 45 (5 self)
 Add to MetaCart
Markovian Process Algebra (MPA) is a process algebra enhanced with exponential timing which allows the mapping of specifications on continuous time Markov chains (CTMCs). This paper introduces a compositional approach to compute the generator matrix of the CTMC underlying a MPA specification which consists of the parallel composition of finite state agents. Furthermore two different equivalence relations covering quantitative and qualitative aspects are introduced. These equivalence relations are shown to be congruences according to parallel composition of agents.
The Numerical Solution of Stochastic Automata Networks
, 1994
"... Stochastic Automata Networks (SAN's) have recently received attention in the literature as an efficient means of modelling parallel systems such as communicating processes, concurrent processors, shared memory, etc. The advantage that the SAN approach has over generalized stochastic Petri nets, and ..."
Abstract

Cited by 43 (10 self)
 Add to MetaCart
Stochastic Automata Networks (SAN's) have recently received attention in the literature as an efficient means of modelling parallel systems such as communicating processes, concurrent processors, shared memory, etc. The advantage that the SAN approach has over generalized stochastic Petri nets, and indeed over any Markovian analysis that requires the generation of a transition matrix, is that its representation remains compact even as the number of states in the underlying Markov chain begins to explode. Our concern in this paper is with the numerical issues that are involved in solving SAN networks. We introduce stochastic automata and consider the numerical difficulties that result from their interaction. We examine how the product of a vector with a compact SAN descriptor may be formed, for this operation is basis to all iterative solution methods. We describe possible solution methods, including the power method, the method of Arnoldi and GMRES, and show that the two latter methods...
Saturation Unbound
 Proc. TACAS
, 2003
"... In previous work, we proposed a "saturation" algorithm for symbolic statespace generation characterized by the use of multivalued decision diagrams, boolean Kronecker operators, event locality, and a special iteration strategy. This approach outperforms traditional BDDbased techniques by several o ..."
Abstract

Cited by 41 (21 self)
 Add to MetaCart
In previous work, we proposed a "saturation" algorithm for symbolic statespace generation characterized by the use of multivalued decision diagrams, boolean Kronecker operators, event locality, and a special iteration strategy. This approach outperforms traditional BDDbased techniques by several orders of magnitude in both space and time but, like them, assumes a priori knowledge of each submodel's state space. We introduce a new algorithm that merges explicit local statespace discovery with symbolic global statespace generation. This relieves the modeler from worrying about the behavior of submodels in isolation.
Hierarchical Markovian Models Symmetries and Reduction
 Performance Evaluation
, 1992
"... Hierarchical Markovian models are a useful paradigm for the specification and quantitative analysis of models arising from complex systems. Although techniques for a very efficient analysis of large scale hierarchical Markovian models have been developed recently, the size of the Markov chain und ..."
Abstract

Cited by 40 (1 self)
 Add to MetaCart
Hierarchical Markovian models are a useful paradigm for the specification and quantitative analysis of models arising from complex systems. Although techniques for a very efficient analysis of large scale hierarchical Markovian models have been developed recently, the size of the Markov chain underlying a complex hierarchical model often prohibits an analysis on contemporary computer equipment. However, many realistic models contain a lot of symmetric and identical parts, allowing the construction of a reduced Markov chain yielding exact results for the complete model. Of course, to make use of symmetries in a fairly complex model, a technique is needed that generates automatically a reduced Markov chain from the specification of the model. Such an approach can be integrated in an appropriate modelling tool environment for the analysis of hierarchical models and often yields a dramatic reduction in the state space size allowing the analysis of models that are far too large t...
An efficient Kronecker representation for PEPA models
 in de Alfaro and Gilmore [32
, 2001
"... Abstract. In this paper we present a representation of the Markov process underlying a PEPA model in terms of a Kronecker product of terms. Whilst this representation is similar to previous representations of Stochastic Automata Networks and Stochastic Petri Nets, it has novel features, arising from ..."
Abstract

Cited by 25 (5 self)
 Add to MetaCart
Abstract. In this paper we present a representation of the Markov process underlying a PEPA model in terms of a Kronecker product of terms. Whilst this representation is similar to previous representations of Stochastic Automata Networks and Stochastic Petri Nets, it has novel features, arising from the definition of the PEPA models. In particular, capturing the correct timing behaviour of cooperating PEPA activities relies on functional dependencies. 1
Symbolic model checking for probabilistic processes using MTBDDs and the Kronecker representation
 In Tools and Algorithms for the Analysis and Construction of Systems, LNCS 1785
, 2000
"... Abstract. This paper reports on experimental results with symbolic model checking of probabilistic processes based on MultiTerminal Binary Decision Diagrams (MTBDDs). We consider concurrent probabilistic systems as models; these allow nondeterministic choice between probability distributions and ar ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
Abstract. This paper reports on experimental results with symbolic model checking of probabilistic processes based on MultiTerminal Binary Decision Diagrams (MTBDDs). We consider concurrent probabilistic systems as models; these allow nondeterministic choice between probability distributions and are particularly well suited to modelling distributed systems with probabilistic behaviour, e.g. randomized consensus algorithms and probabilistic failures. As a specification formalism we use the probabilistic branchingtime temporal logic PBTL which allows one to express properties such as “under any scheduling of nondeterministic choices, the probability of φ holding until ψ is true is at least 0.78/at most 0.04 ”. We adapt the Kronecker representation of (Plateau 1985), which yields a very compact MTBDD encoding of the system. We implement an experimental model checker using the CUDD package and demonstrate that model construction and reachabilitybased model checking is possible in a matter of seconds for certain classes of systems consisting of up to 10 30 states. 1