Results 1  10
of
27
Model Checking of Probabilistic and Nondeterministic Systems
, 1995
"... . The temporal logics pCTL and pCTL* have been proposed as tools for the formal specification and verification of probabilistic systems: as they can express quantitative bounds on the probability of system evolutions, they can be used to specify system properties such as reliability and performance. ..."
Abstract

Cited by 200 (13 self)
 Add to MetaCart
. The temporal logics pCTL and pCTL* have been proposed as tools for the formal specification and verification of probabilistic systems: as they can express quantitative bounds on the probability of system evolutions, they can be used to specify system properties such as reliability and performance. In this paper, we present modelchecking algorithms for extensions of pCTL and pCTL* to systems in which the probabilistic behavior coexists with nondeterminism, and show that these algorithms have polynomialtime complexity in the size of the system. This provides a practical tool for reasoning on the reliability and performance of parallel systems. 1 Introduction Temporal logic has been successfully used to specify the behavior of concurrent and reactive systems. These systems are usually modeled as nondeterministic processes: at any moment in time, more than one future evolution may be possible, but a probabilistic characterization of their likelihood is normally not attempted. While ma...
Model Checking for a Probabilistic Branching Time Logic with Fairness
 Distributed Computing
, 1998
"... We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but n ..."
Abstract

Cited by 116 (37 self)
 Add to MetaCart
We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but not probabilistic, choices. The presence of nondeterminism means that certain liveness properties cannot be established unless fairness is assumed. We introduce a probabilistic branching time logic PBTL, based on the logic TPCTL of Hansson [30] and the logic PCTL of [55], resp. pCTL of [14]. The formulas of the logic express properties such as "every request is eventually granted with probability at least p". We give three interpretations for PBTL on concurrent probabilistic processes: the first is standard, while in the remaining two interpretations the branching time quantifiers are taken to range over a certain kind of fair computation trees. We then present a model checking algorithm for...
Algebraic Reasoning for Probabilistic Concurrent Systems
 Proc. IFIP TC2 Working Conference on Programming Concepts and Methods
, 1990
"... We extend Milner's SCCS to obtain a calculus, PCCS, for reasoning about communicating probabilistic processes. In particular, the nondeterministic process summation operator of SCCS is replaced with a probabilistic one, in which the probability of behaving like a particular summand is given explicit ..."
Abstract

Cited by 94 (5 self)
 Add to MetaCart
We extend Milner's SCCS to obtain a calculus, PCCS, for reasoning about communicating probabilistic processes. In particular, the nondeterministic process summation operator of SCCS is replaced with a probabilistic one, in which the probability of behaving like a particular summand is given explicitly. The operational semantics for PCCS is based on the notion of probabilistic derivation, and is given structurally as a set of inference rules. We then present an equational theory for PCCS based on probabilistic bisimulation, an extension of Milner's bisimulation proposed by Larsen and Skou. We provide the first axiomatization of probabilistic bisimulation, a subset of which is relatively complete for finitestate probabilistic processes. In the probabilistic case, a notion of processes with almost identical behavior (i.e., with probability 1 \Gamma ffl, for ffl sufficiently small) appears to be more useful in practice than a notion of equivalence, since the latter is often too restricti...
Implementation of Symbolic Model Checking for Probabilistic Systems
, 2002
"... In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilist ..."
Abstract

Cited by 50 (18 self)
 Add to MetaCart
In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilistic model and a speci cation, such as \the message will be delivered with probability 1", \the probability of shutdown occurring is at most 0.02" or \the probability of a leader being elected within 5 rounds is at least 0.98", and can automatically verify if the speci cation is true in the model.
Verifying Automata Specifications of Probabilistic Realtime Systems
 RealTime: Theory in Practice, Springer LNCS 600
, 1991
"... . We present a modelchecking algorithm for a system presented as a generalized semiMarkov process and a specification given as a deterministic timed automaton. This leads to a method for automatic verification of timing properties of finitestate probabilistic realtime systems. Keywords: Realti ..."
Abstract

Cited by 36 (3 self)
 Add to MetaCart
. We present a modelchecking algorithm for a system presented as a generalized semiMarkov process and a specification given as a deterministic timed automaton. This leads to a method for automatic verification of timing properties of finitestate probabilistic realtime systems. Keywords: Realtime, Probabilistic systems, Automatic verification. 1 Introduction There is increasing awareness that unexpected behavior from interacting processes can cause serious problems. This observation applies not only to programs and digital systems, but also to physical processes, such as robots, automobiles, manufacturing processes, and so on. Indeed, as digital systems become smaller and cheaper, their use to control and interact with physical processes will inevitably increase. Formal verification of these systems seeks mathematical methods for reasoning about their behavior. Automatic formal verification is particularly promising, because it requires far less labor than the manual techniques. ...
Probabilistic Analysis of Anonymity
 IN PROC. 15TH COMPUTER SECURITY FOUNDATIONS WORKSHOP
, 2002
"... We present a formal analysis technique for probabilistic security properties of peertopeer communication systems based on random message routing among members. The behavior of group members and the adversary is modeled as a discretetime Markov chain, and security properties are expressed as PCTL ..."
Abstract

Cited by 32 (1 self)
 Add to MetaCart
We present a formal analysis technique for probabilistic security properties of peertopeer communication systems based on random message routing among members. The behavior of group members and the adversary is modeled as a discretetime Markov chain, and security properties are expressed as PCTL formulas. To illustrate feasibility of the approach, we model the Crowds system for anonymous Web browsing, and use a probabilistic model checker, PRISM, to perform automated analysis of the system and verify anonymity guarantees it provides. The main result of the Crowds analysis is a demonstration of how certain forms of anonymity degrade with the increase in group size and the number of random routing paths.
On the decidability of temporal properties of probabilistic pushdown automata
 In Proc. of STACS’05
, 2005
"... Abstract. We consider qualitative and quantitative modelchecking problems for probabilistic pushdown automata (pPDA) and various temporal logics. We prove that the qualitative and quantitative modelchecking problem for ωregular properties and pPDA is in 2EXPSPACE and 3EXPTIME, respectively. We ..."
Abstract

Cited by 30 (9 self)
 Add to MetaCart
Abstract. We consider qualitative and quantitative modelchecking problems for probabilistic pushdown automata (pPDA) and various temporal logics. We prove that the qualitative and quantitative modelchecking problem for ωregular properties and pPDA is in 2EXPSPACE and 3EXPTIME, respectively. We also prove that modelchecking the qualitative fragment of the logic PECTL ∗ for pPDA is in 2EXPSPACE, and modelchecking the qualitative fragment of PCTL for pPDA is in EXPSPACE. Furthermore, modelchecking the qualitative fragment of PCTL is shown to be EXPTIMEhard even for stateless pPDA. Finally, we show that PCTL modelchecking is undecidable for pPDA, and PCTL + modelchecking is undecidable even for stateless pPDA. 1
Probabilistic Model Checking of an Anonymity System
 Journal of Computer Security
, 2004
"... We use the probabilistic model checker PRISM to analyze the Crowds system for anonymous Web browsing. This case study demonstrates how probabilistic model checking techniques can be used to formally analyze security properties of a peertopeer group communication system based on random message ..."
Abstract

Cited by 30 (1 self)
 Add to MetaCart
We use the probabilistic model checker PRISM to analyze the Crowds system for anonymous Web browsing. This case study demonstrates how probabilistic model checking techniques can be used to formally analyze security properties of a peertopeer group communication system based on random message routing among members. The behavior of group members and the adversary is modeled as a discretetime Markov chain, and the desired security properties are expressed as PCTL formulas. The PRISM model checker is used to perform automated analysis of the system and verify anonymity guarantees it provides. Our main result is a demonstration of how certain forms of probabilistic anonymity degrade when group size increases or random routing paths are rebuilt, assuming that the corrupt group members are able to identify and/or correlate multiple routing paths originating from the same sender.
Algebraic Approaches to Nondeterminism  an Overview
 ACM Computing Surveys
, 1997
"... this paper was published as Walicki, M.A. and Meldal, S., 1995, Nondeterministic Operators in Algebraic Frameworks, Tehnical Report No. CSLTR95664, Stanford University ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
this paper was published as Walicki, M.A. and Meldal, S., 1995, Nondeterministic Operators in Algebraic Frameworks, Tehnical Report No. CSLTR95664, Stanford University
Polynomial Time Algorithms for Testing Probabilistic Bisimulation and Simulation
 Proc. CAV'96, LNCS 1102
, 1996
"... . Various models and equivalence relations or preorders for probabilistic processes are proposed in the literature. This paper deals with a model based on labelled transition systems extended to the probabalistic setting and gives an O(n 2 \Delta m) algorithm for testing probabilistic bisimula ..."
Abstract

Cited by 21 (5 self)
 Add to MetaCart
. Various models and equivalence relations or preorders for probabilistic processes are proposed in the literature. This paper deals with a model based on labelled transition systems extended to the probabalistic setting and gives an O(n 2 \Delta m) algorithm for testing probabilistic bisimulation and an O(n 5 \Delta m 2 ) algorithm for testing probabilistic simulation where n is the number of states and m the number of transitions in the underlying probabilistic transition systems. 1 Introduction Transition systems have proved to be very useful for modelling concurrent processes. A variety of widely accepted equivalence relations and preorders for such systems support the use of transition systems for the design and verification of concurrent systems. In this context, testing equivalences and preorders become important and have been studied e.g. in [3, 4, 8, 11, 17]. For instance, (strong) bisimulation can be decided in time O(m \Delta log n) [22], weak bisimulation in t...