Results 1  10
of
25
Information Flow Analysis in a DiscreteTime Process Algebra
 Proc. of 13th CSFW, IEEE CS
, 2000
"... Some of the non interference properties studied in [4, 6, 18] for information flow analysis in computer systems, notably BNDC , are reformulated here in a realtime setting. This is done by enhancing the Security Process Algebra of [6, 10] with some extra constructs to model realtime systems (in a d ..."
Abstract

Cited by 34 (6 self)
 Add to MetaCart
Some of the non interference properties studied in [4, 6, 18] for information flow analysis in computer systems, notably BNDC , are reformulated here in a realtime setting. This is done by enhancing the Security Process Algebra of [6, 10] with some extra constructs to model realtime systems (in a discrete time setting); and then by studying the natural extensions of those properties in this enriched setting. We prove essentially the same results known for the untimed case: ordering relation among properties, compositionality aspects, partial model checking techniques. Finally, we illustrate a case study of a system that presents no information flows when analyzed without considering timing constraints. But, when the specification is refined with time, some interesting information flows are detected.
The Power of Reachability Testing for Timed Automata
 THEORETICAL COMPUTER SCIENCE
, 2001
"... The computational engine of the verification tool UPPAAL consists of a collection of efficient algorithms for the analysis of reachability properties of systems. Modelchecking of properties other than plain reachability ones may currently be carried out in such a tool as follows. Given a property t ..."
Abstract

Cited by 30 (11 self)
 Add to MetaCart
The computational engine of the verification tool UPPAAL consists of a collection of efficient algorithms for the analysis of reachability properties of systems. Modelchecking of properties other than plain reachability ones may currently be carried out in such a tool as follows. Given a property to modelcheck, the user must provide a test automaton T for it. This test automaton must be such that the original system S has the property expressed by precisely when none of the distinguished reject states of T can be reached in the parallel composition of S with T . This raises the question of which properties may be analyzed by UPPAAL in such a way. This paper gives an answer to this question by providing a complete characterization of the class of properties for which modelchecking can be reduced to reachability testing in the sense outlined above. This result is obtained as a corollary of a stronger statement pertaining to the compositionality of the property language considered in this study. In particular, it is shown that our language is the least expressive compositional language that can express a simple safety property stating that no reject state can ever be reached. Finally, the property language characterizing the power of reachability testing is used to provide a definition of characteristic properties with respect to a timed version of the ready simulation preorder, for nodes of free, deterministic timed automata.
Analysis of security protocols as open systems
 Theoretical Computer Science
, 2003
"... We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represe ..."
Abstract

Cited by 26 (13 self)
 Add to MetaCart
We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represent a hostile environment wherein the protocol runs and whose behavior cannot be predicted a priori. We define a language for the description of security protocols, namely CryptoCCS, and a logical language for expressing their properties. We provide an effective verification method for security protocols which is based on a suitable extension of partial model checking. Indeed, we obtain a decidability result for the secrecy analysis of protocols with a finite number of sessions, bounded message size and new nonce generation.
Verification of large state/event systems using compositionality and dependency analysis
, 1998
"... A state/event model is a concurrent version of Mealy machines used for describing embedded reactive systems. This paper introduces a technique that uses compositionality and dependency analysis to signicantly improve the eciency of symbolic model checking of state/event models. It makes possible au ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
A state/event model is a concurrent version of Mealy machines used for describing embedded reactive systems. This paper introduces a technique that uses compositionality and dependency analysis to signicantly improve the eciency of symbolic model checking of state/event models. It makes possible automated veri cation of large industrial designs with the use of only modest resources (less than 20 minutes on a standard PC for a model with 1421 concurrent machines). The results of the paper are being implemented in the next version of the commercial tool visualSTATE™.
A Compositional Proof System for the Modal µCalculus
, 1994
"... We present a proof system for determining satisfaction between processes in a fairly general process algebra and assertions of the modal µcalculus. The proof system is compositional in the structure of processes. It extends earlier work on compositional reasoning within the modal µcalculus and com ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
We present a proof system for determining satisfaction between processes in a fairly general process algebra and assertions of the modal µcalculus. The proof system is compositional in the structure of processes. It extends earlier work on compositional reasoning within the modal µcalculus and combines it with techniques from work on local model checking. The proof system is sound for all processes and complete for a class of finitestate processes.
On the Existence of Network Invariants for Verifying Parameterized Systems
 In Correct System Design  Recent Insights and Advances, 1710, LNCS
, 1999
"... Over the last decade, finitestate verification methods have been developed to an impressive tool for analysis of complex programs, such as protocols and hardware circuits. Partialorder reduction and BDDbased symbolic model checking have been instrumental in this development. Currently, much ef ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Over the last decade, finitestate verification methods have been developed to an impressive tool for analysis of complex programs, such as protocols and hardware circuits. Partialorder reduction and BDDbased symbolic model checking have been instrumental in this development. Currently, much effort is devoted to advancing further the power of automated verification to cover also infinitestate systems. A prominent class of infinitestate systems are socalled parameterized systems, i.e., systems with many similar processes, in which the number of processes is unbounded and their interconnection pattern may vary within the range of some constraints. In this paper, we partially review the use of induction over the system structure for the verification of parameterized systems. Wolper and Lovinfosse have introduced the term network invariant for the induction hypothesis in such a proof by induction. They also observe that wellbehaved (e.g., finitestate) network invariant...
On ContextSensitive Substitutability of Web Services
 In 5th IEEE International Conference on Web Services
, 2007
"... Web service substitution refers to the problem of identifying a service that can replace another service in the context of a composition with a specified functionality. Existing solutions to this problem rely on detecting the functional and behavioral equivalence of a particular service to be replac ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Web service substitution refers to the problem of identifying a service that can replace another service in the context of a composition with a specified functionality. Existing solutions to this problem rely on detecting the functional and behavioral equivalence of a particular service to be replaced and candidate services that could replace it. We introduce the notion of contextspecific substitutability, where context refers to the overall functionality of the composition that is required to be maintained after replacement of its constituents. Using the context information, we investigate two variants of the substitution problem, namely environmentindependent and environmentdependent, where environment refers to the constituents of a composition and show how the substitutability criteria can be relaxed within this model. We provide a logical formulation of the resulting criteria based on model checking techniques as well as prove the soundness and completeness of the proposed approach.
Partial Model Checking with ROBDDs
, 1997
"... This paper introduces a technique for localizing model checking of concurrent statebased systems. The technique, called partial model checking, is fully automatic and performs model checking by gradually specializing the specification with respect to the concurrent components one by one, computing ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
This paper introduces a technique for localizing model checking of concurrent statebased systems. The technique, called partial model checking, is fully automatic and performs model checking by gradually specializing the specification with respect to the concurrent components one by one, computing a "concurrent weakest precondition." Specifications are invariance properties and the concurrent components are sets of transitions. Both are expressed as predicates represented by Reduced Ordered Binary Decision Diagrams (ROBDDs). The selfreducing properties of ROBDDs are important for the success of the technique. We describe experimental results obtained on four different examples.
Checking Temporal Business Rules
 In: Proceedings of the First International REA Workshop
, 2004
"... In this paper we describe an eventbased algorithm for runtime verification of timed linear temporal logic. The algorithm is based on a rewriting of the formula expressing a desired or undesired property of a timed system. Rewriting takes place, at discrete points in time, but only when there is ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
In this paper we describe an eventbased algorithm for runtime verification of timed linear temporal logic. The algorithm is based on a rewriting of the formula expressing a desired or undesired property of a timed system. Rewriting takes place, at discrete points in time, but only when there is a relevant statechange taking place in the timed system, or a deadline, determined by the formula, has been passed. By limiting the rewriting to only points in time where an event occurs, and not at all discrete timepoints, makes the algorithm useful in situations where there are large data sets and large di#erences in the relevant time scales (ranging perhaps from milliseconds to months as in business software).