Results 1  10
of
39
Discounting the future in systems theory
 In Automata, Languages, and Programming, LNCS 2719
, 2003
"... ..."
Quantitative Relations and Approximate Process Equivalences
, 2003
"... We introduce a characterisation of probabilistic transition systems (PTS) in terms of linear operators on some suitably defined vector space representing the set of states. Various notions of process equivalences can then be reformulated as abstract linear operators related to the concrete PTS sem ..."
Abstract

Cited by 21 (11 self)
 Add to MetaCart
We introduce a characterisation of probabilistic transition systems (PTS) in terms of linear operators on some suitably defined vector space representing the set of states. Various notions of process equivalences can then be reformulated as abstract linear operators related to the concrete PTS semantics via a probabilistic abstract interpretation. These process equivalences can be turned into corresponding approximate notions by identifying processes whose abstract operators "differ" by a given quantity, which can be calculated as the norm of the difference operator. We argue that this number can be given a statistical interpretation in terms of the tests needed to distinguish two behaviours.
Weak Bisimulation for Probabilistic Timed Automata
 PROC. OF SEFM’03, IEEE CS
, 2003
"... We are interested in describing timed systems that exhibit probabilistic behaviour. To this purpose, we consider a model of Probabilistic Timed Automata and introduce a concept of weak bisimulation for these automata, together with an algorithm to decide it. The weak bisimulation relation is shown t ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
We are interested in describing timed systems that exhibit probabilistic behaviour. To this purpose, we consider a model of Probabilistic Timed Automata and introduce a concept of weak bisimulation for these automata, together with an algorithm to decide it. The weak bisimulation relation is shown to be preserved when either time, or probability are abstracted away. As an application, we use weak bisimulation for Probabilistic Timed Automata to model and analyze a timing attack on the dining cryptographers protocol.
Measuring anonymity with relative entropy
 In Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust, volume 4691 of LNCS
, 2007
"... Abstract. Anonymity is the property of maintaining secret the identity of users performing a certain action. Anonymity protocols often use random mechanisms which can be described probabilistically. In this paper, we propose a probabilistic process calculus to describe protocols for ensuring anonymi ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
Abstract. Anonymity is the property of maintaining secret the identity of users performing a certain action. Anonymity protocols often use random mechanisms which can be described probabilistically. In this paper, we propose a probabilistic process calculus to describe protocols for ensuring anonymity, and we use the notion of relative entropy from information theory to measure the degree of anonymity these protocols can guarantee. Furthermore, we prove that the operators in the probabilistic process calculus are nonexpansive, with respect to this measuring method. We illustrate our approach by using the example of the Dining Cryptographers Problem. 1
Computing the Leakage of InformationHiding Systems
"... Abstract. We address the problem of computing the information leakage of a system in an efficient way. We propose two methods: one based on reducing the problem to reachability, and the other based on techniques from quantitative counterexample generation. The second approach can be used either for ..."
Abstract

Cited by 9 (6 self)
 Add to MetaCart
Abstract. We address the problem of computing the information leakage of a system in an efficient way. We propose two methods: one based on reducing the problem to reachability, and the other based on techniques from quantitative counterexample generation. The second approach can be used either for exact or approximate computation, and provides feedback for debugging. These methods can be applied also in the case in which the input distribution is unknown. We then consider the interactive case and we point out that the definition of associated channel proposed in literature is not sound. We show however that the leakage can still be defined consistently, and that our methods extend smoothly. 1
Metrics for Markov Decision Processes with Infinite State Spaces
, 2005
"... We present metrics for measuring state similarity in Markov decision processes (MDPs) with infinitely many states, including MDPs with continuous state spaces. Such metrics provide a stable quantitative analogue of the notion of bisimulation for MDPs, and are suitable for use in MDP approximation. W ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
We present metrics for measuring state similarity in Markov decision processes (MDPs) with infinitely many states, including MDPs with continuous state spaces. Such metrics provide a stable quantitative analogue of the notion of bisimulation for MDPs, and are suitable for use in MDP approximation. We show that the optimal value function associated with a discounted infinite horizon planning task varies continuously with respect to our metric distances.
Game relations and metrics
 In LICS’07
, 2007
"... We consider twoplayer games played over finite state spaces for an infinite number of rounds. At each state, the players simultaneously choose moves; the moves determine a successor state. It is often advantageous for players to choose probability distributions over moves, rather than single moves. ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
We consider twoplayer games played over finite state spaces for an infinite number of rounds. At each state, the players simultaneously choose moves; the moves determine a successor state. It is often advantageous for players to choose probability distributions over moves, rather than single moves. Given a goal (e.g., “reach a target state”), the question of winning is thus a probabilistic one: “what is the maximal probability of winning from a given state?”. On these game structures, two fundamental notions are those of equivalences and metrics. Given a set of winning conditions, two states are equivalent if the players can win the same games with the same probability from both states. Metrics provide a bound on the difference in the probabilities of winning across states, capturing a quantitative notion of state “similarity”. We introduce equivalences and metrics for twoplayer game structures, and we show that they characterize the difference in probability of winning games whose goals are expressed in the quantitative µcalculus. The quantitative µcalculus can express a large set of goals, including reachability, safety, and ωregular properties. Thus, we claim that our relations and metrics provide the canonical extensions to games, of the classical notion of bisimulation for transition systems. We develop our results both for equivalences and metrics, which generalize bisimulation, and for asymmetrical versions, which generalize simulation.
Quantifying Timing Leaks and Cost Optimisation
"... We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then show how to measure the security of a program with respect to this notion via a computable est ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then show how to measure the security of a program with respect to this notion via a computable estimate of the timing leakage and use this estimate for cost optimisation.
Information Flow in Interactive Systems
, 2010
"... Abstract. We consider the problem of defining the information leakage in interactive systems where secrets and observables can alternate during the computation. We show that the informationtheoretic approach which interprets such systems as (simple) noisy channels is not valid anymore. However, the ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
Abstract. We consider the problem of defining the information leakage in interactive systems where secrets and observables can alternate during the computation. We show that the informationtheoretic approach which interprets such systems as (simple) noisy channels is not valid anymore. However, the principle can be recovered if we consider more complicated types of channels, that in Information Theory are known as channels with memory and feedback. We show that there is a complete correspondence between interactive systems and such kind of channels. Furthermore, we show that the capacity of the channels associated to such systems is a continuous function of the Kantorovich metric. 1
Approximate reasoning for realtime probabilistic processes
 of Systems, First International Conference on (QEST’04), 00:304–313
, 2004
"... We develop a pseudometric analogue of bisimulation for generalized semiMarkov processes. The kernel of this pseudometric corresponds to bisimulation; thus we have extended bisimulation for continuoustime probabilistic processes to a much broader class of distributions than exponential distributio ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We develop a pseudometric analogue of bisimulation for generalized semiMarkov processes. The kernel of this pseudometric corresponds to bisimulation; thus we have extended bisimulation for continuoustime probabilistic processes to a much broader class of distributions than exponential distributions. This pseudometric gives a useful handle on approximate reasoning in the presence of numerical information — such as probabilities and time — in the model. We give a fixed point characterization of the pseudometric. This makes available coinductive reasoning principles for reasoning about distances. We demonstrate that our approach is insensitive to potentially ad hoc articulations of distance by showing that it is intrinsic to an underlying uniformity. We provide a logical characterization of this uniformity using a realvalued modal logic. We show that several quantitative properties of interest are continuous with respect to the pseudometric. Thus, if two processes are metrically close, then observable quantitative properties of interest are indeed close. 1