Results 1  10
of
69
Discounting the future in systems theory
 In Automata, Languages, and Programming, LNCS 2719
, 2003
"... ..."
(Show Context)
Quantitative Relations and Approximate Process Equivalences
, 2003
"... We introduce a characterisation of probabilistic transition systems (PTS) in terms of linear operators on some suitably defined vector space representing the set of states. Various notions of process equivalences can then be reformulated as abstract linear operators related to the concrete PTS sem ..."
Abstract

Cited by 23 (12 self)
 Add to MetaCart
(Show Context)
We introduce a characterisation of probabilistic transition systems (PTS) in terms of linear operators on some suitably defined vector space representing the set of states. Various notions of process equivalences can then be reformulated as abstract linear operators related to the concrete PTS semantics via a probabilistic abstract interpretation. These process equivalences can be turned into corresponding approximate notions by identifying processes whose abstract operators "differ" by a given quantity, which can be calculated as the norm of the difference operator. We argue that this number can be given a statistical interpretation in terms of the tests needed to distinguish two behaviours.
Measuring anonymity with relative entropy
 In Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust, volume 4691 of LNCS
, 2007
"... Abstract. Anonymity is the property of maintaining secret the identity of users performing a certain action. Anonymity protocols often use random mechanisms which can be described probabilistically. In this paper, we propose a probabilistic process calculus to describe protocols for ensuring anonymi ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Anonymity is the property of maintaining secret the identity of users performing a certain action. Anonymity protocols often use random mechanisms which can be described probabilistically. In this paper, we propose a probabilistic process calculus to describe protocols for ensuring anonymity, and we use the notion of relative entropy from information theory to measure the degree of anonymity these protocols can guarantee. Furthermore, we prove that the operators in the probabilistic process calculus are nonexpansive, with respect to this measuring method. We illustrate our approach by using the example of the Dining Cryptographers Problem. 1
Weak Bisimulation for Probabilistic Timed Automata
 PROC. OF SEFM’03, IEEE CS
, 2003
"... We are interested in describing timed systems that exhibit probabilistic behaviour. To this purpose, we consider a model of Probabilistic Timed Automata and introduce a concept of weak bisimulation for these automata, together with an algorithm to decide it. The weak bisimulation relation is shown t ..."
Abstract

Cited by 17 (6 self)
 Add to MetaCart
We are interested in describing timed systems that exhibit probabilistic behaviour. To this purpose, we consider a model of Probabilistic Timed Automata and introduce a concept of weak bisimulation for these automata, together with an algorithm to decide it. The weak bisimulation relation is shown to be preserved when either time, or probability are abstracted away. As an application, we use weak bisimulation for Probabilistic Timed Automata to model and analyze a timing attack on the dining cryptographers protocol.
Computing the Leakage of InformationHiding Systems
"... Abstract. We address the problem of computing the information leakage of a system in an efficient way. We propose two methods: one based on reducing the problem to reachability, and the other based on techniques from quantitative counterexample generation. The second approach can be used either for ..."
Abstract

Cited by 16 (9 self)
 Add to MetaCart
(Show Context)
Abstract. We address the problem of computing the information leakage of a system in an efficient way. We propose two methods: one based on reducing the problem to reachability, and the other based on techniques from quantitative counterexample generation. The second approach can be used either for exact or approximate computation, and provides feedback for debugging. These methods can be applied also in the case in which the input distribution is unknown. We then consider the interactive case and we point out that the definition of associated channel proposed in literature is not sound. We show however that the leakage can still be defined consistently, and that our methods extend smoothly. 1
Metrics for Markov Decision Processes with Infinite State Spaces
, 2005
"... We present metrics for measuring state similarity in Markov decision processes (MDPs) with infinitely many states, including MDPs with continuous state spaces. Such metrics provide a stable quantitative analogue of the notion of bisimulation for MDPs, and are suitable for use in MDP approximation. W ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
We present metrics for measuring state similarity in Markov decision processes (MDPs) with infinitely many states, including MDPs with continuous state spaces. Such metrics provide a stable quantitative analogue of the notion of bisimulation for MDPs, and are suitable for use in MDP approximation. We show that the optimal value function associated with a discounted infinite horizon planning task varies continuously with respect to our metric distances.
Game relations and metrics
 In LICS’07
, 2007
"... We consider twoplayer games played over finite state spaces for an infinite number of rounds. At each state, the players simultaneously choose moves; the moves determine a successor state. It is often advantageous for players to choose probability distributions over moves, rather than single moves. ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
We consider twoplayer games played over finite state spaces for an infinite number of rounds. At each state, the players simultaneously choose moves; the moves determine a successor state. It is often advantageous for players to choose probability distributions over moves, rather than single moves. Given a goal (e.g., “reach a target state”), the question of winning is thus a probabilistic one: “what is the maximal probability of winning from a given state?”. On these game structures, two fundamental notions are those of equivalences and metrics. Given a set of winning conditions, two states are equivalent if the players can win the same games with the same probability from both states. Metrics provide a bound on the difference in the probabilities of winning across states, capturing a quantitative notion of state “similarity”. We introduce equivalences and metrics for twoplayer game structures, and we show that they characterize the difference in probability of winning games whose goals are expressed in the quantitative µcalculus. The quantitative µcalculus can express a large set of goals, including reachability, safety, and ωregular properties. Thus, we claim that our relations and metrics provide the canonical extensions to games, of the classical notion of bisimulation for transition systems. We develop our results both for equivalences and metrics, which generalize bisimulation, and for asymmetrical versions, which generalize simulation.
Quantifying Timing Leaks and Cost Optimisation
"... We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then show how to measure the security of a program with respect to this notion via a computable est ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
(Show Context)
We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then show how to measure the security of a program with respect to this notion via a computable estimate of the timing leakage and use this estimate for cost optimisation.
Logical, Metric, and Algorithmic Characterisations of Probabilistic Bisimulation
, 2011
"... Many behavioural equivalences or preorders for probabilistic processes involve a lifting operation that turns a relation on states into a relation on distributions of states. We show that several existing proposals for lifting relations can be reconciled to be different presentations of essentially ..."
Abstract

Cited by 11 (5 self)
 Add to MetaCart
(Show Context)
Many behavioural equivalences or preorders for probabilistic processes involve a lifting operation that turns a relation on states into a relation on distributions of states. We show that several existing proposals for lifting relations can be reconciled to be different presentations of essentially the same lifting operation. More interestingly, this lifting operation nicely corresponds to the Kantorovich metric, a fundamental concept used in mathematics to lift a metric on states to a metric on distributions of states, besides the fact the lifting operation is related to the maximum flow problem in optimisation theory. The lifting operation yields a neat notion of probabilistic bisimulation, for which we provide logical, metric, and algorithmic characterisations. Specifically, we extend the HennessyMilner logic and the modal mucalculus with a new modality, resulting in an adequate and an expressive logic for probabilistic bisimilarity, respectively. The correspondence of the lifting operation and the Kantorovich metric leads to a natural characterisation of bisimulations as pseudometrics which are postfixed points of a monotone function. We also present an “on the fly ” algorithm to check if two states in a finitary system are related by probabilistic bisimilarity, exploiting the close relationship
Approximating a behavioural pseudometric without discount
 Proceedings of FoSSaCS’07
"... a family of behavioural pseudometrics for probabilistic transition systems. These pseudometrics are a quantitative analogue of probabilistic bisimilarity. Distance zero captures probabilistic bisimilarity. Each pseudometric has a discount factor, a real number in the interval (0, 1]. The smaller the ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
a family of behavioural pseudometrics for probabilistic transition systems. These pseudometrics are a quantitative analogue of probabilistic bisimilarity. Distance zero captures probabilistic bisimilarity. Each pseudometric has a discount factor, a real number in the interval (0, 1]. The smaller the discount factor, the more the future is discounted. If the discount factor is one, then the future is not discounted at all. Desharnais et al. showed that the behavioural distances can be calculated up to any desired degree of accuracy if the discount factor is smaller than one. In this paper, we show that the distances can also be approximated if the future is not discounted. A key ingredient of our algorithm is Tarski’s decision procedure for the first order theory over real closed fields. By exploiting the KantorovichRubinstein duality theorem we can restrict to the existential fragment for which more efficient decision procedures exist. 1