Results 1  10
of
114
Bisimulation for Labelled Markov Processes
 Information and Computation
, 1997
"... In this paper we introduce a new class of labelled transition systems  Labelled Markov Processes  and define bisimulation for them. ..."
Abstract

Cited by 139 (23 self)
 Add to MetaCart
In this paper we introduce a new class of labelled transition systems  Labelled Markov Processes  and define bisimulation for them.
PROBABILISTIC PREDICATE TRANSFORMERS
, 1995
"... Predicate transformers facilitate reasoning about imperative programs, including those exhibiting demonic nondeterministic choice. Probabilistic predicate transformers extend that facility to programs containing probabilistic choice, so that one can in principle determine not only whether a program ..."
Abstract

Cited by 106 (31 self)
 Add to MetaCart
Predicate transformers facilitate reasoning about imperative programs, including those exhibiting demonic nondeterministic choice. Probabilistic predicate transformers extend that facility to programs containing probabilistic choice, so that one can in principle determine not only whether a program is guaranteed to establish a certain result, but also its probability of doing so. We bring together independent work of Claire Jones and Jifeng He, showing how their constructions can be made to correspond � from that link between a predicatebased and a relationbased view of probabilistic execution we are able to propose `probabilistic healthiness conditions', generalising those of Dijkstra for ordinary predicate transformers. The associated calculus seems suitable for exploring further the rigorous derivation of imperative probabilistic programs.
Symbolic Analysis for Parallelizing Compilers
, 1994
"... Symbolic Domain The objects in our abstract symbolic domain are canonical symbolic expressions. A canonical symbolic expression is a lexicographically ordered sequence of symbolic terms. Each symbolic term is in turn a pair of an integer coefficient and a sequence of pairs of pointers to program va ..."
Abstract

Cited by 105 (4 self)
 Add to MetaCart
Symbolic Domain The objects in our abstract symbolic domain are canonical symbolic expressions. A canonical symbolic expression is a lexicographically ordered sequence of symbolic terms. Each symbolic term is in turn a pair of an integer coefficient and a sequence of pairs of pointers to program variables in the program symbol table and their exponents. The latter sequence is also lexicographically ordered. For example, the abstract value of the symbolic expression 2ij+3jk in an environment that i is bound to (1; (( " i ; 1))), j is bound to (1; (( " j ; 1))), and k is bound to (1; (( " k ; 1))) is ((2; (( " i ; 1); ( " j ; 1))); (3; (( " j ; 1); ( " k ; 1)))). In our framework, environment is the abstract analogous of state concept; an environment is a function from program variables to abstract symbolic values. Each environment e associates a canonical symbolic value e x for each variable x 2 V ; it is said that x is bound to e x. An environment might be represented by...
Probabilistic noninterference in a concurrent language
, 1998
"... In [15], we give a type system that guarantees that welltyped multithreaded programs are possibilistically noninterfering. If thread scheduling is probabilistic, however, then welltyped programs may have probabilistic timing channels. We describe how they can be eliminated without making the type ..."
Abstract

Cited by 92 (7 self)
 Add to MetaCart
In [15], we give a type system that guarantees that welltyped multithreaded programs are possibilistically noninterfering. If thread scheduling is probabilistic, however, then welltyped programs may have probabilistic timing channels. We describe how they can be eliminated without making the type system more restrictive. We show that welltyped concurrent programs are probabilistically noninterfering if every total command with a high guard executes atomically. The proof uses the concept of a probabilistic state of a computation, following the work of Kozen [10].
A Per Model of Secure Information Flow in Sequential Programs
 HIGHERORDER AND SYMBOLIC COMPUTATION
, 1998
"... This paper proposes an extensional semanticsbased formal specification of secure informationflow properties in sequential programs based on representing degrees of security by partial equivalence relations (pers). The specification clarifies and unifies a number of specific correctness arguments i ..."
Abstract

Cited by 90 (18 self)
 Add to MetaCart
This paper proposes an extensional semanticsbased formal specification of secure informationflow properties in sequential programs based on representing degrees of security by partial equivalence relations (pers). The specification clarifies and unifies a number of specific correctness arguments in the literature and connections to other forms of program analysis. The approach is inspired by (and in the deterministic case equivalent to) the use of partial equivalence relations in specifying bindingtime analysis, and is thus able to specify security properties of higherorder functions and "partially confidential data". We also show how the per approach can handle nondeterminism for a firstorder language, by using powerdomain semantics and show how probabilistic security properties can be formalised by using probabilistic powerdomain semantics. We illustrate the usefulness of the compositional nature of the security specifications by presenting a straightforward correctness proof for a simple typebased security analysis.
The Metric Analogue of Weak Bisimulation for Probabilistic Processes
, 2002
"... We observe that equivalence is not a robust concept in the presence of numerical information  such as probabilities  in the model. We develop a metric analogue of weak bisimulation in the spirit of our earlier work on metric analogues for strong bisimulation. We give a fixed point characterization ..."
Abstract

Cited by 56 (3 self)
 Add to MetaCart
We observe that equivalence is not a robust concept in the presence of numerical information  such as probabilities  in the model. We develop a metric analogue of weak bisimulation in the spirit of our earlier work on metric analogues for strong bisimulation. We give a fixed point characterization of the metric. This makes available coinductive reasoning principles and allows us to prove metric analogues of the usual algebraic laws for process combinators. We also show that quantitative properties of interest are continuous with respect to the metric, which says that if two processes are close in the metric then observable quantitative properties of interest are indeed close. As an important example of this we show that nearby processes have nearby channel capacities  a quantitative measure of their propensity to leak information.
Belief in information flow
 In Proc. 18th IEEE Computer Security Foundations Workshop
, 2005
"... Information leakage traditionally has been defined to occur when uncertainty about secret data is reduced. This uncertaintybased approach is inadequate for measuring information flow when an attacker is making assumptions about secret inputs and these assumptions might be incorrect; such attacker b ..."
Abstract

Cited by 53 (10 self)
 Add to MetaCart
Information leakage traditionally has been defined to occur when uncertainty about secret data is reduced. This uncertaintybased approach is inadequate for measuring information flow when an attacker is making assumptions about secret inputs and these assumptions might be incorrect; such attacker beliefs are an unavoidable aspect of any satisfactory definition of leakage. To reason about information flow based on beliefs, a model is developed that describes how attacker beliefs change due to the attacker’s observation of the execution of a probabilistic (or deterministic) program. The model leads to a new metric for quantitative information flow that measures accuracy rather than uncertainty of beliefs. 1.
Probabilistic PolynomialTime Equivalence and Security Analysis
 IN PROC. WORLD CONGRESS ON FORMAL METHODS, VOLUME 1708 OF LNCS
, 1999
"... We use properties of observational equivalence for a probabilistic process calculus to prove an authentication property of a cryptographic protocol. The process calculus is a form of calculus, with probabilistic scheduling instead of nondeterminism, over a term language that captures probabili ..."
Abstract

Cited by 52 (12 self)
 Add to MetaCart
We use properties of observational equivalence for a probabilistic process calculus to prove an authentication property of a cryptographic protocol. The process calculus is a form of calculus, with probabilistic scheduling instead of nondeterminism, over a term language that captures probabilistic polynomial time. The operational semantics of this calculus gives priority to communication over private channels, so that the presence of private communication does not affect the observable probability of visible actions. Our definition of observational equivalence involves asymptotic comparison of uniform process families, only requiring equivalence to within vanishing error probabilities. This definition differs from previous notions of probabilistic process equivalence that require equal probabilities for corresponding actions; asymptotics fit our intended application and make equivalence transitive, thereby justifying the use of the term "equivalence." Our security proof uses a series of lemmas about probabilistic observational equivalence that may well prove useful for establishing correctness of other cryptographic protocols.
An Operational Semantics for Probabilistic Concurrent Constraint Programming
, 1998
"... This paper investigates a probabilistic version of the concurrent constraint programming paradigm (CCP). The aim is to introduce the possibility to formulate so called "randomised algorithms" within the CCP framework. Differently from common approaches in (imperative) highlevel programming language ..."
Abstract

Cited by 31 (13 self)
 Add to MetaCart
This paper investigates a probabilistic version of the concurrent constraint programming paradigm (CCP). The aim is to introduce the possibility to formulate so called "randomised algorithms" within the CCP framework. Differently from common approaches in (imperative) highlevel programming languages, which rely on some kind of random() function, we introduce randomness in the very definition of the language by means of a probabilistic choice construct. This allows a program to make stochastic moves during its execution. We call the resulting language Probabilistic Concurrent Constraint Programming (PCCP). We present an operational semantics for PCCP by means of a probabilistic transition system such that the execution of a PCCP program may be seen as a stochastic process, i.e. as a random walk on the transition graph. The transition probabilities are given explicitly. This semantics captures a notion of observables which combines results of computations and the probability of those re...
Abstract interpretation of probabilistic semantics
 In Seventh International Static Analysis Symposium (SAS’00), number 1824 in Lecture Notes in Computer Science
, 2000
"... Abstract. Following earlier models, we lift standard deterministic and nondeterministic semantics of imperative programs to probabilistic semantics. This semantics allows for random external inputs of known or unknown probability and random number generators. We then propose a method of analysis of ..."
Abstract

Cited by 29 (5 self)
 Add to MetaCart
Abstract. Following earlier models, we lift standard deterministic and nondeterministic semantics of imperative programs to probabilistic semantics. This semantics allows for random external inputs of known or unknown probability and random number generators. We then propose a method of analysis of programs according to this semantics, in the general framework of abstract interpretation. This method lifts an “ordinary ” abstract lattice, for nonprobabilistic programs, to one suitable for probabilistic programs. Our construction is highly generic. We discuss the influence of certain parameters on the precision of the analysis, basing ourselves on experimental results. 1