We develop a model of Parametric Probabilistic Transition Systems. In this model probabilities associated with transitions may be parameters, and we show how to find instances of parameters that satisfy a given property and instances that either maximize or minimize the probability of reaching a given state. We show, as an application, the model of a probabilistic non repudiation protocol. The theory we develop, allows us to find instances that maximize the probability that the protocol ends in a fair state (no participant has an advantage over the others).

We define a probabilistic model for the analysis of a Non-Repudiation protocol that guarantees fairness, without resorting to a trusted third party, by means of a probabilistic algorithm. By using the PRISM model checker, we estimate the probability for a malicious user to break the non-repudiation property, depending on various parameters of the protocol.

We show that team automata (TA) are well suited for security analysis by reformulating the Generalized NonDeducibility on Compositions (GNDC) schema in terms of TA. We then use this to show that integrity is guaranteed for a case study in which TA model an instance of the Efficient Multi-chained Stream Signature (EMSS) protocol.

In [30], Kleijn presented a survey of the use of team automata for the specification and analysis of phenomena from the field of computer supported cooperative work, in particular notions related to groupware systems. In this paper we present a survey of the use of team automata for the specification and analysis of some issues from the field of security.

The paper introduces symbolic bisimulations for a simple probabilistic π-calculus to overcome the infinite branching problem that still exists in checking ground bisimulations between probabilistic systems. Especially the definition of weak (symbolic) bisimulation does not rely on the random capability of adversaries and suggests a solution to the open problem on the axiomatization for weak bisimulation in the case of unguarded recursion. Furthermore, we present an efficient characterization of symbolic bisimulations for the calculus, which allows the ”on-the-fly ” instantiation of bound names and dynamic construction of equivalence relations for quantitative evaluation. This directly results in a local decision algorithm that can explore just a minimal portion of the state spaces of the probabilistic processes in question. 1

In [30], Kleijn presented a survey of the use of team automata for the specification and analysis of phenomena from the field of computer supported cooperative work, in particular notions related to groupware systems. In this paper we present a survey of the use of team automata for the specification and analysis of some issues from the field of security. Key words: team automata, access control, security, cryptographic communication protocols 1

Abstract. Probabilistic timed automata are an extension of timed automata with discrete probability distributions. Simulation and bisimulation relations are widely-studied in the context of the analysis of system models, with applications in the stepwise development of systems and in model reduction. In this paper, we study probabilistic timed simulation and bisimulation relations for probabilistic timed automata. We present an EXPTIME algorithm for deciding whether two probabilistic timed automata are probabilistically timed similar or bisimilar. Furthermore, we consider a logical characterization of probabilistic timed bisimulation. 1

In multilevel systems it is important to avoid unwanted indirect information flow from higher levels to lower levels, namely the so called covert channels. Initial studies of information flow analysis were performed by abstracting away from time and probability. It is already known that systems that are considered to be secure may turn out to be insecure when time or probability are considered. Recently, work has been done in order to consider also aspects either of time or of probability, but not both. In this paper we propose a general framework, based on Probabilistic Timed Automata, where both probabilistic and timing covert channels can be studied. We define a Non-Interference security property that allows one to express information flow in a timed and probabilistic setting, and we compare the property with analogous properties defined in settings where either time or probability or none of them are taken into account. This allows to classify properties depending on their discerning power.

Abstract: Probabilistic timed automata can be used to model systems in which probabilistic and timing behavior coexist. Verification of probabilistic timed automata models is generally performed with regard to a single reference valuation of the timing parameters. Given such a parameter valuation, we present a method for obtaining automatically a constraint on timing parameters for which the reachability probabilities (1) remain invariant and (2) are equal to the reachability probabilities for the reference valuation. The method relies on parametric analysis of a nonprobabilistic version of the probabilistic timed automata model using the “inverse method”. Our approach is useful for avoiding repeated executions of probabilistic model checking analyses for the same model with different parameter valuations. We provide examples of the application of our technique to models of randomized protocols.

Abstract—In multilevel systems it is important to avoid unwanted indirect information flow from higher levels to lower levels, namely the so called covert channels. Initial studies of information flow analysis were performed by abstracting away from time and probability. It is already known that systems that are proved to be secure in a possibilistic framework may turn out to be insecure when time or probability are considered. Recently, work has been done in order to consider also aspects either of time or of probability, but not both. In this paper we propose a general framework, based on Probabilistic Timed Automata, where both probabilistic and timing covert channels can be studied. We define a Non-Interference security property and a Non Deducibility on Composition security property, which allow expressing information flow in a timed and probabilistic setting. We then compare these properties with analogous ones defined in contexts where either time or probability or neither of them are taken into account. This permits a classification of the properties depending on their discerning power. As an application, we study a system with covert channels that we are able to discover by applying our techniques.