Results 11  20
of
44
Modelchecking processes with data
 In Science of Computer Programming
, 2005
"... We propose a procedure for automatically verifying properties (expressed in an extension of the modal µcalculus) over processes with data, specified in µCRL. We first briefly review existing work, such as the theory of µCRL and we discuss the logic, called first order modal µcalculus in more detai ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
We propose a procedure for automatically verifying properties (expressed in an extension of the modal µcalculus) over processes with data, specified in µCRL. We first briefly review existing work, such as the theory of µCRL and we discuss the logic, called first order modal µcalculus in more detail. Then, we introduce the formalism of first order boolean equation systems and focus on several lemmata that are at the basis of the soundness of our decision procedure. We discuss our findings on three nontrivial applications for a prototype implementation of this procedure. The results show that our prototype can deal with quite complex and interesting properties and systems, showing the efficacy of the approach.
Equivalence checking for infinite systems using parameterized boolean equation systems
 In Proc. CONCUR’07, LNCS 4703
, 2007
"... Abstract. In this paper, we provide a transformation from the branching bisimulation problem for infinite, concurrent, dataintensive systems in linear process format, into solving Parameterized Boolean Equation Systems. We prove correctness and illustrate the approach with two examples. We also pro ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. In this paper, we provide a transformation from the branching bisimulation problem for infinite, concurrent, dataintensive systems in linear process format, into solving Parameterized Boolean Equation Systems. We prove correctness and illustrate the approach with two examples. We also provide small adaptations to obtain similar transformations for strong and weak bisimulations and simulation equivalences. 1
A framework for automatically checking anonymity with mcrl
 In Proceedings TGC’06, LNCS
, 2007
"... Abstract. We present a powerful and flexible method for automatically checking anonymity in a possibilistic generalpurpose process algebraic verification toolset. We propose new definitions of a choice anonymity degree and a player anonymity degree, to quantify the precision with which an intruder ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. We present a powerful and flexible method for automatically checking anonymity in a possibilistic generalpurpose process algebraic verification toolset. We propose new definitions of a choice anonymity degree and a player anonymity degree, to quantify the precision with which an intruder is able to single out the true originator of a given event or to associate the right event to a given protocol participant. We show how these measures of anonymity can be automatically calculated from a protocol specification in µCRL, by using a combination of dedicated tools and existing stateoftheart µCRLtools. To illustrate the flexibility of our method we test the Dining Cryptographers problem and the FOO 92 voting protocol. Our definitions of anonymity provide an accurate picture of the different ways that anonymity can break down, due for instance to coallitions of inside intruders. Our calculations can be performed on a cluster of machines, allowing us to check protocols for large numbers of participants. 1
PartialOrder Process Algebra (and its Relation to Petri Nets)
 Handbook of Process Algebra. Elsevier Science
, 2000
"... To date, many different formalisms exist for describing and analyzing the behavior of concurrent systems. Petri nets and process algebras are two wellknown classes of such formalisms. Petrinet theory is well suited for reasoning about concurrent systems in a partialorder framework; it handles c ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
To date, many different formalisms exist for describing and analyzing the behavior of concurrent systems. Petri nets and process algebras are two wellknown classes of such formalisms. Petrinet theory is well suited for reasoning about concurrent systems in a partialorder framework; it handles causal relationships between actions of concurrent systems in an explicit way. Process algebras, on the other hand, often provide a totalorder framework, which means that information about causalities is not always accurate. This chapter illustrates how to develop a partialorder process algebra in the style of ACP. It is shown how to extend such an algebraic theory with a causality mechanism inspired by Petrinet theory. In addition, the chapter clarifies the concepts of interleaving and noninterleaving process algebra; totalorder semantics for concurrent systems are often incorrectly referred to as interleaving semantics. Key words: process algebra  Petri nets  concurrency  ...
A Checker For Modal Formulas For Processes With Data
 Proceedings of FMCO 2003, volume 3188 of LNCS
, 2002
"... We propose an algorithm for the automatic verification of firstorder modal calculus formulae on infinite state, datadependent processes. The use of boolean equation systems for solving the modelchecking problem in the finite case is wellstudied. In this paper, we extend on this solution, such th ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
We propose an algorithm for the automatic verification of firstorder modal calculus formulae on infinite state, datadependent processes. The use of boolean equation systems for solving the modelchecking problem in the finite case is wellstudied. In this paper, we extend on this solution, such that we can deal with infinite state, datadependent processes. We provide a transformation from the model checking problem to first order boolean equation systems. Moreover, we present an algorithm to solve these equation systems and discuss the capabilities of the algorithm, implemented in a prototype. We also present the application of our prototype tool to several wellknown infinite state processes from the literature. This prototype has also been successfully applied in proving properties of systems that we could not deal with using other available tools.
Hybrid Transition Systems
"... this report. In practice, often the discrete part of a hybrid system is described and analysed using methods from computer science, while the continuous part is handled by control science. Because the analysis of the interaction between the discrete and continuous part is extremely difficult, the d ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
this report. In practice, often the discrete part of a hybrid system is described and analysed using methods from computer science, while the continuous part is handled by control science. Because the analysis of the interaction between the discrete and continuous part is extremely difficult, the design of the complete system is usually such that this interaction is suppressed to a minimum. This is the main *This work was financed by Progress/STW Grant EES5173 reason for the development of a theory on hybrid systems. If we can obtain more insight in the interaction between discrete and continuous behaviour, we can get rid of the current restrictions on the design of a hybrid system. In the remainder of this report, system theory, automata theory and process theory, are referred to as classical theories, as opposed to combinations of those in hybrid theories. Our ultimate goal is a syntactical algebraic structure that can serve as a modeling framework for hybrid systems and in which we can do symbolic analysis. As will become clear in the next section, such an algebra should have an underlying mathematical structure that reflects the meaning of the algebraic operators. This underlying structure must be intuitive from both a control science and a computer science point of view
Verified design of an automated parking garage
 Formal Methods: Applications and Technology
, 2007
"... Abstract. Parking garages that stow and retrieve cars automatically are becoming viable solutions for parking shortages. However, these are complex systems and a number of severe incidents involving such garages have been reported. Many of these are related to safety issues in software. We apply ver ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. Parking garages that stow and retrieve cars automatically are becoming viable solutions for parking shortages. However, these are complex systems and a number of severe incidents involving such garages have been reported. Many of these are related to safety issues in software. We apply verification techniques to develop a software design for an automated parking garage. This design meets a number of safety requirements. We provide a software architecture that allows one to split implementation, safety and algorithmic aspects of the software. Consequently, we give a highlevel description of the safety aspects and verify a number of safety requirements on this model. Also, we briefly discuss how this analysis is simplified by using a custom visualization tool. 1
Partial Order Reductions using Compositional Confluence Detection
 16TH INTERNATIONAL SYMPOSIUM ON FORMAL METHODS FM'2009
, 2009
"... Explicit state methods have proven useful in verifying safetycritical systems containing concurrent processes that run asynchronously and communicate. Such methods consist of inspecting the states and transitions of a graph representation of the system. Their main limitation is state explosion, wh ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Explicit state methods have proven useful in verifying safetycritical systems containing concurrent processes that run asynchronously and communicate. Such methods consist of inspecting the states and transitions of a graph representation of the system. Their main limitation is state explosion, which happens when the graph is too large to be stored in the available computer memory. Several techniques can be used to palliate state explosion, such as onthefly verification, compositional verification, and partial order reductions. In this paper, we propose a new technique of partial order reductions based on compositional confluence detection (Ccd), which can be combined with the techniques mentioned above. Ccd is based upon a generalization of the notion of confluence defined by Milner and exploits the fact that synchronizing transitions that are confluent in the individual processes yield a confluent transition in the system graph. It thus consists of analysing the transitions of the individual process graphs and the synchronization structure to identify such confluent transitions compositionally. Under some additional conditions, the confluent transitions can be given priority over the other transitions, thus enabling graph reductions. We propose two such additional conditions: one ensuring that the generated graph is equivalent to the original system graph modulo branching bisimulation, and one ensuring that the generated graph contains the same deadlock states as the original system graph. We also describe how Ccdbased reductions were implemented in the Cadp toolbox, and present examples and a case study in which adding Ccd improves reductions with respect to compositional verification and other partial order reductions.
Action and predicate safety of hybrid processes
, 2004
"... In this paper, we study two kinds of safety properties for hybrid processes, namely safety for actions and safety for predicates on model variables. We give an algebraic specification of these safety properties using the process algebra HyPA, and show how to reduce the question of safety of a linear ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
In this paper, we study two kinds of safety properties for hybrid processes, namely safety for actions and safety for predicates on model variables. We give an algebraic specification of these safety properties using the process algebra HyPA, and show how to reduce the question of safety of a linear process specification to the question of safety of its subprocesses. As an example, we study a variant of Fischer’s protocol, in which there can be a relative error between the clocks that are used. 1
Architecting security with Paradigm
 Architecting Dependable Systems VI
"... Abstract. For large security systems a clear separation of concerns is achieved through architecting. Particularly the dynamic consistency between the architectural components should be addressed, in addition to individual component behaviour. In this paper, relevant dynamic consistency is specified ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Abstract. For large security systems a clear separation of concerns is achieved through architecting. Particularly the dynamic consistency between the architectural components should be addressed, in addition to individual component behaviour. In this paper, relevant dynamic consistency is specified through Paradigm, a coordination modeling language based on dynamic constraints. As it is argued, this fits well with security issues. A smaller example introduces the architectural approach towards implementing security policies. A larger casestudy illustrates the use of Paradigm in analyzing the FOO voting scheme. In addition, translating the Paradigm models into process algebra brings model checking within reach. Security properties of the examples discussed, are formally verified with the model checker mCRL2. 1