Results 1 
8 of
8
Approximate NonInterference
 Journal of Computer Security
, 2002
"... We address the problem of characterising the security of a program against unauthorised information flows. Classical approaches are based on noninterference models which depend ultimately on the notion of process equivalence. In these models confidentiality is an absolute property stating the absen ..."
Abstract

Cited by 96 (12 self)
 Add to MetaCart
We address the problem of characterising the security of a program against unauthorised information flows. Classical approaches are based on noninterference models which depend ultimately on the notion of process equivalence. In these models confidentiality is an absolute property stating the absence of any illegal information flow. We present a model in which the notion of noninterference is approximated in the sense that it allows for some exactly quantified leakage of information. This is characterised via a notion of process similarity which replaces the indistinguishability of processes by a quantitative measure of their behavioural difference. Such a quantity is related to the number of statistical tests needed to distinguish two behaviours. We also present two semanticsbased analyses of approximate noninterference and we show that one is a correct abstraction of the other.
The Linear TimeBranching Time Spectrum I  The Semantics of Concrete, Sequential Processes
 Handbook of Process Algebra, chapter 1
"... this paper various semantics in the linear time  branching time spectrum are presented in a uniform, modelindependent way. Restricted to the class of finitely branching, concrete, sequential processes, only fifteen of them turn out to be different, and most semantics found in the literature that ..."
Abstract

Cited by 94 (4 self)
 Add to MetaCart
this paper various semantics in the linear time  branching time spectrum are presented in a uniform, modelindependent way. Restricted to the class of finitely branching, concrete, sequential processes, only fifteen of them turn out to be different, and most semantics found in the literature that can be defined uniformly in terms of action relations coincide with one of these fifteen. Several testing scenarios, motivating these semantics, are presented, phrased in terms of `button pushing experiments' on generative and reactive machines. Finally twelve of these semantics are applied to a simple language for finite, concrete, sequential, nondeterministic processes, and for each of them a complete axiomatization is provided.
Behavioural Differential Equations: A Coinductive Calculus of Streams, Automata, and Power Series
, 2000
"... Streams, (automata and) languages, and formal power series are viewed coalgebraically. In summary, this amounts to supplying these sets with a deterministic automaton structure, which has the universal property of being final. Finality then forms the basis for both definitions and proofs by coinduct ..."
Abstract

Cited by 52 (17 self)
 Add to MetaCart
Streams, (automata and) languages, and formal power series are viewed coalgebraically. In summary, this amounts to supplying these sets with a deterministic automaton structure, which has the universal property of being final. Finality then forms the basis for both definitions and proofs by coinduction, the coalgebraic counterpart of induction. Coinductive definitions take the shape of what we have called behavioural differential equations, after Brzozowski's notion of input derivative. A calculus is developed for coinductive reasoning about all of the afore mentioned structures, closely resembling (and at times generalising) calculus from classical analysis. 2000 Mathematics Subject Classification: 68Q10, 68Q55, 68Q85 1998 ACM Computing Classification System: F.1, F.3 Keywords & Phrases: Coalgebra, automaton, finality, coinduction, stream, formal language, formal power series, differential equation, input derivative, behaviour, semiring, maxplus algebra 1 Contents 1 Introductio...
Analysing randomized distributed algorithms
 Validation of Stochastic Systems
, 2004
"... Abstract. Randomization is of paramount importance in practical applications and randomized algorithms are used widely, for example in coordinating distributed computer networks, message routing and cache management. The appeal of randomized algorithms is their simplicity and elegance. However, thi ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Abstract. Randomization is of paramount importance in practical applications and randomized algorithms are used widely, for example in coordinating distributed computer networks, message routing and cache management. The appeal of randomized algorithms is their simplicity and elegance. However, this comes at a cost: the analysis of such systems become very complex, particularly in the context of distributed computation. This arises through the interplay between probability and nondeterminism. To prove a randomized distributed algorithm correct one usually involves two levels: classical, assertionbased reasoning, and a probabilistic analysis based on a suitable probability space on computations. In this paper we describe a number of approaches which allows us to verify the correctness of randomized distributed algorithms. 1
Metric semantics for reactive probabilistic processes
, 1997
"... In this thesis we present three mathematical frameworks for the modelling of reactive probabilistic communicating processes. We first introduce generalised labelled transition systems as a model of such processes and introduce an equivalence, coarser than probabilistic bisimulation, over these syst ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
In this thesis we present three mathematical frameworks for the modelling of reactive probabilistic communicating processes. We first introduce generalised labelled transition systems as a model of such processes and introduce an equivalence, coarser than probabilistic bisimulation, over these systems. Two processes are identified with respect to this equivalence if, for all experiments, the probabilities of the respective processes passing a given experiment are equal. We next consider a probabilistic process calculus including external choice, internal choice, actionguarded probabilistic choice, synchronous parallel and recursion. We give operational semantics for this calculus be means of our generalised labelled transition systems and show that our equivalence is a congruence for this language. Following the methodology introduced by de Bakker & Zucker, we then give denotational semantics to the calculus by means of a complete metric space of probabilistic processes. The derived metric, although not an ultrametric, satisfies the intuitive property that the distance between two processes tends to 0 if a measure of the dif
H.: Tempus fugit: How to plug it
 Journal of Logic and Algebraic Programming
, 2007
"... Secret or private information may be leaked to an external attacker through the timing behaviour of the system running the untrusted code. After introducing a formalisation of this situation in terms of a confinement property, we present an algorithm which is able to transform the system into one th ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
Secret or private information may be leaked to an external attacker through the timing behaviour of the system running the untrusted code. After introducing a formalisation of this situation in terms of a confinement property, we present an algorithm which is able to transform the system into one that is computationally equivalent to the given system but free of timing leaks.
Characteristic Formulae for FixedPoint Semantics: A General Framework
 UNDER CONSIDERATION FOR PUBLICATION IN MATH. STRUCT. IN COMP. SCIENCE
, 2010
"... The literature on concurrency theory offers a wealth of examples of characteristicformula constructions for various behavioural relations over finite labelled transition systems and Kripke structures that are defined in terms of fixed points of suitable functions. Such constructions and their proof ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
The literature on concurrency theory offers a wealth of examples of characteristicformula constructions for various behavioural relations over finite labelled transition systems and Kripke structures that are defined in terms of fixed points of suitable functions. Such constructions and their proofs of correctness have been developed independently, but have a common underlying structure. This study provides a general view of characteristic formulae that are expressed in terms of logics with a facility for the recursive definition of formulae. It is shown how several examples of characteristicformula constructions from the literature can be recovered as instances of the proposed general framework, and how the framework can be used to yield novel constructions. The paper also offers general results pertaining to the definition of cocharacteristic formulae and of characteristic formulae expressed in terms of infinitary modal logics.
Towards Dynamic Probabilistic Logics: A Survey and a Proposal
, 2002
"... In this paper, I will briefly survey probabilistic logics and investigate logics of probabilistic epistemic change, conjectures, and discovery of chances by resourcebounded agents in the sense of the limitation of the available data and its temporal instability, called dynamic probabilistic log ..."
Abstract
 Add to MetaCart
In this paper, I will briefly survey probabilistic logics and investigate logics of probabilistic epistemic change, conjectures, and discovery of chances by resourcebounded agents in the sense of the limitation of the available data and its temporal instability, called dynamic probabilistic logic (DP rL), based on probabilistic dynamic logics and probabilistic Kripke systems, of which equivalence is defined by probabilistic bisimulation.