Results 1  10
of
19
Model Checking for a Probabilistic Branching Time Logic with Fairness
 Distributed Computing
, 1998
"... We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but n ..."
Abstract

Cited by 116 (37 self)
 Add to MetaCart
We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but not probabilistic, choices. The presence of nondeterminism means that certain liveness properties cannot be established unless fairness is assumed. We introduce a probabilistic branching time logic PBTL, based on the logic TPCTL of Hansson [30] and the logic PCTL of [55], resp. pCTL of [14]. The formulas of the logic express properties such as "every request is eventually granted with probability at least p". We give three interpretations for PBTL on concurrent probabilistic processes: the first is standard, while in the remaining two interpretations the branching time quantifiers are taken to range over a certain kind of fair computation trees. We then present a model checking algorithm for...
Process Algebra for Performance Evaluation
, 2000
"... This paper surveys the theoretical developments in the field of stochastic process algebras, process algebras where action occurrences may be subject to a delay that is determined by a random variable. A huge class of resourcesharing systems  like largescale computers, clientserver architectur ..."
Abstract

Cited by 52 (13 self)
 Add to MetaCart
This paper surveys the theoretical developments in the field of stochastic process algebras, process algebras where action occurrences may be subject to a delay that is determined by a random variable. A huge class of resourcesharing systems  like largescale computers, clientserver architectures, networks  can accurately be described using such stochastic specification formalisms.
Implementation of Symbolic Model Checking for Probabilistic Systems
, 2002
"... In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilist ..."
Abstract

Cited by 50 (18 self)
 Add to MetaCart
In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilistic model and a speci cation, such as \the message will be delivered with probability 1", \the probability of shutdown occurring is at most 0.02" or \the probability of a leader being elected within 5 rounds is at least 0.98", and can automatically verify if the speci cation is true in the model.
Performance analysis of probabilistic timed automata using digital clocks
 Proc. Formal Modeling and Analysis of Timed Systems (FORMATS’03), volume 2791 of LNCS
, 2003
"... ..."
Concurrent Reachability Games
, 2008
"... We consider concurrent twoplayer games with reachability objectives. In such games, at each round, player 1 and player 2 independently and simultaneously choose moves, and the two choices determine the next state of the game. The objective of player 1 is to reach a set of target states; the objecti ..."
Abstract

Cited by 49 (20 self)
 Add to MetaCart
We consider concurrent twoplayer games with reachability objectives. In such games, at each round, player 1 and player 2 independently and simultaneously choose moves, and the two choices determine the next state of the game. The objective of player 1 is to reach a set of target states; the objective of player 2 is to prevent this. These are zerosum games, and the reachability objective is one of the most basic objectives: determining the set of states from which player 1 can win the game is a fundamental problem in control theory and system verification. There are three types of winning states, according to the degree of certainty with which player 1 can reach the target. From type1 states, player 1 has a deterministic strategy to always reach the target. From type2 states, player 1 has a randomized strategy to reach the target with probability 1. From type3 states, player 1 has for every real ε> 0 a randomized strategy to reach the target with probability greater than 1 − ε. We show that for finite state spaces, all three sets of winning states can be computed in polynomial time: type1 states in linear time, and type2 and type3 states in quadratic time. The algorithms to compute the three sets of winning states also enable the construction of the winning and spoiling strategies.
Discounting the future in systems theory
 In Automata, Languages, and Programming, LNCS 2719
, 2003
"... ..."
Probabilistic Model Checking of Deadline Properties in the IEEE1394 FireWire Root Contention Protocol
 in the IEEE 1394 FireWire root contention protocol. Special Issue of Formal Aspects of Computing
"... The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automati ..."
Abstract

Cited by 35 (23 self)
 Add to MetaCart
The increasing dependence of businesses on distributed architectures and computer networking places heavy demands on the speed and reliability of data exchange, leading to the emergence of sophisticated protocols which involve both realtime and randomization, for example FireWire IEEE1394. Automatic verification techniques such as model checking have been adapted to this class of probabilistic, timed systems [1, 9, 3, 14]. This abstract considers an application of such techniques to the IEEE1394 (FireWire) root contention protocol, in which the interplay between timed and probabilistic aspects is used to break the symmetry which may arise during the leader election process. Here, the properties of interest concern the election of a leader within a certain deadline, with a certain probability or greater. Our specification formalism is that of probabilistic timed automata [14], a variant of timed automa...
Probabilistic model checking of the IEEE 802.11 wireless local area network protocol
 Proc. 2nd Joint International Workshop on Process Algebra and Probabilistic Methods, Performance Modeling and Verification (PAPM/PROBMIV’02), volume 2399 of LNCS
, 2002
"... ..."
Analysis of probabilistic contract signing
 Journal of Computer Security
, 2003
"... (this research was performed while at SRI International) We present three case studies, investigating the use of probabilistic model checking to automatically analyse properties of probabilistic contract signing protocols. We use the probabilistic model checker PRISM to analyse three protocols: Rabi ..."
Abstract

Cited by 23 (4 self)
 Add to MetaCart
(this research was performed while at SRI International) We present three case studies, investigating the use of probabilistic model checking to automatically analyse properties of probabilistic contract signing protocols. We use the probabilistic model checker PRISM to analyse three protocols: Rabin’s probabilistic protocol for fair commitment exchange; the probabilistic contract signing protocol of BenOr, Goldreich, Micali, and Rivest; and a randomised protocol for signing contracts of Even, Goldreich, and Lempel. These case studies illustrate the general methodology for applying probabilistic model checking to formal verification of probabilistic security protocols. For the BenOr et al. protocol, we demonstrate the difficulty of combining fairness with timeliness. If, as required by timeliness, the judge responds to participants ’ messages immediately upon receiving them, then there exists a strategy for a misbehaving participant that brings the protocol to an unfair state with arbitrarily high probability, unless unusually strong assumptions are made about the quality of the communication channels between the judge and honest participants. We quantify the tradeoffs involved in the attack strategy, and discuss possible modifications of the protocol that ensure both fairness and timeliness. For the Even et al. protocol, we demonstrate that the responder enjoys a distinct advantage. With probability 1, the protocol reaches a state in which the responder possesses the initiator’s commitment, but the initiator does not possess the responder’s commitment. We then analyse several variants of the protocol, exploring the tradeoff between fairness and the number of messages that must be exchanged between participants.
Controller synthesis for probabilistic systems
 In Proceedings of IFIP TCS’2004
, 2004
"... Supported by the DFGProject “VERIAM ” and the DFGNWOProject “VOSS”. Supported by the European Research Training Network “Games”. Abstract Controller synthesis addresses the question of how to limit the internal behavior of a given implementation to meet its specification, regardless of the behavi ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Supported by the DFGProject “VERIAM ” and the DFGNWOProject “VOSS”. Supported by the European Research Training Network “Games”. Abstract Controller synthesis addresses the question of how to limit the internal behavior of a given implementation to meet its specification, regardless of the behavior enforced by the environment. In this paper, we consider a model with probabilism and nondeterminism where the nondeterministic choices in some states are assumed to be controllable, while the others are under the control of an unpredictable environment. We first consider probabilistic computation tree logic as specification formalism, discuss the role of strategytypes for the controller and show the NPhardness of the controller synthesis problem. The second part of the paper presents a controller synthesis algorithm for automataspecifications which relies on a reduction to the synthesis problem for PCTL with fairness. 1.