Results 1  10
of
215
Universally composable security: A new paradigm for cryptographic protocols
, 2013
"... We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved ..."
Abstract

Cited by 611 (34 self)
 Add to MetaCart
We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved under a general protocol composition operation, called universal composition. The proposed framework with its securitypreserving composition operation allows for modular design and analysis of complex cryptographic protocols from relatively simple building blocks. Moreover, within this framework, protocols are guaranteed to maintain their security in any context, even in the presence of an unbounded number of arbitrary protocol instances that run concurrently in an adversarially controlled manner. This is a useful guarantee, that allows arguing about the security of cryptographic protocols in complex and unpredictable environments such as modern communication networks.
Symbolic model checking for probabilistic processes
 IN PROCEEDINGS OF ICALP '97
, 1997
"... We introduce a symbolic model checking procedure for Probabilistic Computation Tree Logic PCTL over labelled Markov chains as models. Model checking for probabilistic logics typically involves solving linear equation systems in order to ascertain the probability of a given formula holding in a stat ..."
Abstract

Cited by 83 (29 self)
 Add to MetaCart
We introduce a symbolic model checking procedure for Probabilistic Computation Tree Logic PCTL over labelled Markov chains as models. Model checking for probabilistic logics typically involves solving linear equation systems in order to ascertain the probability of a given formula holding in a state. Our algorithm is based on the idea of representing the matrices used in the linear equation systems by MultiTerminal Binary Decision Diagrams (MTBDDs) introduced in Clarke et al [14]. Our procedure, based on the algorithm used by Hansson and Jonsson [24], uses BDDs to represent formulas and MTBDDs to represent Markov chains, and is efficient because it avoids explicit state space construction. A PCTL model checker is being implemented in Verus [9].
Automatic verification of realtime systems with discrete probability distributions
 Theoretical Computer Science
, 1999
"... Abstract. We consider the timed automata model of [3], which allows the analysis of realtime systems expressed in terms of quantitative timing constraints. Traditional approaches to realtime system description express the model purely in terms of nondeterminism; however, we may wish to express the ..."
Abstract

Cited by 72 (27 self)
 Add to MetaCart
Abstract. We consider the timed automata model of [3], which allows the analysis of realtime systems expressed in terms of quantitative timing constraints. Traditional approaches to realtime system description express the model purely in terms of nondeterminism; however, we may wish to express the likelihood of the system making certain transitions. In this paper, we present a model for realtime systems augmented with discrete probability distributions. Furthermore, using the algorithm of [5] with fairness, we develop a model checking method for such models against temporal logic properties which can refer both to timing properties and probabilities, such as, “with probability 0.6 or greater, the clock x remains below 5 until clock y exceeds 2”. 1
Fast Asynchronous Byzantine Agreement with Optimal Resilience
, 1998
"... It is known that, in both asynchronous and synchronous networks, no Byzantine Agreement (BA) protocol for n players exists if d e of the players are faulty (in other words, no BA protocol is d eresilient). The only known asynchronous (d e \Gamma 1)resilient BA protocol runs in expected ..."
Abstract

Cited by 68 (0 self)
 Add to MetaCart
It is known that, in both asynchronous and synchronous networks, no Byzantine Agreement (BA) protocol for n players exists if d e of the players are faulty (in other words, no BA protocol is d eresilient). The only known asynchronous (d e \Gamma 1)resilient BA protocol runs in expected exponential time, and the best resilience achieved by an asynchronous protocol with polynomial complexity is (d 4 e \Gamma 1). The question whether there exists an asynchronous (d BA protocol with polynomial complexity remained open.
Weak Bisimulation for Fully Probabilistic Processes
, 1999
"... Bisimulations that abstract from internal computation have proven to be useful for verification of compositionally defined transition systems. In the literature of probabilistic extensions of such transition systems, similar bisimulations are rare. In this paper, we introduce weak and branching bisi ..."
Abstract

Cited by 57 (7 self)
 Add to MetaCart
Bisimulations that abstract from internal computation have proven to be useful for verification of compositionally defined transition systems. In the literature of probabilistic extensions of such transition systems, similar bisimulations are rare. In this paper, we introduce weak and branching bisimulation for fully probabilistic systems, transition systems where nondeterministic branching is replaced by probabilistic branching. In contrast to the nondeterministic case, both relations coincide. We give an algorithm to decide weak (and branching) bisimulation with a time complexity cubic in the number of states of the fully probabilistic system. This meets the worst case complexity for deciding branching bisimulation in the nondeterministic case. In addition, the relation is shown to be a congruence with respect to the operators of PLSCCS , a lazy synchronous probabilistic variant of CCS. We illustrate that due to these properties, weak bisimulation provides all the crucial ingredients...
On probabilistic model checking
, 1996
"... Abstract. This tutorial presents an overview of model checking for both discrete and continuoustime Markov chains (DTMCs and CTMCs). Model checking algorithms are given for verifying DTMCs and CTMCs against specifications written in probabilistic extensions of temporal logic, including quantitative ..."
Abstract

Cited by 55 (6 self)
 Add to MetaCart
Abstract. This tutorial presents an overview of model checking for both discrete and continuoustime Markov chains (DTMCs and CTMCs). Model checking algorithms are given for verifying DTMCs and CTMCs against specifications written in probabilistic extensions of temporal logic, including quantitative properties with rewards. Example properties include the probability that a fault occurs and the expected number of faults in a given time period. We also describe the practical application of stochastic model checking with the probabilistic model checker PRISM by outlining the main features supported by PRISM and three realworld case studies: a probabilistic security protocol, dynamic power management and a biological pathway. 1
Process Algebra for Performance Evaluation
, 2000
"... This paper surveys the theoretical developments in the field of stochastic process algebras, process algebras where action occurrences may be subject to a delay that is determined by a random variable. A huge class of resourcesharing systems  like largescale computers, clientserver architectur ..."
Abstract

Cited by 52 (13 self)
 Add to MetaCart
This paper surveys the theoretical developments in the field of stochastic process algebras, process algebras where action occurrences may be subject to a delay that is determined by a random variable. A huge class of resourcesharing systems  like largescale computers, clientserver architectures, networks  can accurately be described using such stochastic specification formalisms.
Implementation of Symbolic Model Checking for Probabilistic Systems
, 2002
"... In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilist ..."
Abstract

Cited by 50 (18 self)
 Add to MetaCart
In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilistic model and a speci cation, such as \the message will be delivered with probability 1", \the probability of shutdown occurring is at most 0.02" or \the probability of a leader being elected within 5 rounds is at least 0.98", and can automatically verify if the speci cation is true in the model.
Discounting the future in systems theory
 In Automata, Languages, and Programming, LNCS 2719
, 2003
"... ..."
Compositionality for probabilistic automata
 In Proc. 14th International Conference on Concurrency Theory (CONCUR 2003), volume 2761 of LNCS
, 2003
"... x ..."