Results 1  10
of
367
Universally composable security: A new paradigm for cryptographic protocols
, 2013
"... We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved ..."
Abstract

Cited by 850 (43 self)
 Add to MetaCart
We present a general framework for representing cryptographic protocols and analyzing their security. The framework allows specifying the security requirements of practically any cryptographic task in a unified and systematic way. Furthermore, in this framework the security of protocols is preserved under a general protocol composition operation, called universal composition. The proposed framework with its securitypreserving composition operation allows for modular design and analysis of complex cryptographic protocols from relatively simple building blocks. Moreover, within this framework, protocols are guaranteed to maintain their security in any context, even in the presence of an unbounded number of arbitrary protocol instances that run concurrently in an adversarially controlled manner. This is a useful guarantee, that allows arguing about the security of cryptographic protocols in complex and unpredictable environments such as modern communication networks.
Automatic verification of realtime systems with discrete probability distributions
 Theoretical Computer Science
, 1999
"... Abstract. We consider the timed automata model of [3], which allows the analysis of realtime systems expressed in terms of quantitative timing constraints. Traditional approaches to realtime system description express the model purely in terms of nondeterminism; however, we may wish to express the ..."
Abstract

Cited by 119 (34 self)
 Add to MetaCart
Abstract. We consider the timed automata model of [3], which allows the analysis of realtime systems expressed in terms of quantitative timing constraints. Traditional approaches to realtime system description express the model purely in terms of nondeterminism; however, we may wish to express the likelihood of the system making certain transitions. In this paper, we present a model for realtime systems augmented with discrete probability distributions. Furthermore, using the algorithm of [5] with fairness, we develop a model checking method for such models against temporal logic properties which can refer both to timing properties and probabilities, such as, “with probability 0.6 or greater, the clock x remains below 5 until clock y exceeds 2”. 1
On probabilistic model checking
, 1996
"... Abstract. This tutorial presents an overview of model checking for both discrete and continuoustime Markov chains (DTMCs and CTMCs). Model checking algorithms are given for verifying DTMCs and CTMCs against specifications written in probabilistic extensions of temporal logic, including quantitative ..."
Abstract

Cited by 106 (26 self)
 Add to MetaCart
Abstract. This tutorial presents an overview of model checking for both discrete and continuoustime Markov chains (DTMCs and CTMCs). Model checking algorithms are given for verifying DTMCs and CTMCs against specifications written in probabilistic extensions of temporal logic, including quantitative properties with rewards. Example properties include the probability that a fault occurs and the expected number of faults in a given time period. We also describe the practical application of stochastic model checking with the probabilistic model checker PRISM by outlining the main features supported by PRISM and three realworld case studies: a probabilistic security protocol, dynamic power management and a biological pathway. 1
Symbolic model checking for probabilistic processes
 IN PROCEEDINGS OF ICALP '97
, 1997
"... We introduce a symbolic model checking procedure for Probabilistic Computation Tree Logic PCTL over labelled Markov chains as models. Model checking for probabilistic logics typically involves solving linear equation systems in order to ascertain the probability of a given formula holding in a stat ..."
Abstract

Cited by 98 (29 self)
 Add to MetaCart
(Show Context)
We introduce a symbolic model checking procedure for Probabilistic Computation Tree Logic PCTL over labelled Markov chains as models. Model checking for probabilistic logics typically involves solving linear equation systems in order to ascertain the probability of a given formula holding in a state. Our algorithm is based on the idea of representing the matrices used in the linear equation systems by MultiTerminal Binary Decision Diagrams (MTBDDs) introduced in Clarke et al [14]. Our procedure, based on the algorithm used by Hansson and Jonsson [24], uses BDDs to represent formulas and MTBDDs to represent Markov chains, and is efficient because it avoids explicit state space construction. A PCTL model checker is being implemented in Verus [9].
Fast Asynchronous Byzantine Agreement with Optimal Resilience
, 1998
"... It is known that, in both asynchronous and synchronous networks, no Byzantine Agreement (BA) protocol for n players exists if d e of the players are faulty (in other words, no BA protocol is d eresilient). The only known asynchronous (d e \Gamma 1)resilient BA protocol runs in expected ..."
Abstract

Cited by 83 (0 self)
 Add to MetaCart
It is known that, in both asynchronous and synchronous networks, no Byzantine Agreement (BA) protocol for n players exists if d e of the players are faulty (in other words, no BA protocol is d eresilient). The only known asynchronous (d e \Gamma 1)resilient BA protocol runs in expected exponential time, and the best resilience achieved by an asynchronous protocol with polynomial complexity is (d 4 e \Gamma 1). The question whether there exists an asynchronous (d BA protocol with polynomial complexity remained open.
Process Algebra for Performance Evaluation
, 2000
"... This paper surveys the theoretical developments in the field of stochastic process algebras, process algebras where action occurrences may be subject to a delay that is determined by a random variable. A huge class of resourcesharing systems  like largescale computers, clientserver architectur ..."
Abstract

Cited by 73 (13 self)
 Add to MetaCart
This paper surveys the theoretical developments in the field of stochastic process algebras, process algebras where action occurrences may be subject to a delay that is determined by a random variable. A huge class of resourcesharing systems  like largescale computers, clientserver architectures, networks  can accurately be described using such stochastic specification formalisms.
Implementation of Symbolic Model Checking for Probabilistic Systems
, 2002
"... In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilist ..."
Abstract

Cited by 71 (21 self)
 Add to MetaCart
In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilistic model and a speci cation, such as \the message will be delivered with probability 1", \the probability of shutdown occurring is at most 0.02" or \the probability of a leader being elected within 5 rounds is at least 0.98", and can automatically verify if the speci cation is true in the model.
Comparative branchingtime semantics for Markov chains
 Information and Computation
, 2003
"... This paper presents various semantics in the branchingtime spectrum of discretetime and continuoustime Markov chains (DTMCs and CTMCs). Strong and weak bisimulation equivalence and simulation preorders are covered and are logically characterised in terms of the temporal logics PCTL (Probabilisti ..."
Abstract

Cited by 64 (17 self)
 Add to MetaCart
(Show Context)
This paper presents various semantics in the branchingtime spectrum of discretetime and continuoustime Markov chains (DTMCs and CTMCs). Strong and weak bisimulation equivalence and simulation preorders are covered and are logically characterised in terms of the temporal logics PCTL (Probabilistic Computation Tree Logic) and CSL (Continuous Stochastic Logic). Apart from presenting various existing branchingtime relations in a uniform manner, this paper presents the following new results: (i) strong simulation for CTMCs, (ii) weak simulation for CTMCs and DTMCs, (iii) logical characterizations thereof (including weak bisimulation for DTMCs), (iv) a relation between weak bisimulation and weak simulation equivalence, and (v) various connections between equivalences and preorders in the continuous and discretetime setting. The results are summarized in a branchingtime spectrum for DTMCs and CTMCs elucidating their semantics as well as their relationship. Key Words: comparative semantics, Markov chain, (weak) simulation, (weak) bisimulation, temporal logic
Compositionality for probabilistic automata
 In Proc. 14th International Conference on Concurrency Theory (CONCUR 2003), volume 2761 of LNCS
, 2003
"... x ..."
(Show Context)