Results 1  10
of
24
Quantifying Information Flow
 In Proc. IEEE Computer Security Foundations Workshop
, 2002
"... We extend definitions of information flow so as to quantify the amount of information passed; in other words, we give a formal definition of the capacity of covert channels. Our definition uses the process algebra CSP, and is based upon counting the number of di#erent behaviours of a high level user ..."
Abstract

Cited by 82 (1 self)
 Add to MetaCart
We extend definitions of information flow so as to quantify the amount of information passed; in other words, we give a formal definition of the capacity of covert channels. Our definition uses the process algebra CSP, and is based upon counting the number of di#erent behaviours of a high level user that can be distinguished by a low level user. 1
Weak Bisimulation for Fully Probabilistic Processes
, 1999
"... Bisimulations that abstract from internal computation have proven to be useful for verification of compositionally defined transition systems. In the literature of probabilistic extensions of such transition systems, similar bisimulations are rare. In this paper, we introduce weak and branching bisi ..."
Abstract

Cited by 57 (7 self)
 Add to MetaCart
Bisimulations that abstract from internal computation have proven to be useful for verification of compositionally defined transition systems. In the literature of probabilistic extensions of such transition systems, similar bisimulations are rare. In this paper, we introduce weak and branching bisimulation for fully probabilistic systems, transition systems where nondeterministic branching is replaced by probabilistic branching. In contrast to the nondeterministic case, both relations coincide. We give an algorithm to decide weak (and branching) bisimulation with a time complexity cubic in the number of states of the fully probabilistic system. This meets the worst case complexity for deciding branching bisimulation in the nondeterministic case. In addition, the relation is shown to be a congruence with respect to the operators of PLSCCS , a lazy synchronous probabilistic variant of CCS. We illustrate that due to these properties, weak bisimulation provides all the crucial ingredients...
Implementation of Symbolic Model Checking for Probabilistic Systems
, 2002
"... In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilist ..."
Abstract

Cited by 50 (18 self)
 Add to MetaCart
In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilistic model and a speci cation, such as \the message will be delivered with probability 1", \the probability of shutdown occurring is at most 0.02" or \the probability of a leader being elected within 5 rounds is at least 0.98", and can automatically verify if the speci cation is true in the model.
Abstract interpretation of probabilistic semantics
 In Seventh International Static Analysis Symposium (SAS’00), number 1824 in Lecture Notes in Computer Science
, 2000
"... Abstract. Following earlier models, we lift standard deterministic and nondeterministic semantics of imperative programs to probabilistic semantics. This semantics allows for random external inputs of known or unknown probability and random number generators. We then propose a method of analysis of ..."
Abstract

Cited by 29 (5 self)
 Add to MetaCart
Abstract. Following earlier models, we lift standard deterministic and nondeterministic semantics of imperative programs to probabilistic semantics. This semantics allows for random external inputs of known or unknown probability and random number generators. We then propose a method of analysis of programs according to this semantics, in the general framework of abstract interpretation. This method lifts an “ordinary ” abstract lattice, for nonprobabilistic programs, to one suitable for probabilistic programs. Our construction is highly generic. We discuss the influence of certain parameters on the precision of the analysis, basing ourselves on experimental results. 1
Nondeterminism and Probabilistic Choice: Obeying the Laws
 In Proc. 11th CONCUR, volume 1877 of LNCS
, 2000
"... In this paper we describe how to build semantic models that support both nondeterministic choice and probabilistic choice. Several models exist that support both of these constructs, but none that we know of satisfies all the laws one would like. Using domaintheoretic techniques, we show how models ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
In this paper we describe how to build semantic models that support both nondeterministic choice and probabilistic choice. Several models exist that support both of these constructs, but none that we know of satisfies all the laws one would like. Using domaintheoretic techniques, we show how models can be devised using the "standard model" for probabilistic choice, and then applying modified domaintheoretic models for nondeterministic choice. These models are distinguished by the fact that the expected laws for nondeterministic choice and probabilistic choice remain valid. We also describe some potential applications of our model to aspects of security.
Axioms for Probability and Nondeterminism
 ENTCS
, 2003
"... This paper presents a domain model for a process algebra featuring both probabilistic and nondeterministic choice. The former is modelled using the probabilistic powerdomain of Jones and Plotkin, while the latter is modelled by a geometrically convex variant of the Plotkin powerdomain. The main resu ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
This paper presents a domain model for a process algebra featuring both probabilistic and nondeterministic choice. The former is modelled using the probabilistic powerdomain of Jones and Plotkin, while the latter is modelled by a geometrically convex variant of the Plotkin powerdomain. The main result is to show that the expected laws for probability and nondeterminism are sound and complete with respect to the model. We also present an operational semantics for the process algebra, and we show that the domain model is fully abstract with respect to probabilistic bisimilarity.
An Abstract MonteCarlo Method for the Analysis of Probabilistic Programs
, 2001
"... We introduce a new method, combination of random testing and abstract interpretation, for the analysis of programs featuring both probabilistic and nonprobabilistic nondeterminism. After introducing "ordinary" testing, we show how to combine testing and abstract interpretation and give formulas l ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
We introduce a new method, combination of random testing and abstract interpretation, for the analysis of programs featuring both probabilistic and nonprobabilistic nondeterminism. After introducing "ordinary" testing, we show how to combine testing and abstract interpretation and give formulas linking the precision of the results to the number of iterations. We then discuss complexity and optimization issues and end with some experimental results.
Algebraic Theory of Probabilistic and Nondeterministic Processes
 PROCEEDINGS OF THE WORKSHOP
, 2001
"... In this paper we present an algebraic language for the specification of probabilistic and nondeterministic processes, PNAL, which is a probabilistic extension of EPL (Algebraic Theory of Processes, M. Hennessy) that maintains nondeterminism.We have ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
In this paper we present an algebraic language for the specification of probabilistic and nondeterministic processes, PNAL, which is a probabilistic extension of EPL (Algebraic Theory of Processes, M. Hennessy) that maintains nondeterminism.We have
Analysing randomized distributed algorithms
 Validation of Stochastic Systems
, 2004
"... Abstract. Randomization is of paramount importance in practical applications and randomized algorithms are used widely, for example in coordinating distributed computer networks, message routing and cache management. The appeal of randomized algorithms is their simplicity and elegance. However, thi ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Abstract. Randomization is of paramount importance in practical applications and randomized algorithms are used widely, for example in coordinating distributed computer networks, message routing and cache management. The appeal of randomized algorithms is their simplicity and elegance. However, this comes at a cost: the analysis of such systems become very complex, particularly in the context of distributed computation. This arises through the interplay between probability and nondeterminism. To prove a randomized distributed algorithm correct one usually involves two levels: classical, assertionbased reasoning, and a probabilistic analysis based on a suitable probability space on computations. In this paper we describe a number of approaches which allows us to verify the correctness of randomized distributed algorithms. 1
ConfidentialityPreserving Refinement Is Compositional  Sometimes
 IN ESORICS, VOLUME 2502 OF LNCS
, 2002
"... Confidentialitypreserving refinement describes a relation between a specification and an implementation that ensures that all confidentiality properties required in the specification are preserved by the implementation. Stating positively what an observer may learn about the executing system, the s ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Confidentialitypreserving refinement describes a relation between a specification and an implementation that ensures that all confidentiality properties required in the specification are preserved by the implementation. Stating positively what an observer may learn about the executing system, the specification implicitly requires that all other information about the system be kept confidential. Confidentialitypreserving refinement preserves that property even in a probabilistic setting. The present paper investigates the condition under which that notion of refinement is compositional, i.e. the condition under which refining a subsystem of a larger system yields a confidentialitypreserving refinement. It turns out that the refinement relation is not composition in general, but the condition for compositionality can be stated in a way that builds on the analysis of subsystems and aids systems designers in analyzing a composition.