## Probabilistic Timed Automata for Security Analysis and Design

Citations: | 1 - 1 self |

### BibTeX

@MISC{Troina_probabilistictimed,

author = {Angelo Troina and Supervisor Prof and Andrea Maggiolo Schettini and Referee Prof and Catuscia Palamidessi and Referee Prof and Christel Baier},

title = {Probabilistic Timed Automata for Security Analysis and Design},

year = {}

}

### OpenURL

### Abstract

4 Abstract The usefulness of formal methods for the description and verification of complex systems is nowa-days widely accepted. While some system properties can be studied in a non-timed and nonprobabilistic setting, others, such as quantitative security properties, system performance andreliability properties, require a timed and probabilistic description of the system. This thesis focuses on methods for the formal modeling of probabilistic timed systems, and on algorithms forthe automated verification of their properties. The models considered describe the behavior of a system in terms of time and probability, and the formal description languages used are based onextensions of Timed Automata, Markov Decision Processes and combinations of them.

### Citations

1200 |
The temporal logic of programs
- Pnueli
- 1977
(Show Context)
Citation Context ...ibe the ordering of events in time without introducing time explicitly. They were originally developed by philosophers for investigating the way time is used in natural language arguments [72].Pnueli =-=[124]-=- was the first to use temporal logic for reasoning about concurrency. His approach consisted in proving properties of the program under consideration from a set of axioms thatdescribed the behavior of... |

261 | Anonymous connections and onion routing
- Reed, Syverson, et al.
- 1998
(Show Context)
Citation Context ... protocol (see [30]) and the probabilistic Non-repudiation protocol introducedin [118], to industrial protocols, e.g. the IPv4 Zeroconf protocol as studied in [23], the Crowds [131] and Onion Routing =-=[129]-=- anonymity protocols, etc.. Summing up, the framework we present allows performing a parametric analysis of a rich classof systems, e.g., checking whether a formula holds for different values of the p... |

215 |
Automatic verification of probabilistic concurrent finite state programs
- Vardi
- 1985
(Show Context)
Citation Context ...d Time Model checking has rapidly become a well-established method to analyze and debug complex systems. The first extension of model checking algorithms with probability was proposed in the eighties =-=[62, 134]-=-, originally focusing on qualitative probabilistic temporal properties (i.e. those satisfied with probability 1 or 0), but later also introducing quantitative properties [32]. Probabilistic model chec... |

210 |
Kronos: A Verification Tool for Real-time Systems
- Yovine
- 1997
(Show Context)
Citation Context ...es (regions) as states, and finite-state model checking techniquessxvi INTRODUCTION can be applied to the reduced, finite region automata. Among the model checkers for timed automata we quote Kronos (=-=[135]-=-) and UPPAAL ([12]). I.4 Summary The thesis consists of three main parts. Part I In the first part we deal with information flow security properties in frameworks where aspects of probability and time... |

118 |
A model of information
- Sutherland
- 1986
(Show Context)
Citation Context ...ure in order to capture different behaviour of systems that has to be considered not secure. One of the most interesting and intuitive securityproperties is the Non Deducibility on Composition (NDC ) =-=[142, 51]-=-, which states that what a low level user observes of the system in isolation is not altered when considering all the potentialinteraction of the system with any high level agent of the external envir... |

77 | Finite-State Analysis of SSL 3.0
- Mitchell, Shmatikov, et al.
- 1998
(Show Context)
Citation Context ...e often conveniently analyzed using an explicit approach, we use FHP-Mur' to carry out our analysis.Note that indeed the Mur ' verifier has already been widely used for security verification, e.g. see=-=[45, 112, 113, 108]-=-. We use FHP-Mur ' instead of Mur' since FHP-Mur' extends Mur' capabilitiesto a probabilistic setting. We note that an approximate analysis of the covert channel studied here is presented in [115].How... |

29 | Probabilistic non-repudiation without trusted third party
- Markowitch, Roggeman
- 1999
(Show Context)
Citation Context ...of probability are taken into account when analyzing quantitative security proper-ties (measuring, in this sense, the security level of the protocol) or when dealing with probabilistic protocols (see =-=[5, 6, 7, 21, 97, 118, 112]-=-). I.2 Modeling Formalisms A formal approach must offer languages to describe systems. Many description formalisms havebeen proposed. Process algebras [69, 110] are an algebraic framework with operato... |

14 |
Probability with Martingales Cambridge University Press 1991, Cambridge. 28 Series, Graduate School of Mathematical Sciences, The University of Tokyo UTMS 2004–26 Vilmos Komornik and Masahiro Yamamoto: Estimation of point sources and the applications to i
- Williams
- 1992
(Show Context)
Citation Context ...the basic notions of probability theory (see e.g. [59]), we may assign a probability measure to the runs of a DTMC M by following the traditional Borel oe-algebra approach of basiccylinders sets (see =-=[78, 148]-=-). We denote the probability of a finite run ! = q0 ! q1 ! . . . ! qnwith u(!), defined as follows: uM (!) = ae 1 if n = 0u M (!(n-1)) * ss((qn-1, qn)) if n > 0 Finally, we can extend the notion of me... |

5 | Decidability results for parametric probabilistic transition systems with an application to security
- Lanotte, Maggiolo-Schettini, et al.
- 2004
(Show Context)
Citation Context ...velop, allows us tofind instances that maximize the probability that the protocol ends in a fair state (no participant has an advantage over the others). Results presented in this chapter appeared in =-=[95]-=-. Systems of Data Management Timed Automata (SDMTAs) are networks of communicatingtimed automata with structures to store messages and functions to manipulate them. In Chapter 6 we prove the decidabil... |

3 | Approximating Imperfect Cryptography in a Formal Model
- Troina, Aldini, et al.
- 2005
(Show Context)
Citation Context ... real scenario an adversary witha suitable knowledge may have a good chance of obtaining useful information from a ciphertext that, from a purely formal standpoint, is considered to be a black box.In =-=[145, 146]-=- we tried to fill this gap. A technique is shown for verifying whether the privacy of the ciphertexts exchanged during a protocol can be guaranteed at a reasonable level. The model isbased on the anal... |

1 |
Automatic analysis of a non-repudiationprotocol. Electr. Notes Theor. Comput. Sci
- Lanotte, Maggiolo-Schettini, et al.
- 2005
(Show Context)
Citation Context ...of probability are taken into account when analyzing quantitative security proper-ties (measuring, in this sense, the security level of the protocol) or when dealing with probabilistic protocols (see =-=[5, 6, 7, 21, 97, 118, 112]-=-). I.2 Modeling Formalisms A formal approach must offer languages to describe systems. Many description formalisms havebeen proposed. Process algebras [69, 110] are an algebraic framework with operato... |

1 |
From timed automata to logic - and back. InProc. of MFCS'95, number 969 in Springer LNCS
- Laroussinie, Larsen, et al.
- 1995
(Show Context)
Citation Context ...f, given the TA ^A = (\Sigmas[ \Sigma 0, X [ X0, Q [ Q0, q0, ffi [ ffi0, ^Inv), it holds (q0, 0) ss ^A (q00, 0), where: ^Inv(q) = ae Inv(q) if q 2 QInv0(q) if q 2 Q0 The following result is proved in =-=[101]-=- and [29]. Proposition 1.13 It is decidable whether two TAs are weakly bisimilar.s1.3. TIMED MODEL 15 A1 A2 A1||LA2 `j'i- r 0 6a, x<3`j'i r1 -b `j'ir2 `j'i- u0 6a, x>2`j'i u1 -c `j'iu2 `j'i- q0 6o/, 2... |

1 |
Security Models, pages 1-19. Encyclopedia of Software Engineering
- McLean
- 1966
(Show Context)
Citation Context ...er of requirements, such as confidentiality, availability and integrity, to be satisfied by the system.sCONCEPTS AND MODELS OF SECURITY vii The term security model is used in the literature (e.g. see =-=[105]-=-) to mean the definition of amechanism for enforcing a security property. A security model imposes restrictions on a system interface (usually input/output relations) that are sufficient to ensure tha... |

1 |
The interrogator: Protocol security analysis.IEEE Transactions on Software Engineering
- Millen, Clark, et al.
- 1987
(Show Context)
Citation Context ...ple and intuitive description for cryptographic protocols, many alternative definitions have been proposed on thebasis of several approaches, ranging from modal logics to process algebras (see, e.g., =-=[40, 109, 79, 57, 137, 119, 48, 136]-=-). Security protocols, like distributed programs in general, are sensitive to the passage of time;however, the role of time in the analysis of cryptographic protocols has only recently received some a... |

1 |
20166.WhiteBox DeepCover: User Reference Manual
- Renegard
- 1996
(Show Context)
Citation Context ...sses the requirements to which the implementation must be shown to conform. Verification is done through proof using the EVES [81, 82] verification system, andby testing using WhiteBox DeepCover tool =-=[132]-=-. In this chapter we model the NRL Pump by Probabilistic Automata enriched with variables.The advantage of using these model as representation formalism is twofold. Firstly, on suchs102 CHAPTER 8. AUT... |