Results 1  10
of
17
Characterising testing preorders for finite probabilistic processes
 In LICS’07: Proceedings of the 22nd Annual IEEE Symposium on Logic in Computer Science. IEEE Computer Society Press, Los Alamitos, CA
"... In 1992 Wang & Larsen extended the may and must preorders of De Nicola and Hennessy to processes featuring probabilistic as well as nondeterministic choice. They concluded with two problems that have remained open throughout the years, namely to find complete axiomatisations and alternative cha ..."
Abstract

Cited by 30 (10 self)
 Add to MetaCart
(Show Context)
In 1992 Wang & Larsen extended the may and must preorders of De Nicola and Hennessy to processes featuring probabilistic as well as nondeterministic choice. They concluded with two problems that have remained open throughout the years, namely to find complete axiomatisations and alternative characterisations for these preorders. This paper solves both problems for finite processes with silent moves. It characterises the may preorder in terms of simulation, and the must preorder in terms of failure simulation. It also gives a characterisation of both preorders using a modal logic. Finally it axiomatises both preorders over a probabilistic version of CSP. 1.
Making random choices invisible to the scheduler
 In Proc. of CONCUR’07). To appear
, 2007
"... Abstract. When dealing with process calculi and automata which express both nondeterministic and probabilistic behavior, it is customary to introduce the notion of scheduler to resolve the nondeterminism. It has been observed that for certain applications, notably those in security, the scheduler ne ..."
Abstract

Cited by 22 (9 self)
 Add to MetaCart
(Show Context)
Abstract. When dealing with process calculi and automata which express both nondeterministic and probabilistic behavior, it is customary to introduce the notion of scheduler to resolve the nondeterminism. It has been observed that for certain applications, notably those in security, the scheduler needs to be restricted so not to reveal the outcome of the protocol’s random choices, or otherwise the model of adversary would be too strong even for “obviously correct ” protocols. We propose a processalgebraic framework in which the control on the scheduler can be specified in syntactic terms, and we show how to apply it to solve the problem mentioned above. We also consider the definition of (probabilistic) may and must preorders, and we show that they are precongruences with respect to the restricted schedulers. Furthermore, we show that all the operators of the language, except replication, distribute over probabilistic summation, which is a useful property for verification. 1
Symbolic Bisimulations for Probabilistic Systems
"... The paper introduces symbolic bisimulations for a simple probabilistic πcalculus to overcome the infinite branching problem that still exists in checking ground bisimulations between probabilistic systems. Especially the definition of weak (symbolic) bisimulation does not rely on the random capabil ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
The paper introduces symbolic bisimulations for a simple probabilistic πcalculus to overcome the infinite branching problem that still exists in checking ground bisimulations between probabilistic systems. Especially the definition of weak (symbolic) bisimulation does not rely on the random capability of adversaries and suggests a solution to the open problem on the axiomatization for weak bisimulation in the case of unguarded recursion. Furthermore, we present an efficient characterization of symbolic bisimulations for the calculus, which allows the ”onthefly ” instantiation of bound names and dynamic construction of equivalence relations for quantitative evaluation. This directly results in a local decision algorithm that can explore just a minimal portion of the state spaces of the probabilistic processes in question. 1
Unifying Probability with Nondeterminism
 In: FM 2009, LNCS
"... Abstract. Early support for reasoning about probabilistic system behaviour replaced demonic system nondeterminism with probabilism. Only relatively recently have formalisms been studied that combine the two, and hence facilitate reasoning about probabilistic systems at levels of abstraction more ge ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Early support for reasoning about probabilistic system behaviour replaced demonic system nondeterminism with probabilism. Only relatively recently have formalisms been studied that combine the two, and hence facilitate reasoning about probabilistic systems at levels of abstraction more general than code. Such studies have revealed an unsuspected subtlety in the interaction between nondeterministic and probabilistic choices that can be summarised: the demon resolving the demonic choice has memory of all previous state changes, whilst the probabilistic choice is made spontaneously. As a result, assignments to distinct variables need no longer commute! This paper introduces a model with explicit control of the length of the demon's memory. It does so by expanding the standard (initialfinal) state view of computation to incorporate a third state, the 'original' state which checkpoints the most recent nondeterministic choice. That enables a nondeterministic choice to be made on the basis of only certain past probabilistic choices and so facilitates independent nondeterministic combinations to be chosen against just those. Sound laws are presented and used to analyse first an example in which no new behaviour should result, and second one that lies beyond the scope of traditional models.
Model checking the probabilistic πcalculus
 In Proceedings of QEST. IEEE Computer Society
, 2007
"... We present an implementation of model checking for the probabilistic πcalculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile ad ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We present an implementation of model checking for the probabilistic πcalculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile adhoc network protocols and random security protocols. Despite this, no implementation of automated verification exists. Building upon the (nonprobabilistic) πcalculus model checker MMC, we first show an automated procedure for constructing the Markov decision process representing a probabilistic πcalculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Secondly, we demonstrate how for a large class of systems a more efficient, compositional approach can be applied, which uses our extension of MMC on each parallel component of the system and then translates the results into a highlevel model description for the PRISM tool. The feasibility of our techniques is demonstrated through three case studies from the πcalculus literature. 1.
Formal approaches to InformationHiding  A tutorial
, 2007
"... In this survey paper we consider the class of protocols for informationhiding which use randomization to obfuscate the link between the observables and the information to be protected. We focus on the problem of formalizing the notion of information hiding, and verifying that a given protocol achie ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
In this survey paper we consider the class of protocols for informationhiding which use randomization to obfuscate the link between the observables and the information to be protected. We focus on the problem of formalizing the notion of information hiding, and verifying that a given protocol achieves the intended degree of protection. Without the pretense of being omnicomprehensive, we review the main approaches that have been explored in literature: possibilistic, probabilistic, informationtheoretic, and statistical.
Timed, Distributed, Probabilistic, Typed Processes
"... Abstract. This paper studies types and probabilistic bisimulations for a timed πcalculus as an effective tool for a compositional analysis of probabilistic distributed behaviour. The types clarify the role of timers as interface between nonterminating and terminating communication for guaranteeing ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper studies types and probabilistic bisimulations for a timed πcalculus as an effective tool for a compositional analysis of probabilistic distributed behaviour. The types clarify the role of timers as interface between nonterminating and terminating communication for guaranteeing distributed liveness. We add messageloss probabilities to the calculus, and introduce a notion of approximate bisimulation that discards transitions below a certain specified probability threshold. We prove this bisimulation to be a congruence, and use it for deriving quantitative bounds for practical protocols in distributed systems, including timerdriven messageloss recovery and the TwoPhase Commit protocol. 1
C.: HiddenMarkov program algebra with iteration. At arXiv:1102.0333v1
 Mathematical Structures in Computer Science in
, 2012
"... We use Hidden Markov Models to motivate a quantitative compositional semantics for noninterferencebased security with iteration, including a refinement or “implements ” relation that compares two programs with respect to their information leakage; and we propose a program algebra for sourcelev ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
We use Hidden Markov Models to motivate a quantitative compositional semantics for noninterferencebased security with iteration, including a refinement or “implements ” relation that compares two programs with respect to their information leakage; and we propose a program algebra for sourcelevel reasoning about such programs, in particular as a means of establishing that an “implementation ” program leaks no more than its “specification ” program. This joins two themes: we extend our earlier work, having iteration but only qualitative [37], by making it quantitative; and we extend our earlier quantitative work [27] by including iteration. We advocate stepwise refinement and sourcelevel program algebra — both as conceptual reasoning tools and as targets for automated assistance. A selection of algebraic laws is given to support this view in the case of quantitative noninterference; and it is demonstrated on a simple
Under consideration for publication in Formal Aspects of Computing Characterisations of Testing Preorders for a Finite Probabilistic πCalculus
"... Abstract. We consider two characterisations of the may and must testing preorders for a probabilistic extension of the finite πcalculus: one based on notions of probabilistic weak simulations, and the other on a probabilistic extension of a fragment of MilnerParrowWalker modal logic for the πcal ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We consider two characterisations of the may and must testing preorders for a probabilistic extension of the finite πcalculus: one based on notions of probabilistic weak simulations, and the other on a probabilistic extension of a fragment of MilnerParrowWalker modal logic for the πcalculus. We base our notions of simulations on similar concepts used in previous work for probabilistic CSP. However, unlike the case with CSP (or other nonvaluepassing calculi), there are several possible definitions of simulation for the probabilistic πcalculus, which arise from different ways of scoping the name quantification. We show that in order to capture the testing preorders, one needs to use the “earliest ” simulation relation (in analogy to the notion of early (bi)simulation in the nonprobabilistic case). The key ideas in both characterisations are the notion of a “characteristic formula ” of a probabilistic process, and the notion of a “characteristic test ” for a formula. As in an earlier work on testing equivalence for the πcalculus by Boreale and De Nicola, we extend the language of the πcalculus with a mismatch operator, without which the formulation of a characteristic test will not be possible.