Results 1 
9 of
9
Probabilistic model checking in practice: Case sudies with PRISM
"... In this paper, we describe some practical applications of probabilistic model checking, a technique for the formal analysis of systems which exhibit stochastic behaviour. We give an overview of a selection of case studies carried out using the probabilistic model checking tool PRISM, demonstrating ..."
Abstract

Cited by 31 (9 self)
 Add to MetaCart
In this paper, we describe some practical applications of probabilistic model checking, a technique for the formal analysis of systems which exhibit stochastic behaviour. We give an overview of a selection of case studies carried out using the probabilistic model checking tool PRISM, demonstrating the wide range of application domains to which these methods are applicable. We also illustrate several benefits of using formal verification techniques to analyse probabilistic systems, including: (i) that they allow a wide range of numerical properties to be computed accurately; and (ii) that they perform a complete and exhaustive analysis enabling, for example, a study of best and worstcase scenarios.
Decidability Results for Parametric Probabilistic Transition Systems with an Application to Security
 In Proc. of SEFM’04, IEEE
, 2004
"... We develop a model of Parametric Probabilistic Transition Systems. In this model probabilities associated with transitions may be parameters, and we show how to find instances of parameters that satisfy a given property and instances that either maximize or minimize the probability of reaching a giv ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
(Show Context)
We develop a model of Parametric Probabilistic Transition Systems. In this model probabilities associated with transitions may be parameters, and we show how to find instances of parameters that satisfy a given property and instances that either maximize or minimize the probability of reaching a given state. We show, as an application, the model of a probabilistic non repudiation protocol. The theory we develop, allows us to find instances that maximize the probability that the protocol ends in a fair state (no participant has an advantage over the others).
Formal analysis of the Kaminsky DNS cachepoisoning attack using probabilistic model checking
 in IEEE Int. Symposium on HighAssurance Systems Engineering (HASE’10
"... Abstract—We use the probabilistic model checker PRISM to formally model and analyze the highly publicized Kaminsky DNS cachepoisoning attack. DNS (Domain Name System) is an internetwide, hierarchical naming system used to translate domain names such as google.com into physical IP addresses such as ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Abstract—We use the probabilistic model checker PRISM to formally model and analyze the highly publicized Kaminsky DNS cachepoisoning attack. DNS (Domain Name System) is an internetwide, hierarchical naming system used to translate domain names such as google.com into physical IP addresses such as 208.77.188.166. The Kaminsky DNS attack is a recently discovered vulnerability in DNS that allows an intruder to hijack a domain; i.e. corrupt a DNS server so that it replies with the IP address of a malicious web server when asked to resolve URLs within a nonmalicious domain such as google.com. A proposed fix for the attack is based on the idea of randomizing the source port a DNS server uses when issuing a query to another server in the DNS hierarchy. We use PRISM to introduce a Continuous Time Markov Chain representation of the Kaminsky attack and the proposed fix, and to perform the required probabilistic model checking. Our results, gleaned from more than 240 PRISM runs, formally validate the existence of the Kaminsky cachepoisoning attack even in the presence of an intruder with virtually no knowledge of the victim DNS server’s actions. They also serve to quantify the effectiveness of the proposed fix: using nonlinear leastsquares curve fitting, we show that the probability of a successful attack obeys a 1/N distribution, where N is the upper limit on the range of sourceport ids. We also demonstrate an increasing attack probability with an increasing number of attempted attacks or increasing rate at which the intruder guesses the sourceport id.
Fairness Analysis for Multiparty Nonrepudiation Protocols Based on Improved Strand Space
"... Aimed at the problem of the fairness analysis for multiparty nonrepudiation protocols, a new formal analysis method based on improved strand space is presented. Based on the strand space theory, signature operation is added; the set of terms, the subterm relation and the set of penetrator traces ar ..."
Abstract
 Add to MetaCart
(Show Context)
Aimed at the problem of the fairness analysis for multiparty nonrepudiation protocols, a new formal analysis method based on improved strand space is presented. Based on the strand space theory, signature operation is added; the set of terms, the subterm relation and the set of penetrator traces are redefined and the assumption of free encryption is extended in the new method. The formal definition of fairness in multiparty nonrepudiation protocols is given and the guideline to verify it based on improved strand space is presented. Finally, the fairness of multiparty nonrepudiation protocols is verified with an example of KremerMarkowitch protocol, which indicates that the new method is suitable for analyzing the fairness of multiparty nonrepudiation protocols.
Quantitative Analysis of a Probabilistic NonRepudiation Protocol through Model Checking
"... Abstract. In the probabilistic nonrepudiation protocol without a trusted third party as presented in [5], the recipient of a service can cheat the originator of the service with some probability. This probability indicates the degree of fairness of the protocol and is referred as ɛfairness. In thi ..."
Abstract
 Add to MetaCart
Abstract. In the probabilistic nonrepudiation protocol without a trusted third party as presented in [5], the recipient of a service can cheat the originator of the service with some probability. This probability indicates the degree of fairness of the protocol and is referred as ɛfairness. In this paper, we analyze the protocol quantitatively through probabilistic model checking. The ɛfairness is quantitatively measured by modeling the protocol in PRISM model checker and verifying appropriate property specified in PCTL. Moreover, our analysis gives proper insight to choose proper values for different parameters associated with the protocol in such a way that certain degree of fairness can be achieved and therefore answers the reverse question, given the degree of fairness ɛ, how should one choose the protocol parameters to ensure fairness. 1
Under consideration for publication in Formal Aspects of Computing Parametric Probabilistic Transition Systems for System Design and Analysis 1
"... Abstract. We develop a model of Parametric Probabilistic Transition Systems, where probabilities associated with transitions may be parameters. We show how to find instances of the parameters that satisfy a given property and instances that either maximize or minimize the probability of reaching a c ..."
Abstract
 Add to MetaCart
Abstract. We develop a model of Parametric Probabilistic Transition Systems, where probabilities associated with transitions may be parameters. We show how to find instances of the parameters that satisfy a given property and instances that either maximize or minimize the probability of reaching a certain state. As an application, we model a probabilistic non–repudiation protocol with a Parametric Probabilistic Transition System. The theory we develop allows us to find instances that maximize the probability that the protocol ends in a fair state (no participant has an advantage over the others).
Andrea MaggioloSchettini and Angelo TroinaDipartimento di Informatica Universit`a di Pisa
"... ..."
(Show Context)
Verification and Control of Partially Observable Probabilistic RealTime Systems
"... Abstract. We propose automated techniques for the verification and control of probabilistic realtime systems that are only partially observable. To formally model such systems, we define an extension of probabilistic timed automata in which local states are partially visible to an observer or con ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We propose automated techniques for the verification and control of probabilistic realtime systems that are only partially observable. To formally model such systems, we define an extension of probabilistic timed automata in which local states are partially visible to an observer or controller. We give a probabilistic temporal logic that can express a range of quantitative properties of these models, relating to the probability of an event’s occurrence or the expected value of a reward measure. We then propose techniques to either verify that such a property holds or to synthesise a controller for the model which makes it true. Our approach is based on an integer discretisation of the model’s densetime behaviour and a gridbased abstraction of the uncountable belief space induced by partial observability. The latter is necessarily approximate since the underlying problem is undecidable, however we show how both lower and upper bounds on numerical results can be generated. We illustrate the effectiveness of the approach by implementing it in the PRISM model checker and applying it to several case studies, from the domains of computer security and task scheduling. 1