R.S. Lazic. A semantic study of data-independence with applications to the mechanical verification of concurrent systems. Oxford University D.Phil thesis, 1998.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....one that would be found by our model. This is the question we address in the current paper. In the next section, we review the work of [RL02] describing, via an example, how de synchronisation attacks can be discovered automatically; we briefly review the relevant results from data independence [Laz97,Ros97]. In Section 3, we adapt the models, so as to take a slightly di#erent view, while still finding de synchronisation attacks; moreover, we use results from data independence to show that this analysis is complete, in the sense that it is independent of the underlying types of network packets and ....

....of T : such tests could be explicit, for example within if then else constructs, or implicit via synchronisations between parallel components on single elements of T . A process satisfies Norm T if, essentially, it contains no nondeterminism the e#ects of which are not immediately apparent (see [Laz97,Ros97] for a formal definition) The following theorem is from [Laz97,Ros97] Theorem 1. Suppose that Spec and Impl are data independent processes, that both satisfy NoEq T , and that Spec satisfies Norm T . If Spec Impl when T is taken to be of size 2, then Spec Impl for all finite or infinite ....

[Article contains additional citation context not shown here]

Ranko Lazic. A Semantic Study of Data-Independence with Applications to the Mechanical Verification of Concurrent Systems. D.Phil., Oxford University, 1997.

....of T beyond which the answer (positive or negative) to the problem will not vary. If we can verify a system for the threshold size of T , then we will have verified it for all larger values of T . This can be done successfully for a wide range of problems, as is shown, for example, in [Ros98b, Laz99] There are a number of features displayed by security protocol models which could be regarded and thus treated as data independent entities. The main features are the sets of keys and nonces which are represented as parameters of the processes underlying the model. Depending on the protocol, ....

....(P(#(T ) #(1) #(2) traces (P(T , 1, 2) right .1#, traces (P(T , 1, 2) The inequality (3.2) is not satisfied since left . 0# ## ##, #in.0#, #in.0, The PosConjEqT condition PosConjEqT (Positive Conjunctions of Equality Tests) is a condition, derived by Lazic [Laz99] that regains the equality in (3.1) even when noninjective functions are applied to variables in a given program. Definition 3.1 (PosConjEqT) A program P satisfies PosConjEqT precisely when the failure of each equality check E in P results in the process STOP; the result of an equality test ....

[Article contains additional citation context not shown here]

R.S. Lazic. A semantic study of data-independence with applications to the mechanical verification of concurrent systems. D.Phil. thesis, University of Oxford, 1999.

....excellent for finding attacks, but unsatisfactory as a method of proof of correctness. There has been work on getting round this limitation in a variety of related approaches to protocol modelling, for example [7, 9, 13] In our previous papers we showed how techniques based on data independence [4, 11] (where programs treat certain types simply and can be viewed as having these types as parameters) could be used to justify, by means of a single finite FDR check, systems in which the number of agents was unbounded and in which each could undertake an unbounded number of runs of the protocol. ....

R.S. Lazic, A Semantic Study of Data Independence with Applications to Model Checking, Oxford University D.Phil. thesis, 1999.

....Section 6.3.1 above) Future work on the verification of MAFTIA concepts and protocols will undoubtedly require the use of more novel approaches to model checking, such as the use of data independent and inductive reasoning in constructing proofs for systems of arbitrary size. Data Independence [Lazic 1999, Lazic Roscoe 1999] allows us to handle systems parameterised by types, where we might want to establish correctness independently of the size of the types. Structural induction using CSP and FDR [Creese Reed 1999] facilitates proofs independent of network size, for networks constructed from ....

....above) Future work on the verification of MAFTIA concepts and protocols will undoubtedly require the use of more novel approaches to model checking, such as the use of data independent and inductive reasoning in constructing proofs for systems of arbitrary size. Data Independence [Lazic 1999, Lazic Roscoe 1999] allows us to handle systems parameterised by types, where we might want to establish correctness independently of the size of the types. Structural induction using CSP and FDR [Creese Reed 1999] facilitates proofs independent of network size, for networks constructed from identical components. ....

R. S. Lazic, A Semantic Study of Data Independence with Applications to Model Checking, DPhil Thesis, Oxford University, 1999.

....excellent for finding attacks, but unsatisfactory as a method of proof of correctness. There has been work on getting round this limitation in a variety of related approaches to protocol modelling, for example [6, 8, 12] In our previous papers we showed how techniques based on data independence [3, 10] (where programs treat certain types simply and can be viewed as having these types as parameters) could be used to justify, by means of a single finite FDR check, systems in which the number of agents was unbounded and in which each could undertake an unbounded number of runs of the protocol. ....

R.S. Lazic, A Semantic Study of Data Independence with Applications to Model Checking, Oxford University D.Phil. thesis, 1999.

....of a speci cation process (or, put another way, that the implementation meets its spec . CSP FDR is backed by some impressive theoretical results. Arguably the most notable of the more recent theoretical advancements has been in the eld of CSP oriented data independence theory (D.I. [57]. If a model written in FDR s machine readable dialect 2 In the following sections we also refer to processes being interleaved . This means they have no shared events and so cannot communicate with each other and have no memory or state in common. 62 of CSP, CSP m, is to be compileable by ....

R.S. Lazic. A semantic study of data-independence with applications to the mechanical verication of concurrent systems. r.s. lazic. Oxford University D.Phil thesis, 1999.

....separately. Thus if model checking can show that a single address implementation is faithful to a single address specification, we can infer that the interleaved multi address versions will be similarly faithful. The restriction to a storable value space of size two is also tolerable. Lazic [Laz99] has shown that in certain circumstances (satisfied in this case) a successful check for a small finite value space is sufficient to imply the correctness of the system for countably infinite spaces. There remains the restriction to a simple configuration of just one or two caches. Lazic s ....

Ranko Lazic. A Semantic Study of Data Independence with Applications to Model Checking. PhD thesis, Oxford University Computing Laboratory, 1999.

....(alphabets) in the parallel combination can be made implicit to facilitate algebraic manipulation. This results in a process AbsDRB n that is re ned by DRB n . Hence any speci cation that is satis ed by AbsDRB n will also be satis ed by DRB n . The resulting process AbsDRB n is data independent [23, 33] with respect to the messages passed along the channels, and so it will satisfy SpecDRB n if an equivalent system DRB 0 n which ignores the messages passed along its channels satis es SpecDRB n . Such a system is de ned as follows: P i b = left p i P i for 0 6 i 6 n R b = left R ....

R. Lazic. A semantic study of data-independence with applications to the mechanical veri- cation of concurrent systems. PhD thesis, Oxford University, 1997.

....worked around to a remarkable extent. Even so we have reached the stage at which to make major strides forward the approach will need to be complemented by other techniques. Principal amongst these are techniques for exploiting symmetries of the system. Here the recent work of Lazic and Roscoe, [Laz1, Laz2, LR], is highly relevant. Another angle is to incorporate theorem proving techniques. Theorem proving has already been used to a limited sense in justifying some of the simplifying assumptions used in the FDR codings. It would be interesting to more fully integrate a proof assistant with the ....

R S. LAZIC, A Semantic Study of Data-independence with Applications to Mechanical Verification f Concurrent System, Merton College, May 1997, A Dissertation Submitted for the Senior Mathematical Prize.

....to many others in the automated verification community: it seeks to extend the very successful body of work on model checking fixed finite state systems to particular sorts of parameterised and infinite state systems. In this we build on the existing body of work on data independence (for example [11, 5, 7, 9]) whose aim is to prove properties of systems parameterised by one or more data types, on the assumption that these types are treated relatively simply by the program in question. It is obviously desirable to add to the range of operations permitted over these types, and the possibility of using ....

R.S. Lazic, A Semantic Study of Data Independence with Applications to Model Checking, Oxford University D.Phil. thesis, 1999.

No context found.

R.S. Lazic. A semantic study of data-independence with applications to the mechanical verification of concurrent systems. Oxford University D.Phil thesis, 1998.

No context found.

Lazic, R.S. (1999). "A Semantic Study of Data-Independence with Applications to Mechanical Verification of Concurrent Systems", Oxford University D.Phil. thesis.

No context found.

Lazic, R.S. (1997). "A Semantic Study of Data-Independence with Applications to Mechanical Verification of Concurrent Systems", Technical Report, Merton College, Oxford University, July. Revised version.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC