Results 11  20
of
64
Symblicit calculation of longrun averages for concurrent probabilistic systems
 In QEST
, 2010
"... Abstract—Model checkers for concurrent probabilistic systems have become very popular within the last decade. The study of longrun average behavior has however received only scant attention in this area, at least from the implementation perspective. This paper studies the problem of how to efficie ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
Abstract—Model checkers for concurrent probabilistic systems have become very popular within the last decade. The study of longrun average behavior has however received only scant attention in this area, at least from the implementation perspective. This paper studies the problem of how to efficiently realize an algorithm for computing optimal longrun average reward values for concurrent probabilistic systems. At its core is a variation of Howard and Veinott’s algorithm for Markov decision processes, where symbolic and nonsymbolic representations are intertwined in an effective manner: the state space is represented using binary decision diagrams, while the linear equation systems which have to be solved for the induced Markov chains to improve the current scheduler are solved using an explicit state representation. In order to keep the latter small, we apply a symbolic bisimulation minimization algorithm to the induced Markov chain. The scheduler improvement step itself is again performed on symbolic data structures. Practical evidence shows that the implementation is effective, and sometimes uses considerably less memory than a fully explicit implementation. I.
Backward bisimulation in Markov chain model checking
 IEEE TSE
, 2006
"... Equivalence relations can be used to reduce the state space of a system model, thereby permitting more efficient analysis. We study backward stochastic bisimulation in the context of model checking continuoustime Markov chains against Continuous Stochastic Logic (CSL) properties. While there are s ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Equivalence relations can be used to reduce the state space of a system model, thereby permitting more efficient analysis. We study backward stochastic bisimulation in the context of model checking continuoustime Markov chains against Continuous Stochastic Logic (CSL) properties. While there are simple CSL properties that are not preserved when reducing the state space of a continuoustime Markov chain using backward stochastic bisimulation, we show that the equivalence can nevertheless be used in the verification of a practically significant class of CSL properties. We consider an extension of these results to Markov reward models and Continuous Stochastic Reward Logic. Furthermore, we identify the logical properties for which the requirement on the equality of statelabeling sets (normally imposed on state equivalences in a modelchecking context) can be omitted from the definition of the equivalence, resulting in a better statespace reduction.
Relative Performance Evaluation and
 Project Selection, 30 JOURNAL OF ACCOUNTING RESEARCH
, 1984
"... This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal noncommercial research and education use, including for instruction at the authors institution and sharing with colleagues. Other uses, including reproduction and distribution, or sel ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal noncommercial research and education use, including for instruction at the authors institution and sharing with colleagues. Other uses, including reproduction and distribution, or selling or licensing copies, or posting to personal, institutional or third party websites are prohibited. In most cases authors are permitted to post their version of the article (e.g. in Word or Tex form) to their personal website or institutional repository. Authors requiring further information regarding Elsevier’s archiving and manuscript policies are encouraged to visit:
Model Checking Meets Performance Evaluation
"... Markov chains are one of the most popular models for the evaluation of performance and dependability of information processing systems. To obtain performance measures, typically longrun or transient state probabilities of Markov chains are determined. Sometimes the Markov chain at hand is equipped ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Markov chains are one of the most popular models for the evaluation of performance and dependability of information processing systems. To obtain performance measures, typically longrun or transient state probabilities of Markov chains are determined. Sometimes the Markov chain at hand is equipped with rewards and computations involve determining longrun or instantaneous reward probabilities.
Fast probabilistic simulation, nontermination, and secure information flow
 IN: PROC. 2007 ACM SIGPLAN WORKSHOP ON PROGRAMMING LANGUAGES AND ANALYSIS FOR SECURITY
, 2007
"... In secure information flow analysis, the classic Denning restrictions allow a program’s termination to be affected by the values of its H variables, resulting in potential information leaks. In an effort to quantify such leaks, in this work we study a simple imperative language with random assignmen ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
In secure information flow analysis, the classic Denning restrictions allow a program’s termination to be affected by the values of its H variables, resulting in potential information leaks. In an effort to quantify such leaks, in this work we study a simple imperative language with random assignments. We consider a “stripping” operation on programs and establish a fundamental relationship between the behavior of a welltyped program and of its stripped version; to prove this relationship, we introduce a new notion of fast probabilistic simulation on Markov chains. As an application, we prove that, under the Denning restrictions, welltyped probabilistic programs are guaranteed to satisfy an approximate probabilistic noninterference property, provided that their probability of nontermination is small.
Deciding simulations on probabilistic automata
 Automated Technology for Verification and Analysis (ATVA), volume 4762 of LNCS
, 2007
"... Abstract. Probabilistic automata are a central model for concurrent systems exhibiting random phenomena. This paper presents, in a uniform setting, ecient decision algorithms for strong simulation on probabilistic automata, but with subtly dierent results. The algorithm for strong probabilistic sim ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Probabilistic automata are a central model for concurrent systems exhibiting random phenomena. This paper presents, in a uniform setting, ecient decision algorithms for strong simulation on probabilistic automata, but with subtly dierent results. The algorithm for strong probabilistic simulation is shown to be of polynomial complexity via a reduction to LP problem, while the algorithm for strong simulation has complexity O(m2n). The former relation allows for convex combinations of transitions in the denition and is thus less discriminative than the latter. As a byproduct, we obtain minimisation algorithms with respect to strong simulation equivalences and { for Markov decision processes { also to strong bisimulation equivalences. When extending these algorithms to the continuoustime setting, we retain same complexities for both strong and strong probabilistic simulations. 1
Uniform Labeled Transition Systems for Nondeterministic, Probabilistic, and Stochastic Processes. In:
 Proc. of the 5th Int. Symp. on Trustworthy Global Computing (TGC 2010), LNCS 6084, Springer,
, 2010
"... Labeled transition systems are typically used to represent the behavior of nondeterministic processes, with labeled transitions defining a onestep statetostate reachability relation. This model has been recently made more general by modifying the transition relation in such a way that it associa ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Labeled transition systems are typically used to represent the behavior of nondeterministic processes, with labeled transitions defining a onestep statetostate reachability relation. This model has been recently made more general by modifying the transition relation in such a way that it associates with any source state and transition label a reachability distribution, i.e., a function mapping each possible target state to a value of some domain that expresses the degree of onestep reachability of that target state. In this extended abstract, we show how the resulting model, called ULTRAS from Uniform Labeled TRAnsition System, can be naturally used to give semantics to a fully nondeterministic, a fully probabilistic, and a fully stochastic variant of a CSPlike process language.
A Companion to Coalgebraic Weak Bisimulation for ActionType Systems
, 2009
"... We propose a coalgebraic definition of weak bisimulation for classes of coalgebras obtained from bifunctors in the category Set. Weak bisimilarity for a system is obtained as strong bisimilarity of a transformed system. The particular transformation consists of two steps: First, the behavior on acti ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
We propose a coalgebraic definition of weak bisimulation for classes of coalgebras obtained from bifunctors in the category Set. Weak bisimilarity for a system is obtained as strong bisimilarity of a transformed system. The particular transformation consists of two steps: First, the behavior on actions is lifted to behavior on finite words. Second, the behavior on finite words is taken modulo the hiding of internal or invisible actions, yielding behavior on equivalence classes of words closed under silent steps. The coalgebraic definition is validated by two correspondence results: one for the classical notion of weak bisimulation of Milner, another for the notion of weak bisimulation for generative probabilistic transition systems as advocated by Baier and Hermanns.
Least upper bounds for probability measures and their applications to abstractions
, 2008
"... Abstraction is a key technique to combat the state space explosion problem in model checking probabilistic systems. In this paper we present new ways to abstract Discrete Time Markov Chains (DTMCs), Markov Decision Processes (MDPs), and Continuous Time Markov Chains (CTMCs). The main advantage of o ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Abstraction is a key technique to combat the state space explosion problem in model checking probabilistic systems. In this paper we present new ways to abstract Discrete Time Markov Chains (DTMCs), Markov Decision Processes (MDPs), and Continuous Time Markov Chains (CTMCs). The main advantage of our abstractions is that they result in abstract models that are purely probabilistic, which maybe more amenable to automatic analysis than models with both nondeterministic and probabilistic steps that typically arise from previously known abstraction techniques. A key technical tool, developed in this paper, is the construction of least upper bounds for any collection of probability measures. This upper bound construction may be of independent interest that could be useful in the abstract interpretation and static analysis of probabilistic programs.
Adversaries and Information Leaks (Tutorial)
"... Abstract. Secure information flow analysis aims to prevent programs from leaking their H (high) inputs to their L (low) outputs. A major challenge in this area is to relax the standard noninterference properties to allow “small ” leaks, while still preserving security. In this tutorial paper, we con ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Secure information flow analysis aims to prevent programs from leaking their H (high) inputs to their L (low) outputs. A major challenge in this area is to relax the standard noninterference properties to allow “small ” leaks, while still preserving security. In this tutorial paper, we consider three instances of this theme. First, we consider a type system that enforces the usual Denning restrictions, except that it specifies that encrypting a H plaintext yields a L ciphertext. We argue that this type system ensures security, assuming strong encryption, by giving a reduction that maps a noninterference adversary (which tries to guess which of two H inputs was used, given the L outputs) to an INDCPA adversary (which tries to guess which of two plaintexts are encrypted, given the ciphertext). Second, we explore termination leaks in probabilistic programs when typed under the Denning restrictions. Using a notion of probabilistic simulation, we show that such programs satisfy an approximate noninterference property, provided that their probability of nontermination is small. Third, we consider quantitative information flow, which aims to measure the amount of information leaked. We argue that the common informationtheoretic measures in the literature are unsuitable, because these measures fail to distinguish between programs that are wildly different from the point of view of an adversary trying to guess the H input. 1