Results 1  10
of
50
Assumeguarantee verification for probabilistic systems
, 2009
"... Abstract. We present a compositional verification technique for systems that exhibit both probabilistic and nondeterministic behaviour. We adopt an assumeguarantee approach to verification, where both the assumptions made about system components and the guarantees that they provide are regular sa ..."
Abstract

Cited by 41 (15 self)
 Add to MetaCart
(Show Context)
Abstract. We present a compositional verification technique for systems that exhibit both probabilistic and nondeterministic behaviour. We adopt an assumeguarantee approach to verification, where both the assumptions made about system components and the guarantees that they provide are regular safety properties, represented by finite automata. Unlike previous proposals for assumeguarantee reasoning about probabilistic systems, our approach does not require that components interact in a fully synchronous fashion. In addition, the compositional verification method is efficient and fully automated, based on a reduction to the problem of multiobjective probabilistic model checking. We present asymmetric and circular assumeguarantee rules, and show how they can be adapted to form quantitative queries, yielding lower and upper bounds on the actual probabilities that a property is satisfied. Our techniques have been implemented and applied to several large case studies, including instances where conventional probabilistic verification is infeasible. 1
Probabilistic Automata: System Types, Parallel Composition and Comparison
 In Validation of Stochastic Systems: A Guide to Current Research
, 2004
"... We survey various notions of probabilistic automata and probabilistic bisimulation, accumulating in an expressiveness hierarchy of probabilistic system types. The aim of this paper is twofold: On the one hand it provides an overview of existing types of probabilistic systems and, on the other ha ..."
Abstract

Cited by 35 (5 self)
 Add to MetaCart
We survey various notions of probabilistic automata and probabilistic bisimulation, accumulating in an expressiveness hierarchy of probabilistic system types. The aim of this paper is twofold: On the one hand it provides an overview of existing types of probabilistic systems and, on the other hand, it explains the relationship between these models.
Observing Branching Structure through Probabilistic Contexts
 SIAM J. Comput
"... Abstract. Probabilistic automata (PAs) constitute a general framework for modeling and analyzing discrete event systems that exhibit both nondeterministic and probabilistic behavior, such as distributed algorithms and network protocols. The behavior of PAs is commonly defined using schedulers (also ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Probabilistic automata (PAs) constitute a general framework for modeling and analyzing discrete event systems that exhibit both nondeterministic and probabilistic behavior, such as distributed algorithms and network protocols. The behavior of PAs is commonly defined using schedulers (also called adversaries or strategies), which resolve all nondeterministic choices based on past history. From the resulting purely probabilistic structures, trace distributions can be extracted, whose intent is to capture the observable behavior of a PA. However, when PAs are composed via an (asynchronous) parallel composition operator, a global scheduler may establish strong correlations between the behavior of system components and, for example, resolve nondeterministic choices in one PA based on the outcome of probabilistic choices in the other. It is well known that, as a result of this, the (lineartime) trace distribution precongruence is not compositional for PAs. In his 1995 Ph.D. thesis, Segala has shown that the (branchingtime) probabilistic simulation preorder is compositional for PAs. In this paper, we establish that the simulation preorder is, in fact, the coarsest refinement of the trace distribution preorder that is compositional. We prove our characterization result by providing (1) a context of a given PA A, called the tester, which may announce the state of A to the outside world, and (2) a specific global scheduler, called the observer, which ensures that the state information that is announced is actually correct. Now when another PA B is composed with the tester, it may generate the same external behavior as the observer only when it is able to simulate A in the sense that whenever A goes to some state s, B can go to a corresponding state u, from which it may generate the same external behavior. Our result shows that probabilistic contexts together with global schedulers are able to exhibit the branching structure of PAs.
Verifying Randomized Byzantine Agreement
 Proc. Formal Techniques for Networked and Distributed Systems (FORTE’02), volume 2529 of LNCS
, 2002
"... Distributed systems increasingly rely on faulttolerant and secure authorization services. An essential primitive used to implement such services is the Byzantine agreement protocol for achieving agreement among n parties even if t parties (t < n=3) are corrupt and behave maliciously. We desc ..."
Abstract

Cited by 22 (9 self)
 Add to MetaCart
Distributed systems increasingly rely on faulttolerant and secure authorization services. An essential primitive used to implement such services is the Byzantine agreement protocol for achieving agreement among n parties even if t parties (t < n=3) are corrupt and behave maliciously. We describe our experience verifying the randomized protocol ABBA (Asynchronous Binary Byzantine Agreement) of Cachin, Kursawe and Shoup [5], a practical protocol that incorporates modern thresholdcryptographic techniques and forms a core of powerful asynchronous broadcast protocols [4]. The protocol is ecient (runs in constant expected time), optimal (it tolerates the maximum number of corrupted parties) and provably secure (in the random oracle model). We model the protocol in Cadence SMV, replacing the coin tosses with nondeterministic choice, and provide a proof of the protocol correctness for all n under the assumption that the cryptographic primitives are correct.
Making random choices invisible to the scheduler
 In Proc. of CONCUR’07). To appear
, 2007
"... Abstract. When dealing with process calculi and automata which express both nondeterministic and probabilistic behavior, it is customary to introduce the notion of scheduler to resolve the nondeterminism. It has been observed that for certain applications, notably those in security, the scheduler ne ..."
Abstract

Cited by 20 (9 self)
 Add to MetaCart
(Show Context)
Abstract. When dealing with process calculi and automata which express both nondeterministic and probabilistic behavior, it is customary to introduce the notion of scheduler to resolve the nondeterminism. It has been observed that for certain applications, notably those in security, the scheduler needs to be restricted so not to reveal the outcome of the protocol’s random choices, or otherwise the model of adversary would be too strong even for “obviously correct ” protocols. We propose a processalgebraic framework in which the control on the scheduler can be specified in syntactic terms, and we show how to apply it to solve the problem mentioned above. We also consider the definition of (probabilistic) may and must preorders, and we show that they are precongruences with respect to the restricted schedulers. Furthermore, we show that all the operators of the language, except replication, distribute over probabilistic summation, which is a useful property for verification. 1
An Introduction to Probabilistic Automata
 Bulletin of the European Association for Theoretical Computer Science
, 2002
"... This paper provides an elementary introduction to the probabilistic automaton (PA) model, which has been developed by Segala. We describe how distributed systems with discrete probabilities can be modeled and analyzed by means of PAs. We explain how the basic concepts for the analysis of nonproba ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
This paper provides an elementary introduction to the probabilistic automaton (PA) model, which has been developed by Segala. We describe how distributed systems with discrete probabilities can be modeled and analyzed by means of PAs. We explain how the basic concepts for the analysis of nonprobabilistic automata can be extended to probabilistic systems. In particular, we treat the parallel composition operator on PAs, the semantics of a PA as a set of trace distributions, an extension of the PA model with time and simulation relations for PAs. Finally, we give an overview of various other state based models that are used for the analysis of probabilistic systems.
Probability and Nondeterminism in Operational Models of Concurrency
 In Proc. CONCUR, LNCS
, 2006
"... Abstract. We give a brief overview of operational models for concurrent systems that exhibit probabilistic behavior, focussing on the interplay between probability and nondeterminism. Our survey is carried out from the perspective of probabilistic automata, a model originally developed for the analy ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We give a brief overview of operational models for concurrent systems that exhibit probabilistic behavior, focussing on the interplay between probability and nondeterminism. Our survey is carried out from the perspective of probabilistic automata, a model originally developed for the analysis of randomized distributed algorithms. 1
Compositional Verification of Probabilistic Systems using Learning
, 2010
"... Abstract—We present a fully automated technique for compositional verification of probabilistic systems. Our approach builds upon a recently proposed assumeguarantee framework for probabilistic automata, in which assumptions and guarantees are probabilistic safety properties, represented using fi ..."
Abstract

Cited by 18 (8 self)
 Add to MetaCart
(Show Context)
Abstract—We present a fully automated technique for compositional verification of probabilistic systems. Our approach builds upon a recently proposed assumeguarantee framework for probabilistic automata, in which assumptions and guarantees are probabilistic safety properties, represented using finite automata. A limitation of this work is that the assumptions need to be created manually. To overcome this, we propose a novel learning technique based on the L * algorithm, which automatically generates probabilistic assumptions using the results of queries executed by a probabilistic model checker. Learnt assumptions either establish satisfaction of the verification problem or are used to generate a probabilistic counterexample that refutes it. In the case where an assumption cannot be generated, lower and upper bounds on the probability of satisfaction are produced. We illustrate the applicability of the approach on a range of case studies. KeywordsCompositional verification; probabilistic model checking; probabilistic automata; learning. I.
Quantitative model checking revisited: neither decidable nor approximable
 In FORMATS’07, LNCS 4763
, 2007
"... Abstract. Quantitative model checking computes the probability values of a given property quantifying over all possible schedulers. It turns out that maximum and minimum probabilities calculated in such a way are overestimations on models of distributed systems in which components are loosely coup ..."
Abstract

Cited by 16 (10 self)
 Add to MetaCart
(Show Context)
Abstract. Quantitative model checking computes the probability values of a given property quantifying over all possible schedulers. It turns out that maximum and minimum probabilities calculated in such a way are overestimations on models of distributed systems in which components are loosely coupled and share little information with each other (and hence arbitrary schedulers may result too powerful). Therefore, we focus on the quantitative model checking problem restricted to distributed schedulers that are obtained only as a combination of local schedulers (i.e. the schedulers of each component) and show that this problem is undecidable. In fact, we show that there is no algorithm that can compute an approximation to the maximum probability of reaching a state within a given bound when restricted to distributed schedulers. 1
Analysing randomized distributed algorithms
 Validation of Stochastic Systems
, 2004
"... Abstract. Randomization is of paramount importance in practical applications and randomized algorithms are used widely, for example in coordinating distributed computer networks, message routing and cache management. The appeal of randomized algorithms is their simplicity and elegance. However, thi ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Randomization is of paramount importance in practical applications and randomized algorithms are used widely, for example in coordinating distributed computer networks, message routing and cache management. The appeal of randomized algorithms is their simplicity and elegance. However, this comes at a cost: the analysis of such systems become very complex, particularly in the context of distributed computation. This arises through the interplay between probability and nondeterminism. To prove a randomized distributed algorithm correct one usually involves two levels: classical, assertionbased reasoning, and a probabilistic analysis based on a suitable probability space on computations. In this paper we describe a number of approaches which allows us to verify the correctness of randomized distributed algorithms. 1