Results 1  10
of
20
A Process Calculus for Mobile Ad Hoc Networks
"... Abstract. We present the ωcalculus, a process calculus for formally modeling and reasoning about Mobile Ad Hoc Wireless Networks (MANETs) and their protocols. The ωcalculus naturally captures essential characteristics of MANETs, including the ability of a MANET node to broadcast a message to any o ..."
Abstract

Cited by 38 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present the ωcalculus, a process calculus for formally modeling and reasoning about Mobile Ad Hoc Wireless Networks (MANETs) and their protocols. The ωcalculus naturally captures essential characteristics of MANETs, including the ability of a MANET node to broadcast a message to any other node within its physical transmission range (and no others), and to move in and out of the transmission range of other nodes in the network. A key feature of the ωcalculus is the separation of a node’s communication and computational behavior, described by an ωprocess, from the description of its physical transmission range, referred to as an ωprocess interface. Our main technical results are as follows. We give a formal operational semantics of the ωcalculus in terms of labeled transition systems and show that the state reachability problem is decidable for finitecontrol ωprocesses. We also prove that the ωcalculus is a conservative extension of the πcalculus, and that late bisimulation (appropriately lifted from the πcalculus to the ωcalculus) is a congruence. Congruence results are also established for a weak version of late bisimulation, which abstracts away from two types of internal actions: τactions, as in the πcalculus, and µactions, signaling node movement. Finally, we illustrate the practical utility of the calculus by developing and analyzing a formal model of a leaderelection protocol for MANETs. 1
Behavioral Automata Composition for Automatic Topology Independent Verification of Parameterized Systems
"... Verifying correctness properties of parameterized systems is a longstanding problem. The challenge lies in the lack of guarantee that the property is satisfied for all instances of the parameterized system. Existing work on addressing this challenge aims to reduce this problem to checking the prope ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
Verifying correctness properties of parameterized systems is a longstanding problem. The challenge lies in the lack of guarantee that the property is satisfied for all instances of the parameterized system. Existing work on addressing this challenge aims to reduce this problem to checking the properties on smaller systems with a bound on the parameter referred to as the cutoff. A property satisfied on the system with the cutoff ensures that it is satisfied for systems with any larger parameter. The major problem with these techniques is that they only work for certain classes of systems with a specific communication topology such as ring topology, thus leaving other interesting classes of systems unverified. We contribute an automated technique for finding the cutoff of the parameterized system that works for systems defined with any topology. Given the specification and the topology of the system, our technique is able to automatically generate the cutoff specific to this system. We prove the soundness of our technique and demonstrate its effectiveness and practicality by applying it to several canonical examples where in some cases, our technique obtains smaller cutoff values than those presented in the existing literature.
Automating Cutoff for Multiparameterized Systems
, 2010
"... Verifying that a parameterized system satisfies certain desired properties amounts to verifying an infinite family of the system instances. This problem is undecidable in general, and as such a number of sound and incomplete techniques have been proposed to address it. Existing techniques typically ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Verifying that a parameterized system satisfies certain desired properties amounts to verifying an infinite family of the system instances. This problem is undecidable in general, and as such a number of sound and incomplete techniques have been proposed to address it. Existing techniques typically focus on parameterized systems with a single parameter, (i.e., on systems where the number of processes of exactly one type is dependent on the parameter); however, many systems in practice are multiparameterized, where multiple parameters are used to specify the number of different types of processes in the system. In this work, we present an automatic verification technique for multiparameterized systems, prove its soundness and show that it can be applied to systems irrespective of their communication topology. We present a prototype realization of our technique in our tool Golok, and demonstrate its practical applicability using a number of multiparameterized systems.
Quotientbased Control Synthesis for NonDeterministic Plants with MuCalculus Specifications
 In 45th IEEE Conference on Decision and Control
, 2006
"... Abstract — We study the control of a nondeterministic discrete event system (DES) subject to a control specification expressed in the propositional mucalculus, under complete observation of events. Given a plant automaton model and a mucalculus specification we provide a set of rules that computes ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract — We study the control of a nondeterministic discrete event system (DES) subject to a control specification expressed in the propositional mucalculus, under complete observation of events. Given a plant automaton model and a mucalculus specification we provide a set of rules that computes the “quotient” of the specification against the plant, which is another mucalculus formula such that a supervisor exists if and only if the quotiented formula is satisfiable. Thus the control problem is reduced to one of mucalculus satisfiability. We also present a tableaubased satisfiability solving algorithm that identifies a model for the quotiented formula. The resulting model serves as a supervisor. The complexity of supervisor existence verification as well as model synthesis is single exponential in the size of the plant as well as the size of the specification formula. I.
Security properties of selfsimilar uniformly parameterised systems of cooperations
 in Parallel, Distributed and NetworkBased Processing (PDP), 2011 19th Euromicro International Conference on, 2011
"... AbstractUniform parameterisations of cooperations are defined in terms of formal language theory, such that each pair of partners cooperates in the same manner, and that the mechanism (schedule) to determine how one partner may be involved in several cooperations, is the same for each partner. Gen ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
AbstractUniform parameterisations of cooperations are defined in terms of formal language theory, such that each pair of partners cooperates in the same manner, and that the mechanism (schedule) to determine how one partner may be involved in several cooperations, is the same for each partner. Generalising each pair of partners cooperating in the same manner, for such systems of cooperations a kind of selfsimilarity is formalised. From an abstracting point of view, where only actions of some selected partners are considered, the complex system of all partners behaves like the smaller subsystem of the selected partners. For verification purposes, so called uniformly parameterised safety properties are defined. Such properties can be used to express privacy policies as well as security and dependability requirements. It is shown, how the parameterised problem of verifying such a property is reduced by selfsimilarity to a finite state problem. Keywordscooperations as prefix closed languages; abstractions of system behaviour; selfsimilarity in systems of cooperations; privacy policies; uniformly parameterised safety properties;
Partial Model Checking using Networks of Labelled Transition Systems and Boolean Equation Systems
, 2013
"... Partial model checking was proposed by Andersen in 1995 to verify a temporal logic formula compositionally on a composition of processes. It consists in incrementally incorporating into the formula the behavioural information taken from one process — an operation called quotienting — to obtain a n ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Partial model checking was proposed by Andersen in 1995 to verify a temporal logic formula compositionally on a composition of processes. It consists in incrementally incorporating into the formula the behavioural information taken from one process — an operation called quotienting — to obtain a new formula that can be verified on a smaller composition from which the incorporated process has been removed. Simplifications of the formula must be applied at each step, so as to maintain the formula at a tractable size. In this paper, we revisit partial model checking. First, we extend quotienting to the network of labelled transition systems model, which subsumes most parallel composition operators, including mamongn synchronisation and parallel composition using synchronisation interfaces, available in the ELotos standard. Second, we reformulate quotienting in terms of a simple synchronous product between a graph representation of the formula (called formula graph) and a process, thus enabling quotienting to be implemented efficiently and easily, by reusing existing tools dedicated to graph compositions. Third, we propose simplifications of the formula as a combination of bisimulations and reductions using Boolean equation systems applied directly to the formula graph, thus enabling formula simplifications also to be implemented efficiently. Finally, we describe an implementation in the Cadp (Construction and Analysis of Distributed Processes) toolbox and present some experimental results in which partial model checking uses hundreds of times less memory than onthefly model checking.
Model Checking of ControlUser ComponentBased Parametrised Systems
"... Abstract. Many real componentbased systems, so called ControlUser systems, are composed of a stable part (control component) and a number of dynamic components of the same type (user components). Models of these systems are parametrised by the number of user components and thus potentially infinit ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Many real componentbased systems, so called ControlUser systems, are composed of a stable part (control component) and a number of dynamic components of the same type (user components). Models of these systems are parametrised by the number of user components and thus potentially infinite. Model checking techniques can be used to verify only specific instances of the systems. This paper presents an algorithmic technique for verification of safety interaction properties of ControlUser systems. The core of our verification method is a computation of a cutoff. If the system is proved to be correct for every number of user components lower than the cutoff then it is correct for any number of users. We present an onthefly model checking algorithm which integrates computation of a cutoff with the verification itself. Symmetry reduction can be applied during the verification to tackle the state explosion of the model. Applying the algorithm we verify models of several previously published componentbased systems. 1
Abstraction Based Verification of a Parameterised Policy Controlled System
"... Abstract. Safety critical and business critical systems are usually controlled by policies with the objective to guarantee a variety of safety, liveness and security properties. Traditional model checking techniques allow a verification of the required behaviour only for systems with very few compon ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Safety critical and business critical systems are usually controlled by policies with the objective to guarantee a variety of safety, liveness and security properties. Traditional model checking techniques allow a verification of the required behaviour only for systems with very few components. To be able to verify entire families of systems, independent of the exact number of replicated components, we developed an abstraction based approach to extend our current tool supported verification techniques to such families of systems that are usually parameterised by a number of replicated identical components. We demonstrate our technique by an exemplary verification of security and liveness properties of a simple parameterised collaboration scenario. Verification results for configurations with fixed numbers of components are used to choose an appropriate property preserving abstraction that provides the basis for an inductive proof that generalises the results for a family of systems with arbitrary settings of parameters. Key words: Formal analysis of security and liveness properties, security modelling and simulation, security policies, parameterised models. 1
Quotientbased Control Synthesis for Partially Observed NonDeterministic Plants with MuCalculus Specifications
"... Abstract — We study the control of a nondeterministic plant subject to a specification expressed in the propositional µcalculus under a partial observability of events. We define a function to quotient the specification against the plant resulting in a “quotiented formula ” with the property that a ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract — We study the control of a nondeterministic plant subject to a specification expressed in the propositional µcalculus under a partial observability of events. We define a function to quotient the specification against the plant resulting in a “quotiented formula ” with the property that a supervisor enforcing the desired specification exists if and only if the quotiented formula is satisfiable, and a model witnessing the satisfiability can be used as a supervisor. The quotiented formula belongs to an extended µcalculus, which we call O−µcalculus, where the extension is needed to express the observability constraint that cannot be expressed in the logic of µcalculus. We present the syntax and semantics of O−µcalculus and present a tableaubased satisfiability solving algorithm that also discovers a model for the quotiented formula when one exists. I.
unknown title
, 2008
"... Safety analysis of software product lines using statebased modeling and compositional model checking ..."
Abstract
 Add to MetaCart
Safety analysis of software product lines using statebased modeling and compositional model checking