Ichiro Hasuo

Provable anonymity

This paper provides a formal framework for the analysis of information hiding properties of anonymous communication protocols in terms of epistemic logic.The key ingredient is our notion of observational equivalence, which is based on the cryptographic structure of messages and relations between otherwise random looking messages. Two runs are considered observationally equivalent if a spy cannot discover any meaningful distinction between them.We illustrate our approach by proving sender anonymity and unlinkability for two anonymizing protocols, Onion Routing and Crowds. Moreover, we consider a version of Onion Routing in which we inject a subtle error and show how our framework is capable of capturing this flaw.

Generic forward and backward simulations

The technique of forward/backward simulations has been applied successfully in many distributed and concurrent applications. In this paper, however, we claim that the technique can actually have more genericity and mathematical clarity. We do so by identifying forward/backward simulations as lax/oplax morphisms of coalgebras. Starting from this observation, we present a systematic study of this generic notion of simulations. It is meant to be a generic version of the study by Lynch and Vaandrager, covering both non-deterministic and probabilistic systems. In particular we prove soundness and completeness results with respect to trace inclusion: the proof is by coinduction using the generic theory of traces developed by Jacobs, Sokolova and the author. By suitably instantiating our generic framework, one obtains the appropriate definition of forward/backward simulations for various kinds of systems, for which soundness and completeness come for free.

Generic trace theory

Abstract Trace semantics has been defined for various non-deterministic systems with different input/output types, or with different types of “non-determinism” such as classical non-determinism (with a set of possible choices) vs. probabilistic non-determinism. In this paper we claim that these various forms of “trace semantics” are instances of a single categorical construction, namely coinduction in a Kleisli category. This claim is based on our main technical result that an initial algebra in the category of sets and functions yields a final coalgebra in the Kleisli category, for monads with a suitable order structure. The proof relies on coincidence of limits and colimits, like in the work of Smyth and Plotkin.

Context-free languages via coalgebraic trace semantics

We show that, for functors with suitable mild restrictions, the initial algebra in the category of sets and functions gives rise to the final coalgebra in the (Kleisli) category of sets and relations. The finality principle thus obtained leads to the finite trace semantics of non-deterministic systems, which extends the trace semantics for coalgebras previously introduced by the second author. We demonstrate the use of our technical result by giving the first coalgebraic account on context-free grammars, where we obtain generated context-free languages via the finite trace semantics. Additionally, the constructions of both finite and possibly infinite parse trees are shown to be monads. Hence our extension of the application domain of coalgebras identifies several new mathematical constructions and structures.

Time Robustness in MTL and Expressivity in Hybrid System Falsification

Building on the work by Fainekos and Pappas and the one by Donze and Maler, we introduce \(\mathbf{AvSTL }\), an extension of metric interval temporal logic by averaged temporal operators. Its expressivity in capturing both space and time robustness helps solving falsification problems (searching for a critical path in hybrid system models); it does so by communicating a designer’s intention more faithfully to the stochastic optimization engine employed in a falsification solver. We also introduce a sliding window-like algorithm that keeps the cost of computing truth/robustness values tractable.

Categorical semantics for arrows

Arrows are an extension of the well-established notion of a monad in functional-programming languages. This paper presents several examples and constructions and develops denotational semantics of arrows as monoids in categories of bifunctors Cop × C → C. Observing similarities to monads – which are monoids in categories of endofunctors C → C – it then considers Eilenberg–Moore and Kleisli constructions for arrows. The latter yields Freyd categories, mathematically formulating the folklore claim ‘Arrows are Freyd categories.’

Probabilistic anonymity via coalgebraic simulations

There is a growing concern on anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. Especially, importance of probabilistic aspect of anonymity is claimed recently by many authors. Among them are Bhargava and Palamidessi who present the definition of probabilistic anonymity for which, however, proof methods are not yet elaborated. In this paper we introduce a simulation-based proof method for probabilistic anonymity. It is a probabilistic adaptation of the method by Kawabe et al. for non-deterministic anonymity: anonymity of a protocol is proved by finding out a forward/backward simulation between certain automata. For the jump from non-determinism to probability we fully exploit a generic, coalgebraic theory of traces and simulations developed by Hasuo and others. In particular, an appropriate notion of probabilistic simulations is obtained by instantiating a generic definition with suitable parameters.

Exercises in nonstandard static analysis of hybrid systems

In formal verification of hybrid systems, a big challenge is to incorporate continuous flow dynamics in a discrete framework. Our previous work proposed to use nonstandard analysis (NSA) as a vehicle from discrete to hybrid; and to verify hybrid systems using a Hoare logic. In this paper we aim to exemplify the potential of our approach, through transferring static analysis techniques to hybrid applications. The transfer is routine via the transfer principle in NSA. The techniques are implemented in our prototype automatic precondition generator.

Semantics and logic for security protocols

This paper presents a sound BAN-like logic for reasoning about security protocols with theorem prover support. The logic has formulas for sending and receiving messages (with nonces, public and private encryptions, etc.), and has both temporal and epistemic operators (describing the knowledge of participants). The logics semantics is based on strand spaces. Several (secrecy or authentication) formulas are proven in general and are applied to the Needham-Schroeder(-Lowe), bilateral key exchange and the Otway-Rees protocols, as illustrations.

Hyperstream processing systems: nonstandard modeling of continuous-time signals

We exploit the apparent similarity between (discrete-time) stream processing and (continuous-time) signal processing and transfer a deductive verification framework from the former to the latter. Our development is based on rigorous semantics that relies on nonstandard analysis (NSA). Specifically, we start with a discrete framework consisting of a Lustre-like stream processing language, its Kahn-style fixed point semantics, and a program logic (in the form of a type system) for partial correctness guarantees. This stream framework is transferred as it is to one for hyperstreams---streams of streams, that typically arise from sampling (continuous-time) signals with progressively smaller intervals---via the logical infrastructure of NSA. Under a certain continuity assumption we identify hyperstreams with signals; our final outcome thus obtained is a deductive verification framework of signals. In it one verifies properties of signals using the (conventionally discrete) proof principles, like fixed point induction.