Ron van der Meyden

MCK: Model Checking the Logic of Knowledge

The specification formalism employed in model checking is usually some flavour of temporal or process algebraic language that expresses properties of the behavioural aspects of a system. Knowledge [5] is a modality that is orthogonal to the behavioural dimension, capturing properties of information flow. Logics of knowledge have been shown to be a useful framework for the analysis of distributed algorithms and security protocols, and model checking of these logics was first mooted by Halpern and Vardi [6]. Since that time theoretical aspects of model checking the logic of knowledge and its combinations with temporal logic have been studied [8–10]. The system MCK introduced in this paper implements parts of this theory.

The Complexity of Querying Indefinite Data about Linearly Ordered Domains

In applications dealing with ordered domains, the available data is frequently indefinite. While the domain is actually linearly ordered, only some of the order relations holding between points in the data are known. Thus, the data provides only a partial order, and query answering involves determining what holds under all the compatible linear orders. In this paper we study the complexity of evaluating queries in logical databases containing such indefinite information. We show that in this context queries are intractable even under the data complexity measure, but identify a number of PTIME subproblems. Data complexity in the case of monadic predicates is one of these PTIME cases, but for disjunctive queries the proof is nonconstructive, using well-quasi-order techniques. We also show that the query problem we study is equivalent to the problem of containment of conjunctive relational database queries containing inequalities. One of our result implies that the latter is?p2-complete, solving an open problem of Klug (J. Assoc. Comput. Mach.35, No. 1 (1988), 146?160).

Logical approaches to incomplete information: a survey

The observation that it is frequently impossible to obtain complete information in the context of database applications has motivated a substantial literature seeking to extend the relational model. The paper surveys the literature on the modelling and processing of incomplete information (also known as indefinite information) using tools derived from classical logic and modal logic. The focus of the paper is on models in which query processing is decidable. Theories dealing with the quantification of indefiniteness, such as probabilistic or fuzzy models of uncertainty, are not discussed.

Model checking knowledge and time in systems with perfect recall

This paper studies model checking for the modal logic of knowledge and linear time in distributed systems with perfect recall. It is shown that this problem (1) is undecidable for a language with operators for until and common knowledge, (2) is PSPACE-complete for a language with common knowledge but without until, (3) has nonelementary upper and lower bounds for a language with until but without common knowledge. Model checking bounded knowledge depth formulae of the last of these languages is considered in greater detail, and an automata-theoretic decision procedure is developed for this problem, that yields a more precise complexity characterization.

Complete axiomatizations for reasoning about knowledge and branching time

Sound and complete axiomatizations are provided for a number of different logics involving modalities for the knowledge of multiple agents and operators for branching time, extending previous work of Halpern, van der Meyden and Vardi [to appear, SIAM Journal on Computing] for logics of knowledge and linear time. The paper considers the system constraints of synchrony, perfect recall and unique initial states, which give rise to interaction axioms. The language is based on the temporal logic CTL*, interpreted with respect to a version of the bundle semantics.

Logics for Emerging Applications of Databases

In this era of heterogeneous and distributed data sources, ranging from semistructured documents to knowledge about coordination processes or workflows, logic provides a rich set of tools and techniques with which to address the questions of howto represent, query and reason about complex data. This book provides a state-of-the-art overview of research onthe application of logic-based methods to information systems, covering highly topical and emerging fields: XML programming and querying, intelligent agents, workflow modeling and verification, data integration, temporal and dynamic information, data mining, authorization, and security. It provides both scientists and graduate students with a wealth of material and references for their own research and education.

A logic for SDSI's linked local name spaces

Abadi has introduced a logic to explicate the meaning of local names in SDSI, the Simple Distributed Security Infrastructure proposed by Rivest and Lampson. Abadis logic does not correspond precisely to SDSI, however; it draws conclusions about local names that do not follow from SDSIs name resolution algorithm. Moreover, its semantics is somewhat unintuitive. This paper presents the Logic of Local Name Containment, which does not suffer from these deficiencies. It has a clear semantics and provides a tight characterization of SDSI name resolution. The semantics is shown to be closely related to that of logic programs, leading to an approach to the efficient implementation of queries concerning local names. A complete axiomatization of the logic is also provided.

What, indeed, is intransitive noninterference?

This paper argues that Haigh and Youngs definition of noninterference for intransitive security policies admits information flows that are not in accordance with the intuitions it seeks to formalise. Several alternative definitions are discussed, which are shown to be equivalent to the classical definition of noninterference with respect to transitive policies. Rushbys unwinding conditions for intransitive noninterference are shown to be sound and complete for one of these definitions, TA-security. Access control systems compatible with a policy are shown to be TA-secure, and it is also shown that TA-security implies that the system can be interpreted as an access control system.

Algorithmic Verification of Noninterference Properties

The paper discusses the problem of model checking a number of noninterference properties in finite state systems: Noninterference, Nondeducibility on Inputs, Generalised Noninterference, Forward Correctability and Restrictiveness. The complexity of these problems is characterized, and a number of possible heuristics for optimization of the model checking are discussed.

Knowledge in multiagent systems: initial configurations and broadcast

The semantic framework for the modal logic of knowledge due to Halpern and Moses provides a way to ascribe knowlegde to agents in distributed and multiagent systems. In this paper we study two special cases of this framework: full systems and hypercubes. Both model static situtations in which no agents has any information about another agents state. Full systems and hypercubes are an appropriate model for the initial configurations of many systems of interest. We establish a correspondence between full systems and hypercube systems and certain classes of Kripke frames. We show that these classes of systems correspond to the same logic. Moreover, this logic is also the same as that generated by the larger class of weakly directed frames. We provide a sound and complete axiomatization, S5WDn of this logic, and study its computational complexity. Finally, we show that under certain natural assumptions, in a model where knowledge evolves over time, S5WDn characteristics the properties of knowledge not just at the initial configuration, but also at all later configurations. In this particular, this holds for homogeneous broadcast systems, which capture settings in which agents are intially ignorant of each others local states, operate synchronously, have perfect recall, and can communicate only by broadcasting.