Ruggero Lanotte

Parametric probabilistic transition systems for system design and analysis

We develop a model of parametric probabilistic transition Systems (PPTSs), where probabilities associated with transitions may be parameters. We show how to find instances of the parameters that satisfy a given property and instances that either maximize or minimize the probability of reaching a certain state. As an application, we model a probabilistic non-repudiation protocol with a PPTS. The theory we develop allows us to find instances that maximize the probability that the protocol ends in a fair state (no participant has an advantage over the others).

Weak bisimulation for probabilistic timed automata and applications to security

We are interested in describing timed systems that exhibit probabilistic behaviors. To this purpose, we define a model of probabilistic timed automata and give a concept of weak bisimulation together with an algorithm to decide it. We use this model for describing and analyzing a probabilistic non-repudiation protocol in a timed setting.

Design and verification of long-running transactions in a timed framework

Long-running transactions consist of tasks which may be executed sequentially and in parallel, may contain subtasks, and may require to be completed before a deadline. These transactions are not atomic and, in case of executions which cannot be completed, a compensation mechanism must be provided. In this paper we develop a model of Communicating Hierarchical Timed Automata suitable to describe the mentioned aspects in a framework where also time is taken into account. We develop the patterns for composing long-running transactions sequentially, in parallel or by nesting. The correct compensation of a composed long-running transaction is preserved by these composition patterns. The automaton-theoretic approach allows the verification of properties by model checking. As a case study, we model and analyse an example of e-commerce application described in terms of long-running transactions.

Probabilistic congruence for semistochastic generative processes

We propose an SOS transition rule format for the generative model of probabilistic processes. Transition rules are partitioned in several strata, giving rise to an ordering relation analogous to those introduced by Ulidowski and Phillips for classic process algebras. Our rule format guarantees that probabilistic bisimulation is a congruence w.r.t. process algebra operations. Moreover, our rule format guarantees that process algebra operations preserve semistochasticity of processes, i.e. the property that the sum of the probability of the moves of any process is either 0 or 1. Finally, we show that most of operations of the probabilistic process algebras studied in the literature are captured by our format, which, therefore, has practical applications.

Probabilistic bisimulation as a congruence

We propose both an SOS transition rule format for the generative model of probabilistic processes, and an SOS transition rule format for the reactive model of the probabilistic processes. Our rule formats guarantee that probabilistic bisimulation is a congruence with respect to process algebra operations. Moreover, our rule format for generative process algebras guarantees that the probability of the moves of a given process, if there are any, sum up to 1, and the rule format for reactive process algebras guarantees that the probability of the moves of a given process labeled with the same action, if there are any, sum up to 1. We show that most operations of the probabilistic process algebras studied in the literature are captured by our formats, which, therefore, have practical applications.

Taylor approximation for hybrid systems

We propose a new approximation technique for Hybrid Automata. Given any Hybrid Automaton H, we call Approx(H,k) the Polynomial Hybrid Automaton obtained by approximating each formula φ in H with the formulae φk obtained by replacing the functions in φ with their Taylor polynomial of degree k. We prove that Approx(H,k) is an over–approximation of H. We study the conditions ensuring that, given any e > 0, some k0 exists such that, for all k>k0, the “distance” between any vector satisfying φk and at least one vector satisfying φ is less than e. We study also conditions ensuring that, given any e > 0, some k0 exists such that, for all k > k0, the “distance” between any configuration reached by Approx(H,k) in n steps and at least one configuration reached by H in n steps is less than e.

Semantic analysis of gossip protocols for wireless sensor networks

Gossip protocols have been proposed as a robust and efficient method for disseminating information throughout large-scale networks. In this paper, we propose a compositional analysis technique to study formal probabilistic models of gossip protocols in the context of wireless sensor networks. We introduce a simple probabilistic timed process calculus for modelling wireless sensor networks. A simulation theory is developed to compare probabilistic protocols that have similar behaviour up to a certain probability. This theory is used to prove a number of algebraic laws which revealed to be very effective to evaluate the performances of gossip networks with and without communication collisions.

Timed cooperating automata

We propose Timed Cooperating Automata (TCAs), an extension of the model Cooperating Automata of Harel and Drusinsky, and we investigate some basic properties. In particular we consider variants of TCAs based on the presence or absence of internal activity, urgency and reactivity, and we compare the expressiveness of these variants with that of the classical model of Timed Automata (TAs) and its extensions with periodic clock constraints and with silent moves. We consider also closure and decidability properties of TCAs and start a study on succinctness of their variants with respect to that of TAs.

Security Policies Enforcement Using Finite Edit Automata

Edit automata have been introduced by J. Ligatti et al. as a model for security enforcement mechanisms which work at run time. In a distributed interacting system, they play a role of monitor that runs in parallel with a target program and transforms its execution sequence into a sequence that obeys the security property. In this paper we characterize security properties which are enforceable by finite edit automata, i.e. edit automata with a finite set of states. We prove that these properties are a sub-class of ~-regular sets. Moreover given an ~-regular set P, one can decide in time O(n^2) whether P is enforceable by a finite edit automaton (where n is the number of states of the finite automaton recognizing P) and we give an algorithm to synthesize the controller.

Formal Models of Timing Attacks on Web Privacy

We model a timing attack on web privacy proposed by Felten and Schneider by using three different approaches: HL-Timed Automata, SMV model checker, and tSPA Process Algebra. Some comparative analysis on the three approaches is derived.