Yoshinobu Kawabe

Probabilistic anonymity via coalgebraic simulations

There is a growing concern on anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. Especially, importance of probabilistic aspect of anonymity is claimed recently by many authors. Among them are Bhargava and Palamidessi who present the definition of probabilistic anonymity for which, however, proof methods are not yet elaborated. In this paper we introduce a simulation-based proof method for probabilistic anonymity. It is a probabilistic adaptation of the method by Kawabe et al. for non-deterministic anonymity: anonymity of a protocol is proved by finding out a forward/backward simulation between certain automata. For the jump from non-determinism to probability we fully exploit a generic, coalgebraic theory of traces and simulations developed by Hasuo and others. In particular, an appropriate notion of probabilistic simulations is obtained by instantiating a generic definition with suitable parameters.

Role Interchange for Anonymity and Privacy of Voting

We propose a new information-hiding property called role interchangeability for the verification of the anonymity and privacy of security protocols. First, we formally specify the new property in multi-agent systems, and describe its relationship with known anonymity properties that are also defined in multi-agent systems. Moreover, we define privacy in a way that is symmetric with anonymity, and show that exploiting this symmetry is useful for deriving anonymity and privacy from role interchangeability. Next, we show a way of verifying the new property. We show that role interchangeability in a multiagent system is characterized by the existence of role-interchange functions on the set of traces corresponding to the system. In addition, a simulation proof method is presented to prove the existence of the functions for a protocol described as an automaton. Finally, as a case study, we apply our method to the formal verification of the FOO electronic voting protocol.

On Backward-Style Anonymity Verification

Many Internet services and protocols should guarantee anonymity; for example, an electronic voting system should guarantee to prevent the disclosure of who voted for which candidate. To prove trace anonymity, which is an extension of the formulation of anonymity by Schneider and Sidiropoulos, this paper presents an inductive method based on backward anonymous simulations. We show that the existence of an image-finite backward anonymous simulation implies trace anonymity. We also demonstrate the anonymity verification of an e-voting protocol (the FOO protocol) with our backward anonymous simulation technique. When proving the trace anonymity, this paper employs a computer-assisted verification tool based on a theorem prover.

The Nepi2 Programming System: A pi-Calculus-Based Approach to Agent-Based Programming

We introduce a programming system Nepi2, which is based on a process algebraic framework called the π-calculus. The Nepi2 system supports programmers who wish to construct communicating software or agents. In this paper, we demonstrate programming in Nepi2. First, we write a metacircular interpreter, which enables the construction of a mobile agent framework. We then construct an entity for mobile agent systems, which is called a place agent. Finally, we give an example concerning an electronic marketplace.

The Nepi network programming system: a programming environment for distributed systems

The /spl pi/-calculus is a formal system to analyze distributed systems. This work provides a /spl pi/-calculus-based network programming system Nepi, which enables us to execute a formula of the /spl pi/-calculus as a real communicating program in a network. After introducing the Nepi language and its implementation, we show a programming example in Nepi. We also discuss an efficient programming style of Nepi and applicability of Nepi to symmetric systems.

An Adversary Model for Simulation-Based Anonymity Proof

The use of a formal method is a promising approach to developing reliable computer programs. This paper presents a formal method for anonymity, which is an important security property of communication protocols with regard to a users identity. When verifying the anonymity of security protocols, we need to consider the presence of adversaries. To formalize stronger adversaries, we introduce an adversary model for simulation-based anonymity proof. This paper also demonstrates the formal verification of a communication protocol. We employ Crowds, which is an implementation of an anonymous router, and verify its anonymity. After describing Crowds in a formal specification language, we prove its anonymity with a theorem prover.

A Formal Approach to Designing Anonymous Software

Many Internet services and protocols should guarantee anonymity; for example, an electronic voting system should guarantee to prevent the disclosure of who voted for which candidate. However, a methodology for designing software that preserves anonymity has not yet been established. In the field of software engineering, it is well known that software correctness can be verified with a formal method. Following the formal method approach, this paper introduces an anonymity proof technique. By finding a condition called an anonymous simulation, we prove the anonymity of communication software. Our approach can deal with both eavesdroppers and stronger adversaries. This paper also demonstrates a formal verification of communication software. We employ Crowds, which is an implementation of an anonymous router, and verify the anonymity. After describing Crowds in a formal specification language, we prove its anonymity with a theorem proven In this verification, we employ a formal verification tool called IOA-Toolkit.

Assessment of BAR: Breakdown Agent Replacement Algorithm for SCRAM

In the Multi-Agent Systems, many agents work together towards achieving a defined goal. As it may be difficult for the agents to work in a dynamic environment, the current concept is trying to focus on the issues of situation where there may be cases of agent breaking down. This algorithm will distinguish and groupify the breakdown agents from the active agents. The authors are focusing on this scenario and replacement of breakdown agents by active agents by implementing the SCRAM-Scalable Collision-avoiding Role Assignment with Minimal-makespan, which has generalized to many Multi-Agent Systems specifically focusing on the collision avoidance among the agents. The authors are trying to address the impact and fate of breakdown agents, which otherwise is not yet addressed in SCRAM, through a new algorithm. This paper is designed to allow the generalization of the concept of SCRAM without any collision and disturbances even in the case of agent breakdown.

A Algorithm with Expected Value: Path Planning That Avoids Stochastic Traffic Obstacles

We propose an extended algorithm for path planning within environments in which there are stochastic traffic obstacles. Related works on path planning (e.g., works employing the A* algorithm) have not considered traffic obstacles but how quickly the optimal path is found. Our algorithm improves on the A* algorithm by considering probabilities of traffic obstacles and difficulty levels in taking detours within the post-disaster environment. The proposed algorithm appends expected values of passing probabilities to h(v) of the A* algorithm. We also perform evaluation experiments using real map data, and compare the performance of our algorithm with that of the A* algorithm in a Welchs t-test. The comparison reveals that agents of our algorithm can travel more quickly than those of the A* algorithm in the environment where some roads are blocked by liquefaction and traffic obstacles, and as quickly as those of the A* algorithm in the environment where there is rarely liquefaction or traffic obstacles.

On embedded programming education with a tiny Lisp

In this study, we propose a tiny Lisp system that runs on an embedded education board. Before learning embedded programming with C, students used a Lisp system in order to get used to the control of the devices on the hardware. Through a three-week class, novice students was able to write programs such as a roulette game and a robot arm controller.