姜励,平玲娣,陈小平,潘雪增,李善平

DOI: https://doi.org/10.3785/j.issn.1008-973x.2008.12.010

2008-01-01

Abstract:The concept of trust domain was introduced into probabilistic secure process algebra(PSPA),and the intransitive noninterference information flow security model was extended to probabilistic systems to implement many important security policies such as secure downgrading of probabilistic information and channel control.Intransitive probabilistic information flow security properties were analyzed based on the probabilistic weak bisimulation equivalence.Intransitive bisimulation strong probabilistic noninterference(I_BSPNI) and intransitive probabilistic bisimulation-based nondeducibility on composition(I_PBNDC) were presented.To expose the potential secure problem that I_PBNDC cannot discover in dynamic context,the persistent I_PBNDC property was proposed,which required that every reachable state of the system must satisfy I_PBNDC.The properties like bisimulation-based nondeducibility on composition are difficult to prove.To overcome this shortcoming,strong I_PBNDC property was defined in terms of unwinding conditions demanding properties of individual actions.Finally,the relations between these properties were given and proved.

Lu Yang,Naijun Zhan,Bican Xia,Chaochen Zhou

DOI: https://doi.org/10.1007/978-3-540-69149-5_58

2008-01-01

Abstract:Recent advances in program verification indicate that various verification problems can be reduced to semi-algebraic system (SAS for short) solving. An SAS consists of polynomial equations and polynomial inequalities. Algorithms for quantifier elimination of real closed fields are the general method for those problems. But the general method usually has low efficiency for specific problems. To overcome the bottleneck of program verification with a symbolic approach, one has to combine special techniques with the general method. Based on the work of complete discrimination systems of polynomials [33,31],, we invented new theories and algorithms [32,30,35] for SAS solving and partly implemented them as a real symbolic computation tool in Maple named DISCOVERER. In this paper, we first summarize the results that we have done so far both on SAS-solving and program verification with DISCOVERER, and then discuss the future work in this direction, including SAS-solving itself, termination analysis and invariant generation of programs, and reachability computation of hybrid systems etc.

Marius Bozga,Radu Iosif,Joseph Sifakis

DOI: https://doi.org/10.48550/arXiv.1902.02696

2019-02-07

Abstract:We consider concurrent systems consisting of a finite but unknown number of components, that are replicated instances of a given set of finite state automata. The components communicate by executing interactions which are simultaneous atomic state changes of a set of components. We specify both the type of interactions (e.g.\ rendez-vous, broadcast) and the topology (i.e.\ architecture) of the system (e.g.\ pipeline, ring) via a decidable interaction logic, which is embedded in the classical weak sequential calculus of one successor (WS1S). Proving correctness of such system for safety properties, such as deadlock freedom or mutual exclusion, requires the inference of an inductive invariant that subsumes the set of reachable states and avoids the unsafe states. Our method synthesizes such invariants directly from the formula describing the interactions, without costly fixed point iterations. We applied our technique to the verification of several textbook examples, such as dining philosophers, mutual exclusion protocols and concurrent systems with preemption and priorities.

Formal Languages and Automata Theory

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Ali Salamati,Abolfazl Lavaei,Sadegh Soudjani,Majid Zamani

2023-09-10

Abstract:In this work, we study verification and synthesis problems for safety specifications over unknown discrete-time stochastic systems. When a model of the system is available, barrier certificates have been successfully applied for ensuring the satisfaction of safety specifications. In this work, we formulate the computation of barrier certificates as a robust convex program (RCP). Solving the acquired RCP is hard in general because the model of the system that appears in one of the constraints of the RCP is unknown. We propose a data-driven approach that replaces the uncountable number of constraints in the RCP with a finite number of constraints by taking finitely many random samples from the trajectories of the system. We thus replace the original RCP with a scenario convex program (SCP) and show how to relate their optimizers. We guarantee that the solution of the SCP is a solution of the RCP with a priori guaranteed confidence when the number of samples is larger than a pre-computed value. This provides a lower bound on the safety probability of the original unknown system together with a controller in the case of synthesis. We also discuss an extension of our verification approach to a case where the associated robust program is non-convex and show how a similar methodology can be applied. Finally, the applicability of our proposed approach is illustrated through three case studies.

Systems and Control

Zhengyu Li,Curtis Bright,Vijay Ganesh

2024-04-10

Abstract:One of the fundamental results in quantum foundations is the Kochen-Specker (KS) theorem, which states that any theory whose predictions agree with quantum mechanics must be contextual, i.e., a quantum observation cannot be understood as revealing a pre-existing value. The theorem hinges on the existence of a mathematical object called a KS vector system. While many KS vector systems are known, the problem of finding the minimum KS vector system in three dimensions (3D) has remained stubbornly open for over 55 years. To address the minimum KS problem, we present a new verifiable proof-producing method based on a combination of a Boolean satisfiability (SAT) solver and a computer algebra system (CAS) that uses an isomorph-free orderly generation technique that is very effective in pruning away large parts of the search space. Our method shows that a KS system in 3D must contain at least 24 vectors. We show that our sequential and parallel Cube-and-Conquer (CnC) SAT+CAS methods are significantly faster than SAT-only, CAS-only, and a prior CAS-based method of Uijlen and Westerbaan. Further, while our parallel pipeline is somewhat slower than the parallel CnC version of the recently introduced Satisfiability Modulo Theories (SMS) method, this is in part due to the overhead of proof generation. Finally, we provide the first computer-verifiable proof certificate of a lower bound to the KS problem with a size of 40.3 TiB in order 23.

Quantum Physics,Computational Complexity,Combinatorics

Philipp Czerner,Javier Esparza,Valentin Krasotin,Adrian Krauss

2024-10-14

Abstract:Modern SAT or QBF solvers are expected to produce correctness certificates. However, certificates have worst-case exponential size (unless $\textsf{NP}=\textsf{coNP}$), and at recent SAT competitions the largest certificates of unsatisfiability are starting to reach terabyte size. Recently, Couillard, Czerner, Esparza, and Majumdar have suggested to replace certificates with interactive proof systems based on the $\textsf{IP}=\textsf{PSPACE}$ theorem. They have presented an interactive protocol between a prover and a verifier for an extension of QBF. The overall running time of the protocol is linear in the time needed by a standard BDD-based algorithm, and the time invested by the verifier is polynomial in the size of the formula. (So, in particular, the verifier never has to read or process exponentially long certificates). We call such an interactive protocol competitive with the BDD algorithm for solving QBF. While BDD-algorithms are state-of-the-art for certain classes of QBF instances, no modern (UN)SAT solver is based on BDDs. For this reason, we initiate the study of interactive certification for more practical SAT algorithms. In particular, we address the question whether interactive protocols can be competitive with some variant of resolution. We present two contributions. First, we prove a theorem that reduces the problem of finding competitive interactive protocols to finding an arithmetisation of formulas satisfying certain commutativity properties. (Arithmetisation is the fundamental technique underlying the $\textsf{IP}=\textsf{PSPACE}$ theorem.) Then, we apply the theorem to give the first interactive protocol for the Davis-Putnam resolution procedure. We also report on an implementation and give some experimental results.

Logic in Computer Science

Ali Salamati,Abolfazl Lavaei,Sadegh Soudjani,Majid Zamani

DOI: https://doi.org/10.48550/arXiv.2112.12709

2021-12-24

Abstract:In this paper, we propose a data-driven approach to formally verify the safety of (potentially) unknown discrete-time continuous-space stochastic systems. The proposed framework is based on a notion of barrier certificates together with data collected from trajectories of unknown systems. We first reformulate the barrier-based safety verification as a robust convex problem (RCP). Solving the acquired RCP is hard in general because not only the state of the system lives in a continuous set, but also and more problematic, the unknown model appears in one of the constraints of RCP. Instead, we leverage a finite number of data, and accordingly, the RCP is casted as a scenario convex problem (SCP). We then relate the optimizer of the SCP to that of the RCP, and consequently, we provide a safety guarantee over the unknown stochastic system with a priori guaranteed confidence. We apply our approach to an unknown room temperature system by collecting sampled data from trajectories of the system and verify formally that temperature of the room lies in a comfort zone for a finite time horizon with a desired confidence.

Systems and Control

Alwen Tiu,Rajeev Gore

DOI: https://doi.org/10.48550/arXiv.0804.0273

2009-04-06

Abstract:We consider the problem of intruder deduction in security protocol analysis: that is, deciding whether a given message $M$ can be deduced from a set of messages $\Gamma$ under the theory of blind signatures and arbitrary convergent equational theories modulo associativity and commutativity (AC) of certain binary operators. The traditional formulations of intruder deduction are usually given in natural-deduction-like systems and proving decidability requires significant effort in showing that the rules are "local" in some sense. By using the well-known translation between natural deduction and sequent calculus, we recast the intruder deduction problem as proof search in sequent calculus, in which locality is immediate. Using standard proof theoretic methods, such as permutability of rules and cut elimination, we show that the intruder deduction problem can be reduced, in polynomial time, to the elementary deduction problems, which amounts to solving certain equations in the underlying individual equational theories. We further show that this result extends to combinations of disjoint AC-convergent theories whereby the decidability of intruder deduction under the combined theory reduces to the decidability of elementary deduction in each constituent theory. Although various researchers have reported similar results for individual cases, our work shows that these results can be obtained using a systematic and uniform methodology based on the sequent calculus.

Logic in Computer Science,Cryptography and Security

Huiyu Tan,Pengfei Gao,Fu Song,Taolue Chen,Zhilin Wu

DOI: https://doi.org/10.46586/tches.v2024.i4.1-39

2024-01-01

Abstract:Fault injection attacks represent a type of active, physical attack against cryptographic circuits. Various countermeasures have been proposed to thwart such attacks, however, the design and implementation of which are intricate, error-prone, and laborious. The current formal fault-resistance verification approaches are limited in efficiency and scalability. In this paper, we formalize the fault-resistance verification problem and show that it is coNP-complete. We then devise a novel approach for encoding the fault-resistance verification problem as the Boolean satisfiability (SAT) problem so that modern off-the-shelf SAT solvers can be utilized. The approach is implemented in an open-source tool FIRMER which is evaluated extensively on realistic cryptographic circuit benchmarks. The experimental results show that FIRMER is able to verify fault-resistance of almost all (72/76) benchmarks in 3 minutes (the other three are verified in 35 minutes and the hardest one is verified in 4 hours). In contrast, the prior approach fails on 31 fault-resistance verification tasks even after 24 hours (per task).

Paul Eichler,Swen Jacobs,Chana Weil-Kennedy

2024-08-12

Abstract:We introduce a new framework for verifying systems with a parametric number of concurrently running processes. The systems we consider are well-structured with respect to a specific well-quasi order. This allows us to decide a wide range of verification problems, including control-state reachability, coverability, and target, in a fixed finite abstraction of the infinite state-space, called a 01-counter system. We show that several systems from the parameterized verification literature fall into this class, including reconfigurable broadcast networks (or systems with lossy broadcast), disjunctive systems, synchronizations and systems with a fixed number of shared finite-domain variables. Our framework provides a simple and unified explanation for the properties of these systems, which have so far been investigated separately. Additionally, it extends and improves on a range of the existing results, and gives rise to other systems with similar properties.

Formal Languages and Automata Theory

Ning Luo,Qiao Xiang,Timos Antonopoulos,Ruzica Piskac,Y. Richard Yang,Franck Le

DOI: https://doi.org/10.48550/arXiv.2202.02729

2022-02-06

Cryptography and Security

Abstract:In an interdomain network, autonomous systems (ASes) often establish peering agreements, so that one AS (agreement consumer) can influence the routing policies of the other AS (agreement provider). Peering agreements are implemented in the BGP configuration of the agreement provider. It is crucial to verify their implementation because one error can lead to disastrous consequences. However, the fundamental challenge for peering agreement verification is how to preserve the privacy of both ASes involved in the agreement. To this end, this paper presents IVeri, the first privacy-preserving interdomain agreement verification system. IVeri models the interdomain agreement verification problem as a SAT formula, and develops a novel, efficient, privacy-serving SAT solver, which uses oblivious shuffling and garbled circuits as the key building blocks to let the agreement consumer and provider collaboratively verify the implementation of interdomain peering agreements without exposing their private information. A prototype of IVeri is implemented and evaluated extensively. Results show that IVeri achieves accurate, privacy-preserving interdomain agreement verification with reasonable overhead.

Pengfei Gao,Fu Song,Taolue Chen

DOI: https://doi.org/10.1145/3622862

IF: 3.685

2023-01-01

ACM Transactions on Software Engineering and Methodology

Abstract:Masking is one of the most effective countermeasures for securely implementing cryptographic algorithms against power side-channel attacks, the design of which however turns out to be intricate and error-prone. While techniques have been proposed to rigorously verify implementations of cryptographic algorithms, currently they are limited in scalability. To address this issue, compositional approaches have been investigated, but insofar they fail to prove the security of recent efficient implementations. To fill this gap, we propose a novel compositional verification approach. In particular, we introduce two new language-level security notions based on which we propose composition strategies and verification algorithms. Our approach is able to prove efficient implementations, which cannot be done by prior compositional approaches. We implement our approach as a tool CONVINCE and conduct extensive experiments to confirm its efficacy. We also use CONVINCE to further explore the design space of the AES Sbox with least refreshing by replacing its implementation for finite-field multiplication with more efficient counterparts. We automatically prove leakage-freeness of these new versions. As a result, we can effectively reduce 1,600 randomness and 3,200 XOR-operations of the state-of-the-art AES implementation.

Xinyu Feng,Zhong Shao,Yu Guo,Yuan Dong

DOI: https://doi.org/10.1007/978-3-540-87873-5_8

2008-01-01

Abstract:A major challenge for verifying completesoftware systems is their complexity. A complete software system consists of program modules that use many language features and span different abstraction levels (e.g. user code and run-time system code). It is extremely difficult to use one verification system (e.g. type system or Hoare-style program logic) to support all these features and abstraction levels. In our previous work, we have developed a new methodology to solve this problem. We apply specialized "domain-specific" verification systems to verify individual program modules and then link the modules in a foundational open logical framework to compose the verified complete software package. In this paper, we show how this new methodology is applied to verify a software package containing implementations of preemptive threads and a set of synchronization primitives. Our experience shows that domain-specific verification systems can greatly simplify the verification process of low-level software, and new techniques for combining domain-specific and foundational logics are critical for the successful verification of complete software systems.

Neta Elad,Oded Padon,Sharon Shoham

DOI: https://doi.org/10.1145/3632875

2024-09-10

Abstract:First-order logic, and quantifiers in particular, are widely used in deductive verification. Quantifiers are essential for describing systems with unbounded domains, but prove difficult for automated solvers. Significant effort has been dedicated to finding quantifier instantiations that establish unsatisfiability, thus ensuring validity of a system's verification conditions. However, in many cases the formulas are satisfiable: this is often the case in intermediate steps of the verification process. For such cases, existing tools are limited to finding finite models as counterexamples. Yet, some quantified formulas are satisfiable but only have infinite models. Such infinite counter-models are especially typical when first-order logic is used to approximate inductive definitions such as linked lists or the natural numbers. The inability of solvers to find infinite models makes them diverge in these cases. In this paper, we tackle the problem of finding such infinite models. These models allow the user to identify and fix bugs in the modeling of the system and its properties. Our approach consists of three parts. First, we introduce symbolic structures as a way to represent certain infinite models. Second, we describe an effective model finding procedure that symbolically explores a given family of symbolic structures. Finally, we identify a new decidable fragment of first-order logic that extends and subsumes the many-sorted variant of EPR, where satisfiable formulas always have a model representable by a symbolic structure within a known family. We evaluate our approach on examples from the domains of distributed consensus protocols and of heap-manipulating programs. Our implementation quickly finds infinite counter-models that demonstrate the source of verification failures in a simple way, while SMT solvers and theorem provers such as Z3, cvc5, and Vampire diverge.

Logic in Computer Science,Programming Languages

Anas Shrinah,Kerstin Eder

DOI: https://doi.org/10.48550/arXiv.1811.09231

2020-02-25

Abstract:The verification of planning domain models is crucial to ensure the safety, integrity and correctness of planning-based automated systems. This task is usually performed using model checking techniques. However, unconstrained application of model checkers to verify planning domain models can result in false positives, <a class="link-external link-http" href="http://i.e.counterexamples" rel="external noopener nofollow">this http URL</a> that are unreachable by a sound planner when using the domain under verification during a planning task. In this paper, we discuss the downside of unconstrained planning domain model verification. We then introduce the notion of a valid planning counterexample, and demonstrate how model checkers, as well as state trajectory constraints planning techniques, should be used to verify planning domain models so that invalid planning counterexamples are not returned.

Artificial Intelligence

Mark Wetzlinger,Niklas Kochdumper,Stanley Bak,Matthias Althoff

DOI: https://doi.org/10.1109/TAC.2023.3292008

2024-02-22

Abstract:Reachability analysis is a formal method to guarantee safety of dynamical systems under the influence of uncertainties. A substantial bottleneck of all reachability algorithms is the necessity to adequately tune specific algorithm parameters, such as the time step size, which requires expert knowledge. In this work, we solve this issue with a fully automated reachability algorithm that tunes all algorithm parameters internally such that the reachable set enclosure respects a user-defined approximation error bound in terms of the Hausdorff distance to the exact reachable set. Moreover, this bound can be used to extract an inner-approximation of the reachable set from the outer-approximation using the Minkowski difference. Finally, we propose a novel verification algorithm that automatically refines the accuracy of the outer-approximation and inner-approximation until specifications given by time-varying safe and unsafe sets can be verified or falsified. The numerical evaluation demonstrates that our verification algorithm successfully verifies or falsifies benchmarks from different domains without requiring manual tuning.

Numerical Analysis,Systems and Control

Cong Tian,Zhenhua Duan

DOI: https://doi.org/10.1109/icse.2013.6606566

2013-05-01

Abstract:Abstraction is one of the most important strategies for dealing with the state space explosion problem in model checking. With an abstract model, the state space is largely reduced, however, a counterexample found in such a model that does not satisfy the desired property may not exist in the concrete model. Therefore, how to check whether a reported counterexample is spurious is a key problem in the abstraction-refinement loop. Particularly, there are often thousands of millions of states in systems of industrial scale, how to check spurious counterexamples in these systems practically is a significant problem. In this paper, by re-analyzing spurious counterexamples, a new formal definition of spurious path is given. Based on it, efficient algorithms for detecting spurious counterexamples are presented. By the new algorithms, when dealing with infinite counterex-amples, the finite prefix to be analyzed will be polynomially shorter than the one dealt by the existing algorithm. Moreover, in practical terms, the new algorithms can naturally be parallelized that makes multi-core processors contributes more in spurious counterexample checking. In addition, by the new algorithms, the state resulting in a spurious path (false state) that is hidden shallower will be reported earlier. Hence, as long as a false state is detected, lots of iterations for detecting all the false states will be avoided. Experimental results show that the new algorithms perform well along with the growth of system scale.

Alexei Iliasov,Dominic Taylor,Linas Laibinis,Alexander Romanovsky

DOI: https://doi.org/10.48550/arXiv.2108.10091

2021-08-23

Software Engineering

Abstract:The increasing complexity of modern interlocking poses a major challenge to ensuring railway safety. This calls for application of formal methods forassurance and verification of their safety. We have developed an industry-strength toolset, called SafeCap, for formal verification of interlockings. Our aim was to overcome the main barriers in deploying formal methods in industry. The approach proposed verifies interlocking data developed by signalling engineers in the ways they are designed by industry. It ensures fully-automated verification of safety properties using the state of the art techniques (automated theorem provers and solvers), and provides diagnostics in terms of the notations used by engineers. In the last two years SafeCap has been successfully used to verify 26 real-world mainline interlockings, developed by different suppliers and design offices. SafeCap is currently used in an advisory capacity, supplementing manual checking and testing processes by providing an additional level of verification and enabling earlier identification of errors. We are now developing a safety case to support its use as an alternative to some of these activities.

Aurojit Panda,Ori Lahav,Katerina Argyraki,Mooly Sagiv,Scott Shenker

DOI: https://doi.org/10.48550/arXiv.1409.7687

2014-09-26

Abstract:Great progress has been made recently in verifying the correctness of router forwarding tables. However, these approaches do not work for networks containing middleboxes such as caches and firewalls whose forwarding behavior depends on previously observed traffic. We explore how to verify isolation properties in networks that include such "dynamic datapath" elements using model checking. Our work leverages recent advances in SMT solvers, and the main challenge lies in scaling the approach to handle large and complicated networks. While the straightforward application of model checking to this problem can only handle very small networks (if at all), our approach can verify simple realistic invariants on networks containing 30,000 middleboxes in a few minutes.

Networking and Internet Architecture,Logic in Computer Science