ProNoBiS meeting - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

ProNoBiS meeting

Description:

Nondeterministic typology N. Based on T ransformations. Check bisimilarity of images in NA ... Mixed typology M. Based on E mbeddings. Check bisimilarity of ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 21
Provided by: roberto143
Category:

less

Transcript and Presenter's Notes

Title: ProNoBiS meeting


1
ProNoBiSActivities in Verona
  • Roberto Segala
  • University of Verona
  • with Augusto Parma and Andrea Turrini

2
List of Activities
  • Comparative semantics
  • Alternating and non-alternating models
  • Simulation and bisimulation relations
  • Logical characterizations
  • Extensions of HM logic
  • Non-discrete measures
  • Stochastic Transition Systems
  • Verification of crypto protocols
  • Task-based PIOAs
  • Oblivious transfer
  • Aproximate simulations
  • Authentication, matching conversations

3
Probabilistic Automata (NA)
NA (Q , q0 , E , H , D)
Transition relation D Í Q (EÈH)
Disc(Q) Internal (hidden) actions External
actions EÇH Æ Initial state q0 Î Q States
4
Alternating vs. non-alternating
NA
A
SA
u
u
u
flip
flip
flip
flip
flip
flip
p2
p3
p2
p3
.7
.3
.2
.8
.7
.3
.2
.8
.2
.8
.7
.3
h
t
h
t
h
t
h
t
h
t
h
t
beep
beep
beep
beep
beep
beep
pb
pb
1
1
1
1
5
Relations between models
  • Embeddings (E )
  • SA as an instance of A and of NA
  • A as an instance of NA
  • Embeddings as structure restrictions
  • Transformations (T )
  • Folkloristic ways to represent the same object
    within the three models

6
Strong Bisimulation of NA
  • Strong bisimulation between A1 and A2
  • Relation R ? Q x Q,
  • QQ1ÈQ2, such that

" q, s, a, ? ?
q
?
a

R
R
q0
s0
a
s
?
a
a
1
s1
q1
q2
LS89
? R ?
b
b
b
1
?
1
1
q3
q4
s3
?C ?Q/R . ? (C ) ? (C )
7
Bisimulation Literature
  • In literature there are also
  • Strong bisimulation of Hansson on SA
  • Relates only nondeterministic states
  • Strong bisimulation of Philippou on A
  • Relates all states
  • Probabilistic states are a technicality
  • Weak bisimulation of Philippou on A
  • Relates all states
  • Probabilistic states are meaningful
  • Uses conditional probabilities on self loop

8
Taxonomy
  • Nondeterministic typology N
  • Based on T ransformations
  • Check bisimilarity of images in NA

T
T (A1)
A1
SA A
?
T
N ?
NA
A2
T (A2 )
9
Taxonomy
  • Mixed typology M
  • Based on E mbeddings
  • Check bisimilarity of images in NA

E
E (A1)
A1
SA A
?
E
M?
NA
A2
E (A2 )
10
Taxonomy and LiteratureSegala, Turrini
11
Logical CharacterizationsParma, Segala
  • Logic true Øf fÙf àaf fp
  • Semantics m satisfies a formula
  • àaf for each q in support of m there is a
    transition (q,a,m) such that m f
  • fp m(qqf) ³ p
  • Observation àpaf corresponds to àafp

12
Stochastic Transition SystemsCattani, Segala,
Kwiatkowska, Norman
ST (Q , q0 , E , H , FQ, FA, D)
Transition relation D Í Q (EÈH)
P(Q,FQ) s-field on actions s-field on
states Internal (hidden) actions External
actions EÇH Æ Initial state q0 Î Q States
13
STS Problems
  • Not all schedulers lead to measurability
  • Let X Í 0,1 be non measurable
  • Choose x uniformly in 0,1
  • Schedule a only if x Î X
  • What is the probability of àa?
  • Define measurable schedulers
  • From FEXEC to FAQ
  • Then we obtain Markov Kernels
  • Markow kernels preserved by projection
  • Important for modular reasoning
  • How about bisimulation?

14
UC-Security Canetti
Simulator
Ideal functionality

?
Environment
"
Adversary
Real protocol
"
15
UC-Security with PIOAs Canetti, Cheung, Kaynar,
Liskov, Lynch, Pereira, Segala
Adversary
Simulator
Ideal functionality

"
?
Environment
"
Adversary
Real protocol
"
16
Oblivious Transfer Canetti, Cheung, Kaynar,
Liskov, Lynch, Pereira, Segala
Ideal functionality
Hard core predicate
Simulator
Adversary
Hard core predicate
Protocol
Adversary
Adversary
Protocol
Random bit
Adversary
Real protocol
Random bit
17
Aproximate SimulationsSegala, Turrini
  • Given Ak and Bk consider Rk. R ? QAk
    x QAk
  • For each cÎN, pÎPoly, exists kÎN, for each kgtk,
    egt0, m1, m2
  • If
  • m1 reached in at most p(k) steps
  • m1 L(Rk,e) m2
  • m1 ¾ñ m1
  • Then
  • m2 ¾ñ m2
  • m1 L(Rk,ek-c) m2

  • m1 L(R,e) m2
  • m1 (1-e)m1em1
  • m2 (1-e)m2em2
  • m1 L(R) m2

18
Implications on executions
  • Let Rk be an aprox sim from Ak to Bk
  • For each cÎN, pÎPoly, exists kÎN, for each kgtk,
    m1
  • If
  • m1 is reachable in Ak in p(k) steps
  • Then exists m2
  • m2 reachable in Bk in p(k) steps
  • m1 L(R,p(k)k-c) m2

19
Application to AuthenticationMatching
Conversation
  • Specification
  • Actual protocol
  • States keep history
  • Adversary does almost everything
  • All invalid transitions removed
  • Implementation
  • Actual protocol
  • States keep history
  • Adversary is a PPT algorithm
  • Simulation
  • Identity on states
  • Properties
  • All executions of specification satisfy matching
    conversations
  • Failure of simulation imply breaking a signature
    protocol

20
Open problems
  • Logics
  • Complete the picuture with simulations
  • Stochastic Transition Systems
  • Understand bisimulation
  • Get soundness results
  • Understand restrictions to the model
  • Verification
  • Refine the methods
  • Test on more complex case studies
  • Compare with soundness proofs for symbolic methods
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "ProNoBiS meeting" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!