Model Checking on Trees with Path Equivalences

For specifying and verifying branching-time requirements, a reactive system is traditionally modeled as a labeled tree, where a path in the tree encodes a possible execution of the system. We propose to enrich such tree models with "jump-edges" that capture observational indistinguishability: for an agent a, an a-labeled edge is added between two nodes if the observable behaviors of the agent a along the paths to these nodes are identical. We show that it is possible to specify information flow properties and partial information games in temporal logics interpreted on this enriched structure. We study complexity and decidability of the model checking problem for these logics. We show that it is PSPACE-complete and EXPTIME-complete respectively for fragments of CTL and µ-calculus-like logics. These fragments are expressive enough to allow specifications of information flow properties such as "agent A does not reveal x (a secret) until agent B reveals y (a password)" and of partial information games.

[1]  Andrew C. Myers,et al.  Decentralized robustness , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[2]  Nikolay V. Shilov,et al.  Model checking knowledge and fixpoints , 2002, FICS.

[3]  Lillian Lee,et al.  Fast context-free grammar parsing requires fast boolean matrix multiplication , 2001, JACM.

[4]  Pierre Wolper,et al.  An automata-theoretic approach to branching-time model checking , 2000, JACM.

[5]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[6]  Marco Pistore,et al.  Nusmv version 2: an opensource tool for symbolic model checking , 2002, CAV 2002.

[7]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[8]  Carleen Maitland,et al.  Trust in cyberspace , 2000 .

[9]  John H. Reif,et al.  Universal games of incomplete information , 1979, STOC.

[10]  Ron van der Meyden,et al.  Common Knowledge and Update in Finite Environments , 1998, Inf. Comput..

[11]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[12]  Pavol Cerný,et al.  Preserving Secrecy Under Refinement , 2006, ICALP.

[13]  Jerzy Tiuryn,et al.  Logics of Programs , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[14]  Ron van der Meyden,et al.  Model Checking Knowledge and Time in Systems with Perfect Recall (Extended Abstract) , 1999, FSTTCS.

[15]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[16]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[17]  Hubert Comon,et al.  Tree automata techniques and applications , 1997 .

[18]  Dexter Kozen,et al.  Results on the Propositional µ-Calculus , 1982, ICALP.

[19]  Hans Läuchli,et al.  Monadic second order definable relations on the binary tree , 1987, The Journal of Symbolic Logic.

[20]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[21]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..