Deciding Hyperproperties

Hyperproperties, like observational determinism or symmetry, cannot be expressed as properties of individual computation traces, because they describe a relation between multiple computation traces. HyperLTL is a temporal logic that captures such relations through trace variables, which are introduced through existential and universal trace quantifiers and can be used to refer to multiple computations at the same time. In this paper, we study the satisfiability problem of HyperLTL. We show that the problem is PSPACE-complete for alternationfree formulas (and, hence, no more expensive than LTL satisfiability), EXPSPACE-complete for ∃∀ formulas, and undecidable for ∀∃ formulas. Many practical hyperproperties can be expressed as alternation-free formulas. Our results show that both satisfiability and implication are decidable for such properties.

[1]  Emil L. Post A variant of a recursively unsolvable problem , 1946 .

[2]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[3]  Markus N. Rabe,et al.  A temporal logic approach to iInformation-flow control , 2016 .

[4]  Bernd Finkbeiner,et al.  The linear-hyper-branching spectrum of temporal logics , 2014, it Inf. Technol..

[5]  A. Prasad Sistla,et al.  The complexity of propositional linear temporal logics , 1982, STOC '82.

[6]  Amir Pnueli,et al.  Distributed reactive systems are hard to synthesize , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[7]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[8]  Andrew C. Myers,et al.  Observational determinism for concurrent program security , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[9]  Bernd Finkbeiner,et al.  Temporal Logics for Hyperproperties , 2013, POST.

[10]  Orna Kupfermant,et al.  Synthesis with Incomplete Informatio , 2000 .

[11]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[12]  Bernd Finkbeiner,et al.  Algorithms for Model Checking HyperLTL and HyperCTL ^* , 2015, CAV.

[13]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[14]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[15]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[16]  Pavol Cerný,et al.  Preserving Secrecy Under Refinement , 2006, ICALP.