Verifying Security Policies in Multi-agent Workflows with Loops

Finkbeiner, Bernd; Müller, Christian; Seidl, Helmut; Zălinescu, Eugen

doi:10.1145/3133956.3134080

Cited by 35 publications

(22 citation statements)

References 33 publications

(57 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It would be interesting to see if the differences we observed for HyperLTL carry over to other hyperlogics (cf. [1,11,13,24]). One could extend the results of this paper to the reactive setting, where the program interacts with the environment.…”

Section: Discussionmentioning

confidence: 99%

“…There has been a lot of recent progress in automatically verifying [14,[23][24][25] and monitoring [2,8,9,21,22,29,39] HyperLTL specifications. HyperLTL is also supported by a growing set of tools, including the model checker MCHyper [14,25], the satisfiability checkers EAHyper [20] and MGHyper [18], and the runtime monitoring tool RVHyper [21].…”

Section: Related Workmentioning

confidence: 99%

“…There has been a lot of recent progress in automatically verifying [14,[23][24][25] and monitoring [2,8,9,21,22,29,39] HyperLTL specifications. The automatic construction of systems that satisfy a given set of information-flow properties is still, however, in its infancy.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Program Repair for Hyperproperties

Bonakdarpour,

Finkbeiner

2021

Preprint

Self Cite

View full text Add to dashboard Cite

We study the repair problem for hyperproperties specified in the temporal logic HyperLTL. Hyperproperties are system properties that relate multiple computation traces. This class of properties includes information flow policies like noninterference and observational determinism. The repair problem is to find, for a given Kripke structure, a substructure that satisfies a given specification. We show that the repair problem is decidable for HyperLTL specifications and finite-state Kripke structures. We provide a detailed complexity analysis for different fragments of HyperLTL and different system types: tree-shaped, acyclic, and general Kripke structures.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Program Repair for Hyperproperties

Bonakdarpour,

Finkbeiner

2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…There has been much recent progress in automatically verifying [27,26,25,15,31] and monitoring [3,24,11,9,23,35,30] HyperLTL specifications. HyperLTL is also supported by a growing set of tools, including the model checkers HyperQube [31],…”

Section: Related Workmentioning

confidence: 99%

Finite-Word Hyperlanguages

Bonakdarpour

Sheinvald

2021

Language and Automata Theory and Applications

View full text Add to dashboard Cite

Formal languages are in the core of models of computation and their behavior. A rich family of models for many classes of languages have been widely studied. Hyperproperties lift conventional trace-based languages from a set of execution traces to a set of sets of executions. Hyperproperties have been shown to be a powerful formalism for expressing and reasoning about information-flow security policies and important properties of cyber-physical systems. Although there is an extensive body of work on formal-language representation of trace properties, we currently lack such a general characterization for hyperproperties.We introduce hyperlanguages over finite words and models for expressing them. Essentially, these models express multiple words by using assignments to quantified word variables. Relying on the standard models for regular languages, we propose hyperregular expressions and finite-word hyperautomata (NFH), for modeling the class of regular hyperlanguages. We demonstrate the ability of regular hyperlanguages to express hyperproperties for finite traces. We explore the closure properties and the complexity of the fundamental decision problems such as nonemptiness, universality, membership, and containment for various fragments of NFH.

show abstract

“…This problem also has been encountered in [10,11,19] where noninterference [13] is investigated for multi-agent workflows in the spirit of the conference management system from Fig. 1.…”

Section: Introductionmentioning

confidence: 98%

Stratified Guarded First-Order Transition Systems

Müller

Seidl

2020

Static Analysis

Self Cite

View full text Add to dashboard Cite

First-order transition systems are a convenient formalism to specify parametric systems such as multi-agent workflows or distributed algorithms. In general, any nontrivial question about such systems is undecidable. Here, we present three subclasses of first-order transition systems where every universal invariant can effectively be decided via fixpoint iteration. These subclasses are defined in terms of syntactical restrictions: negation, stratification and guardedness. While guardedness represents a particular pattern how input predicates control existential quantifiers, stratification limits the information flow between predicates. Guardedness implies that the weakest precondition for every universal invariant is again universal, while the remaining sufficient criteria enforce that either the number of first-order variables, or the number of required instances of input predicates remains bounded, or the number of occurring negated literals decreases in every iteration. We argue for each of these three cases that termination of the fixpoint iteration can be guaranteed.

show abstract

Verifying Security Policies in Multi-agent Workflows with Loops

Cited by 35 publications

References 33 publications

Program Repair for Hyperproperties

Program Repair for Hyperproperties

Finite-Word Hyperlanguages

Stratified Guarded First-Order Transition Systems

Contact Info

Product

Resources

About