-
Measuring Robustness in Cyber-Physical Systems under Sensor Attacks
Authors:
Jian Xiang,
Ruggero Lanotte,
Simone Tini,
Stephen Chong,
Massimo Merro
Abstract:
This paper contributes a formal framework for quantitative analysis of bounded sensor attacks on cyber-physical systems, using the formalism of differential dynamic logic. Given a precondition and postcondition of a system, we formalize two quantitative safety notions, quantitative forward and backward safety, which respectively express (1) how strong the strongest postcondition of the system is w…
▽ More
This paper contributes a formal framework for quantitative analysis of bounded sensor attacks on cyber-physical systems, using the formalism of differential dynamic logic. Given a precondition and postcondition of a system, we formalize two quantitative safety notions, quantitative forward and backward safety, which respectively express (1) how strong the strongest postcondition of the system is with respect to the specified postcondition, and (2) how strong the specified precondition is with respect to the weakest precondition of the system needed to ensure the specified postcondition holds. We introduce two notions, forward and backward robustness, to characterize the robustness of a system against sensor attacks as the loss of safety. To reason about robustness, we introduce two simulation distances, forward and backward simulation distances, which are defined based on the behavioral distances between the original system and the system with compromised sensors. Forward and backward distances, respectively, characterize upper bounds of the degree of forward and backward safety loss caused by the sensor attacks. We verify the two simulation distances by expressing them as modalities, i.e., formulas of differential dynamic logic, and develop an ad-hoc proof system to reason with such formulas. We showcase our formal notions and reasoning techniques on two non-trivial case studies: an autonomous vehicle that needs to avoid collision and a water tank system.
△ Less
Submitted 9 March, 2024;
originally announced March 2024.
-
RobTL: A Temporal Logic for the Robustness of Cyber-Physical Systems
Authors:
Valentina Castiglioni,
Michele Loreti,
Simone Tini
Abstract:
We propose the Robustness Temporal Logic (RobTL), a novel temporal logic for the specification and analysis of distances between the behaviours of Cyber-Physical Systems (CPSs) over a finite time horizon. Differently from classical temporal logic expressing properties on the behaviour of a system, we can use RobTL specifications to measure the differences in the behaviours of systems with respect…
▽ More
We propose the Robustness Temporal Logic (RobTL), a novel temporal logic for the specification and analysis of distances between the behaviours of Cyber-Physical Systems (CPSs) over a finite time horizon. Differently from classical temporal logic expressing properties on the behaviour of a system, we can use RobTL specifications to measure the differences in the behaviours of systems with respect to various objectives and temporal constraints, and to study how those differences evolve in time. Since the behaviour of CPSs is inevitably subject to uncertainties and approximations, we show how the unique features of RobTL allow us to specify property of robustness of systems against perturbations, i.e., their capability to function correctly even under the effect of perturbations. Given the probabilistic nature of CPSs, our model checking algorithm for RobTL specifications is based on statistical inference. As an example of an application of our framework, we consider a supervised, self-coordinating engine system that is subject to attacks aimed at inflicting overstress of equipment.
△ Less
Submitted 21 December, 2022;
originally announced December 2022.
-
EvTL: A Temporal Logic for the Transient Analysis of Cyber-Physical Systems
Authors:
Valentina Castiglioni,
Michele Loreti,
Simone Tini
Abstract:
The behaviour of systems characterised by a closed interaction of software components with the environment is inevitably subject to perturbations and uncertainties. In this paper we propose a general framework for the specification and verification of requirements on the behaviour of these systems. We introduce the Evolution Temporal Logic (EvTL), a stochastic extension of STL allowing us to speci…
▽ More
The behaviour of systems characterised by a closed interaction of software components with the environment is inevitably subject to perturbations and uncertainties. In this paper we propose a general framework for the specification and verification of requirements on the behaviour of these systems. We introduce the Evolution Temporal Logic (EvTL), a stochastic extension of STL allowing us to specify properties of the probability distributions describing the transient behaviour of systems, and to include the presence of uncertainties in the specification. We equip EvTL with a robustness semantics and we prove it sound and complete with respect to the semantics induced by the evolution metric, i.e., a hemimetric expressing how well a system is fulfilling its tasks with respect to another one. Finally, we develop a statistical model checking algorithm for EvTL specifications. As an example of an application of our framework, we consider a three-tanks laboratory experiment.
△ Less
Submitted 28 April, 2022;
originally announced April 2022.
-
A framework to measure the robustness of programs in the unpredictable environment
Authors:
Valentina Castiglioni,
Michele Loreti,
Simone Tini
Abstract:
Due to the diffusion of IoT, modern software systems are often thought to control and coordinate smart devices in order to manage assets and resources, and to guarantee efficient behaviours. For this class of systems, which interact extensively with humans and with their environment, it is thus crucial to guarantee their correct behaviour in order to avoid unexpected and possibly dangerous situati…
▽ More
Due to the diffusion of IoT, modern software systems are often thought to control and coordinate smart devices in order to manage assets and resources, and to guarantee efficient behaviours. For this class of systems, which interact extensively with humans and with their environment, it is thus crucial to guarantee their correct behaviour in order to avoid unexpected and possibly dangerous situations. In this paper we will present a framework that allows us to measure the robustness of systems. This is the ability of a program to tolerate changes in the environmental conditions and preserving the original behaviour. In the proposed framework, the interaction of a program with its environment is represented as a sequence of random variables describing how both evolve in time. For this reason, the considered measures will be defined among probability distributions of observed data. The proposed framework will be then used to define the notions of adaptability and reliability. The former indicates the ability of a program to absorb perturbation on environmental conditions after a given amount of time. The latter expresses the ability of a program to maintain its intended behaviour (up-to some reasonable tolerance) despite the presence of perturbations in the environment. Moreover, an algorithm, based on statistical inference, is proposed to evaluate the proposed metric and the aforementioned properties. We use two case studies to the describe and evaluate the proposed approach.
△ Less
Submitted 6 July, 2023; v1 submitted 30 November, 2021;
originally announced November 2021.
-
Proceedings Combined 25th International Workshop on Expressiveness in Concurrency and 15th Workshop on Structural Operational Semantics
Authors:
Jorge A. PĂ©rez,
Simone Tini
Abstract:
This volume contains the proceedings of the Combined 25th International Workshop on Expressiveness in Concurrency and the 15th Workshop on Structural Operational Semantics (EXPRESS/SOS 2018), which was held on September 3, 2018, in Bei**g, China, as an affiliated workshop of CONCUR 2018, the 29th International Conference on Concurrency Theory. The EXPRESS workshops aim at bringing together resear…
▽ More
This volume contains the proceedings of the Combined 25th International Workshop on Expressiveness in Concurrency and the 15th Workshop on Structural Operational Semantics (EXPRESS/SOS 2018), which was held on September 3, 2018, in Bei**g, China, as an affiliated workshop of CONCUR 2018, the 29th International Conference on Concurrency Theory. The EXPRESS workshops aim at bringing together researchers interested in the expressiveness of various formal systems and semantic notions, particularly in the field of concurrency. Their focus has traditionally been on the comparison between programming concepts (such as concurrent, functional, imperative, logic and object-oriented programming) and between mathematical models of computation (such as process algebras, Petri nets, event structures, modal logics, and rewrite systems) on the basis of their relative expressive power. The SOS workshops aim at being a forum for researchers, students and practitioners interested in new developments, and directions for future investigation, in the field of structural operational semantics. One of the specific goals of the SOS workshop series is to establish synergies between the concurrency and programming language communities working on the theory and practice of SOS. Since 2012, the EXPRESS and SOS communities have organized an annual combined EXPRESS/SOS workshop on the expressiveness of mathematical models of computation and the formal semantics of systems and programming concepts.
△ Less
Submitted 24 August, 2018;
originally announced August 2018.
-
Towards a formal notion of impact metric for cyber-physical attacks (full version)
Authors:
Ruggero Lanotte,
Massimo Merro,
Simone Tini
Abstract:
Industrial facilities and critical infrastructures are transforming into "smart" environments that dynamically adapt to external events. The result is an ecosystem of heterogeneous physical and cyber components integrated in cyber-physical systems which are more and more exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes at the cor…
▽ More
Industrial facilities and critical infrastructures are transforming into "smart" environments that dynamically adapt to external events. The result is an ecosystem of heterogeneous physical and cyber components integrated in cyber-physical systems which are more and more exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes at the core of the systems.
We provide a formal compositional metric to estimate the impact of cyber-physical attacks targeting sensor devices of IoT systems formalised in a simple extension of Hennessy and Regan's Timed Process Language. Our impact metric relies on a discrete-time generalisation of Desharnais et al.'s weak bisimulation metric for concurrent systems. We show the adequacy of our definition on two different attacks on a simple surveillance system.
△ Less
Submitted 27 June, 2018;
originally announced June 2018.
-
Proceedings Combined 24th International Workshop on Expressiveness in Concurrency and 14th Workshop on Structural Operational Semantics
Authors:
Kirstin Peters,
Simone Tini
Abstract:
This volume contains the proceedings of the Combined 24th International Workshop on Expressiveness in Concurrency and the 14th Workshop on Structural Operational Semantics (EXPRESS/SOS 2017) which was held on 04 September 2017 in Berlin, Germany, as an affiliated workshop of CONCUR 2017, the 28th International Conference on Concurrency Theory. The EXPRESS workshops aim at bringing together researc…
▽ More
This volume contains the proceedings of the Combined 24th International Workshop on Expressiveness in Concurrency and the 14th Workshop on Structural Operational Semantics (EXPRESS/SOS 2017) which was held on 04 September 2017 in Berlin, Germany, as an affiliated workshop of CONCUR 2017, the 28th International Conference on Concurrency Theory. The EXPRESS workshops aim at bringing together researchers interested in the expressiveness of various formal systems and semantic notions, particularly in the field of concurrency. Their focus has traditionally been on the comparison between programming concepts (such as concurrent, functional, imperative, logic and object-oriented programming) and between mathematical models of computation (such as process algebras, Petri nets, event structures, modal logics, and rewrite systems) on the basis of their relative expressive power. The EXPRESS workshop series has run successfully since 1994 and over the years this focus has become broadly construed. The SOS workshops aim at being a forum for researchers, students and practitioners interested in new developments, and directions for future investigation, in the field of structural operational semantics. One of the specific goals of the SOS workshop series is to establish synergies between the concurrency and programming language communities working on the theory and practice of SOS. Since 2012, the EXPRESS and SOS communities have organized an annual combined EXPRESS/SOS workshop on the expressiveness of mathematical models of computation and the formal semantics of systems and programming concepts.
△ Less
Submitted 31 August, 2017;
originally announced September 2017.
-
Logical Characterization of Trace Metrics
Authors:
Valentina Castiglioni,
Simone Tini
Abstract:
In this paper we continue our research line on logical characterizations of behavioral metrics obtained from the definition of a metric over the set of logical properties of interest. This time we provide a characterization of both strong and weak trace metric on nondeterministic probabilistic processes, based on a minimal boolean logic L which we prove to be powerful enough to characterize strong…
▽ More
In this paper we continue our research line on logical characterizations of behavioral metrics obtained from the definition of a metric over the set of logical properties of interest. This time we provide a characterization of both strong and weak trace metric on nondeterministic probabilistic processes, based on a minimal boolean logic L which we prove to be powerful enough to characterize strong and weak probabilistic trace equivalence. Moreover, we also prove that our characterization approach can be restated in terms of a more classic probabilistic L-model checking problem.
△ Less
Submitted 13 July, 2017;
originally announced July 2017.
-
Equational Reasonings in Wireless Network Gossip Protocols
Authors:
Ruggero Lanotte,
Massimo Merro,
Simone Tini
Abstract:
Gossip protocols have been proposed as a robust and efficient method for disseminating information throughout large-scale networks. In this paper, we propose a compositional analysis technique to study formal probabilistic models of gossip protocols expressed in a simple probabilistic timed process calculus for wireless sensor networks. We equip the calculus with a simulation theory to compare pro…
▽ More
Gossip protocols have been proposed as a robust and efficient method for disseminating information throughout large-scale networks. In this paper, we propose a compositional analysis technique to study formal probabilistic models of gossip protocols expressed in a simple probabilistic timed process calculus for wireless sensor networks. We equip the calculus with a simulation theory to compare probabilistic protocols that have similar behaviour up to a certain tolerance. The theory is used to prove a number of algebraic laws which revealed to be very effective to estimate the performances of gossip networks, with and without communication collisions, and randomised gossip networks. Our simulation theory is an asymmetric variant of the weak bisimulation metric that maintains most of the properties of the original definition. However, our asymmetric version is particularly suitable to reason on protocols in which the systems under consideration are not approximately equivalent, as in the case of gossip protocols.
△ Less
Submitted 27 September, 2018; v1 submitted 11 July, 2017;
originally announced July 2017.
-
A Probabilistic Calculus of Cyber-Physical Systems
Authors:
Ruggero Lanotte,
Massimo Merro,
Simone Tini
Abstract:
We propose a hybrid probabilistic process calculus for modelling and reasoning on cyber-physical systems (CPSs). The dynamics of the calculus is expressed in terms of a probabilistic labelled transition system in the SOS style of Plotkin. This is used to define a bisimulation-based probabilistic behavioural semantics which supports compositional reasonings. For a more careful comparison between CP…
▽ More
We propose a hybrid probabilistic process calculus for modelling and reasoning on cyber-physical systems (CPSs). The dynamics of the calculus is expressed in terms of a probabilistic labelled transition system in the SOS style of Plotkin. This is used to define a bisimulation-based probabilistic behavioural semantics which supports compositional reasonings. For a more careful comparison between CPSs, we provide two compositional probabilistic metrics to formalise the notion of behavioural distance between systems, also in the case of bounded computations. Finally, we provide a non-trivial case study, taken from an engineering application, and use it to illustrate our definitions and our compositional behavioural theory for CPSs.
△ Less
Submitted 27 April, 2020; v1 submitted 7 July, 2017;
originally announced July 2017.
-
SOS-based Modal Decomposition on Nondeterministic Probabilistic Processes
Authors:
Valentina Castiglioni,
Daniel Gebler,
Simone Tini
Abstract:
We propose a method for the decomposition of modal formulae on processes with nondeterminism and probability with respect to Structural Operational Semantics. The purpose is to reduce the satisfaction problem of a formula for a process to verifying whether its subprocesses satisfy certain formulae obtained from the decomposition. To deal with the probabilistic behavior of processes, and thus with…
▽ More
We propose a method for the decomposition of modal formulae on processes with nondeterminism and probability with respect to Structural Operational Semantics. The purpose is to reduce the satisfaction problem of a formula for a process to verifying whether its subprocesses satisfy certain formulae obtained from the decomposition. To deal with the probabilistic behavior of processes, and thus with the decomposition of formulae characterizing it, we introduce a SOS-like machinery allowing for the specification of the behavior of open distribution terms. By our decomposition, we obtain (pre)congruence formats for probabilistic bisimilarity, ready similarity and similarity.
△ Less
Submitted 22 June, 2018; v1 submitted 28 January, 2017;
originally announced January 2017.
-
Logical Characterization of Bisimulation Metrics
Authors:
Valentina Castiglioni,
Daniel Gebler,
Simone Tini
Abstract:
Bisimulation metrics provide a robust and accurate approach to study the behavior of nondeterministic probabilistic processes. In this paper, we propose a logical characterization of bisimulation metrics based on a simple probabilistic variant of the Hennessy-Milner logic. Our approach is based on the novel notions of mimicking formulae and distance between formulae. The former are a weak version…
▽ More
Bisimulation metrics provide a robust and accurate approach to study the behavior of nondeterministic probabilistic processes. In this paper, we propose a logical characterization of bisimulation metrics based on a simple probabilistic variant of the Hennessy-Milner logic. Our approach is based on the novel notions of mimicking formulae and distance between formulae. The former are a weak version of the well known characteristic formulae and allow us to characterize also (ready) probabilistic simulation and probabilistic bisimilarity. The latter is a 1-bounded pseudometric on formulae that mirrors the Hausdorff and Kantorovich lifting the defining bisimilarity pseudometric. We show that the distance between two processes equals the distance between their own mimicking formulae.
△ Less
Submitted 26 October, 2016;
originally announced October 2016.
-
Compositional bisimulation metric reasoning with Probabilistic Process Calculi
Authors:
Daniel Gebler,
Kim G. Larsen,
Simone Tini
Abstract:
We study which standard operators of probabilistic process calculi allow for compositional reasoning with respect to bisimulation metric semantics. We argue that uniform continuity (generalizing the earlier proposed property of non-expansiveness) captures the essential nature of compositional reasoning and allows now also to reason compositionally about recursive processes. We characterize the dis…
▽ More
We study which standard operators of probabilistic process calculi allow for compositional reasoning with respect to bisimulation metric semantics. We argue that uniform continuity (generalizing the earlier proposed property of non-expansiveness) captures the essential nature of compositional reasoning and allows now also to reason compositionally about recursive processes. We characterize the distance between probabilistic processes composed by standard process algebra operators. Combining these results, we demonstrate how compositional reasoning about systems specified by continuous process algebra operators allows for metric assume-guarantee like performance validation.
△ Less
Submitted 30 December, 2016; v1 submitted 19 October, 2016;
originally announced October 2016.
-
Fixed-point Characterization of Compositionality Properties of Probabilistic Processes Combinators
Authors:
Daniel Gebler,
Simone Tini
Abstract:
Bisimulation metric is a robust behavioural semantics for probabilistic processes. Given any SOS specification of probabilistic processes, we provide a method to compute for each operator of the language its respective metric compositionality property. The compositionality property of an operator is defined as its modulus of continuity which gives the relative increase of the distance between proc…
▽ More
Bisimulation metric is a robust behavioural semantics for probabilistic processes. Given any SOS specification of probabilistic processes, we provide a method to compute for each operator of the language its respective metric compositionality property. The compositionality property of an operator is defined as its modulus of continuity which gives the relative increase of the distance between processes when they are combined by that operator. The compositionality property of an operator is computed by recursively counting how many times the combined processes are copied along their evolution. The compositionality properties allow to derive an upper bound on the distance between processes by purely inspecting the operators used to specify those processes.
△ Less
Submitted 6 August, 2014;
originally announced August 2014.
-
Compositionality of Approximate Bisimulation for Probabilistic Systems
Authors:
Daniel Gebler,
Simone Tini
Abstract:
Probabilistic transition system specifications using the rule format ntmuft-ntmuxt provide structural operational semantics for Segala-type systems and guarantee that probabilistic bisimilarity is a congruence. Probabilistic bisimilarity is for many applications too sensitive to the exact probabilities of transitions. Approximate bisimulation provides a robust semantics that is stable with respect…
▽ More
Probabilistic transition system specifications using the rule format ntmuft-ntmuxt provide structural operational semantics for Segala-type systems and guarantee that probabilistic bisimilarity is a congruence. Probabilistic bisimilarity is for many applications too sensitive to the exact probabilities of transitions. Approximate bisimulation provides a robust semantics that is stable with respect to implementation and measurement errors of probabilistic behavior. We provide a general method to quantify how much a process combinator expands the approximate bisimulation distance. As a direct application we derive an appropriate rule format that guarantees compositionality with respect to approximate bisimilarity. Moreover, we describe how specification formats for non-standard compositionality requirements may be derived.
△ Less
Submitted 28 July, 2013;
originally announced July 2013.
-
Aspects of multiscale modelling in a process algebra for biological systems
Authors:
Roberto Barbuti,
Giulio Caravagna,
Paolo Milazzo,
Andrea Maggiolo-Schettini,
Simone Tini
Abstract:
We propose a variant of the CCS process algebra with new features aiming at allowing multiscale modelling of biological systems. In the usual semantics of process algebras for modelling biological systems actions are instantaneous. When different scale levels of biological systems are considered in a single model, one should take into account that actions at a level may take much more time than ac…
▽ More
We propose a variant of the CCS process algebra with new features aiming at allowing multiscale modelling of biological systems. In the usual semantics of process algebras for modelling biological systems actions are instantaneous. When different scale levels of biological systems are considered in a single model, one should take into account that actions at a level may take much more time than actions at a lower level. Moreover, it might happen that while a component is involved in one long lasting high level action, it is involved also in several faster lower level actions. Hence, we propose a process algebra with operations and with a semantics aimed at dealing with these aspects of multiscale modelling. We study behavioural equivalences for such an algebra and give some examples.
△ Less
Submitted 1 November, 2010;
originally announced November 2010.