Model Checking under Fairness in ProB and Its Application to Fair Exchange Protocols

  • David M. Williams
  • Joeri de Ruiter
  • Wan Fokkink
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7521)


Motivated by Murray’s work on the limits of refinement testing for CSP, we propose the use of ProB to check liveness properties under assumptions of strong and weak event fairness, whose refinement-closures cannot generally be expressed as refinement checks for FDR. Such properties are necessary for the analysis of fair exchange protocols in CSP, which assume at least some messages are sent over a resilient channel. As the properties we check are refinement-closed, we retain CSP’s theory of refinement, enabling subsequent step-wise refinement of the CSP model. Moreover, we improve upon existing CSP models of fair exchange protocols by proposing a revised intruder model inspired by the one of Cederquist and Dashti. Our intruder model is stronger as we use a weaker fairness constraint.


Model Check Temporal Logic Semantic Model Label Transition System Liveness Property 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall (1985)Google Scholar
  2. 2.
    Gardiner, P., Goldsmith, M., Hulance, J., Jackson, D., Roscoe, B., Scattergood, B., Armstrong, P.: FDR Manual. Oxford University (2010)Google Scholar
  3. 3.
    Lowe, G.: Specification of communicating processes: Temporal logic versus refusals-based refinement. Formal Aspects of Computing 20, 277–294 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Murray, T.: On the limits of refinement-testing for model-checking CSP. Formal Aspects of Computing (to appear, 2012)Google Scholar
  5. 5.
    Plagge, D., Leuschel, M.: Seven at one stroke: LTL model checking for high-level specifications in B, Z, CSP, and more. Software Tools for Technology Transfer 12, 9–21 (2010)CrossRefGoogle Scholar
  6. 6.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29, 198–208 (1983)MathSciNetzbMATHCrossRefGoogle Scholar
  7. 7.
    Kremer, S., Markowitch, O., Zhou, J.: An intensive survey of fair non-repudiation protocols. Computer Communications 25, 1606–1621 (2002)CrossRefGoogle Scholar
  8. 8.
    Asokan, N.: Fairness in electronic commerce. Technical report, University of Waterloo (1998)Google Scholar
  9. 9.
    Cederquist, J., Torabi Dashti, M.: An intruder model for verifying liveness in security protocols. In: Proc. FMSE 2006, pp. 23–32. ACM (2006)Google Scholar
  10. 10.
    Roscoe, A.: Understanding Concurrent Systems. Springer (2010)Google Scholar
  11. 11.
    Francez, N.: Fairness. Springer (1986)Google Scholar
  12. 12.
    Puhakka, A., Valmari, A.: Liveness and Fairness in Process-Algebraic Verification. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 202–217. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Torabi Dashti, M.: Keeping Fairness Alive. PhD thesis, VU University Amsterdam (2008)Google Scholar
  14. 14.
    Leuschel, M., Butler, M.: ProB: An automated analysis toolset for the B method. Software Tools for Technology Transfer 10, 185–203 (2008)CrossRefGoogle Scholar
  15. 15.
    Fokkink, W.J.: Modelling Distributed Systems. Springer (2007)Google Scholar
  16. 16.
    Mateescu, R., Sighireanu, M.: Efficient on-the-fly model checking for regular alternation-free mu-calculus. Science of Computer Programming 46, 255–281 (2003)MathSciNetzbMATHCrossRefGoogle Scholar
  17. 17.
    Garavel, H., Lang, F., Mateescu, R., Serwe, W.: CADP 2010: A Toolbox for the Construction and Analysis of Distributed Processes. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 372–387. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall (1998)Google Scholar
  19. 19.
    Schneider, S.: Formal analysis of a non-repudiation protocol. In: Proc. CSF 1998, pp. 54–65. IEEE (1998)Google Scholar
  20. 20.
    Evans, N., Schneider, S.: Verifying security protocols with PVS: Widening the rank function approach. Journal of Logic and Algebraic Programming 64, 253–284 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Zhou, J., Gollman, D.: A fair non-repudiation protocol. In: S&P 1996, pp. 55–61. IEEE (1996)Google Scholar
  22. 22.
    Wei, K., Heather, J.: Towards Verification of Timed Non-repudiation Protocols. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 244–257. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Wei, K., Heather, J.: A Theorem-Proving Approach to Verification of Fair Non-repudiation Protocols. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 202–219. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Sun, J., Liu, Y., Dong, J.S., Pang, J.: PAT: Towards Flexible Verification under Fairness. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 709–714. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • David M. Williams
    • 1
  • Joeri de Ruiter
    • 2
  • Wan Fokkink
    • 1
    • 3
  1. 1.Department of Computer ScienceVU University AmsterdamThe Netherlands
  2. 2.Institute for Computing and Information ScienceRadboud University NijmegenThe Netherlands
  3. 3.Faculty of Mechanical EngineeringEindhoven University of TechnologyThe Netherlands

Personalised recommendations