EAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties

  • Bernd Finkbeiner
  • Christopher HahnEmail author
  • Marvin Stenger
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10427)


We introduce EAHyper, the first tool for the automatic checking of satisfiability, implication, and equivalence of hyperproperties. Hyperproperties are system properties that relate multiple computation traces. A typical example is an information flow policy that compares the observations made by an external observer on execution traces that result from different values of a secret variable. EAHyper analyzes hyperproperties that are specified in HyperLTL, a recently introduced extension of linear-time temporal logic (LTL). HyperLTL uses trace variables and trace quantifiers to refer to multiple execution traces simultaneously. Applications of EAHyper include the automatic detection of specifications that are inconsistent or vacuously true, as well as the comparison of multiple formalizations of the same policy, such as different notions of observational determinism.


  1. 1.
    Bonakdarpour, B., Finkbeiner, B.: Runtime verification for HyperLTL. In: Falcone, Y., Sánchez, C. (eds.) RV 2016. LNCS, vol. 10012, pp. 41–45. Springer, Cham (2016)CrossRefGoogle Scholar
  2. 2.
    Clark, D., Hunt, S., Malacaria, P.: Quantified interference for a while language. Electron. Notes Theoret. Comput. Sci. 112, 149–166 (2005)CrossRefzbMATHGoogle Scholar
  3. 3.
    Clarkson, M.R., Finkbeiner, B., Koleini, M., Micinski, K.K., Rabe, M.N., Sánchez, C.: Temporal logics for hyperproperties. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 265–284. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54792-8_15 CrossRefGoogle Scholar
  4. 4.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)CrossRefGoogle Scholar
  5. 5.
    Duret-Lutz, A.: Manipulating LTL formulas using spot 1.0. In: Hung, D., Ogawa, M. (eds.) ATVA 2013. LNCS, vol. 8172, pp. 442–445. Springer, Cham (2013). doi: 10.1007/978-3-319-02444-8_31 CrossRefGoogle Scholar
  6. 6.
    Eén, N., Sörensson, N.: An extensible SAT-solver. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, pp. 502–518. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24605-3_37 CrossRefGoogle Scholar
  7. 7.
    Finkbeiner, B., Hahn, C.: Deciding hyperproperties. In: Proceedings of the 27th International Conference on Concurrency Theory, CONCUR 2016, pp. 13:1–13:14 (2016)Google Scholar
  8. 8.
    Finkbeiner, B., Rabe, M.N., Sánchez, C.: Algorithms for model checking HyperLTL and HyperCTL*. In: Kroening, D., Păsăreanu, C. (eds.) Computer Aided Verification. LNCS, vol. 9206, pp. 30–48. Springer, Cham (2015)CrossRefGoogle Scholar
  9. 9.
    Finkbeiner, B., Seidl, H., Müller, C.: Specifying and verifying secrecy in workflows with arbitrarily many agents. In: Artho, C., Legay, A., Peled, D. (eds.) ATVA 2016. LNCS, vol. 9938, pp. 157–173. Springer, Cham (2016). doi: 10.1007/978-3-319-46520-3_11 CrossRefGoogle Scholar
  10. 10.
    Hamming, R.W.: Error detecting and error correcting codes. Bell Labs Tech. J. 29(2), 147–160 (1950)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Li, J., Zhang, L., Pu, G., Vardi, M.Y., He, J.: LTL satisfiability checking revisited. In: 2013 20th International Symposium on Temporal Representation and Reasoning, TIME 2013, pp. 91–98 (2013)Google Scholar
  12. 12.
    McLean, J.: Proving noninterference and functional correctness using traces. J. Comput. Secur. 1(1), 37–58 (1992)CrossRefGoogle Scholar
  13. 13.
    Rabe, M.N.: A Temporal Logic Approach to Information-flow Control. Ph.D. thesis, Saarland University (2016)Google Scholar
  14. 14.
    Roscoe, A.W.: CSP and determinism in security modelling. In: Proceedings of the 1995 IEEE Symposium on Security and Privacy, pp. 114–127 (1995)Google Scholar
  15. 15.
    Schwendimann, S.: A new one-pass tableau calculus for PLTL. In: Swart, H. (ed.) TABLEAUX 1998. LNCS (LNAI), vol. 1397, pp. 277–291. Springer, Heidelberg (1998). doi: 10.1007/3-540-69778-0_28 CrossRefGoogle Scholar
  16. 16.
    Smith, G.: On the foundations of quantitative information flow. In: Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures, FOSSACS 2009, pp. 288–302 (2009)Google Scholar
  17. 17.
    Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: 16th IEEE Computer Security Foundations Workshop CSFW-16 2003, p. 29 (2003)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Bernd Finkbeiner
    • 1
  • Christopher Hahn
    • 1
    Email author
  • Marvin Stenger
    • 1
  1. 1.Saarland Informatics CampusSaarland UniversitySaarbrückenGermany

Personalised recommendations