Incremental Hyperproperty Model Checking via Games

  • Dimiter Milushev
  • Dave Clarke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8208)


Hyperproperties were proposed as an abstract formalization of security policies, but unfortunately they lack a generic verification methodology. In an attempt to remedy this, we introduced the notion of incremental hyperproperties (IHPs), motivated by the observation that they have a clearer and more feasible verification methodology. To show that verification is indeed feasible, a decidable IHP verification methodology via games is presented and evaluated. The main advantage of the approach is that the games in combination with winning strategy evidence give valuable intuition about the security of a system and are very helpful when analyzing systems w.r.t. policy specifications.


Model Check Winning Strategy Game Graph Tree View Model Check Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andersen, H.R.: A Polyadic Modal μ-Calculus. Technical Report 1994-145, Technical University of Denmark, DTU (1994)Google Scholar
  2. 2.
    Bradfield, J., Stirling, C.: Modal mu-calculi. In: Handbook of Modal Logic, pp. 721–756. Elsevier (2007)Google Scholar
  3. 3.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. Journal of Computer Security 18, 1157–1210 (2010)Google Scholar
  4. 4.
    Friedmann, O.: An exponential lower bound for the latest deterministic strategy iteration algorithms. Logical Methods in Computer Science 7(3) (2011)Google Scholar
  5. 5.
    Friedmann, O., Lange, M.: Solving parity games in practice. In: Liu, Z., Ravn, A.P. (eds.) ATVA 2009. LNCS, vol. 5799, pp. 182–196. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Friedmann, O., Lange, M.: A Solver for Modal Fixpoint Logics. Electron. Notes Theor. Comput. Sci. 262, 99–111 (2010)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Groote, J.F., Mathijssen, A., Reniers, M., Usenko, Y., van Weerdenburg, M.: The Formal Specification Language mCRL2. In: Brinksma, E., Harel, D., Mader, A., Stevens, P., Wieringa, R. (eds.) Methods for Modelling Software Systems (MMOSS). Dagstuhl Seminar Proceedings, vol. 06351, Dagstuhl, Germany (2007)Google Scholar
  8. 8.
    Jurdziński, M., Paterson, M., Zwick, U.: A deterministic subexponential algorithm for solving parity games. In: Proceedings of ACM-SIAM Symposium on Discrete Algorithms, SODA 2006, pp. 117–123. ACM/SIAM (2006)Google Scholar
  9. 9.
    Kalai, G.: Linear programming, the simplex algorithm and simple polytopes. Mathematical Programming 79, 217–233 (1997)MathSciNetMATHGoogle Scholar
  10. 10.
    Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes, Saarbrücken, Germany (July 2003)Google Scholar
  11. 11.
    Matoušek, J., Sharir, M., Welzl, E.: A subexponential bound for linear programming. In: Proceedings of the Eighth Annual Symposium on Computational Geometry, SCG 1992, pp. 1–8. ACM, New York (1992)CrossRefGoogle Scholar
  12. 12.
    McCullough, D.: Specifications for multi-level security and a hook-up. In: Proceedings of the 1987 IEEE Symposium on Security and Privacy, pp. 161–166. IEEE Computer Society, Los Alamitos (1987)Google Scholar
  13. 13.
    Milushev, D.: Reasoning about Hyperproperties. PhD thesis, KU Leuven, Heverlee, Belgium (June 2013)Google Scholar
  14. 14.
    Milushev, D., Clarke, D.: Coinductive unwinding of security-relevant hyperproperties. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 121–136. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Milushev, D., Clarke, D.: Towards Incrementalization of Holistic Hyperproperties. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 329–348. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Rutten, J.J.M.M.: Automata and Coinduction (An Exercise in Coalgebra). In: Sangiorgi, D., de Simone, R. (eds.) CONCUR 1998. LNCS, vol. 1466, pp. 194–218. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Schewe, S.: An optimal strategy improvement algorithm for solving parity and payoff games. In: Kaminski, M., Martini, S. (eds.) CSL 2008. LNCS, vol. 5213, pp. 369–384. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Stirling, C.: Modal and temporal properties of processes. Springer, New York (2001)CrossRefGoogle Scholar
  19. 19.
    Stevens, P., Stirling, C.: Practical model-checking using games. In: Steffen, B. (ed.) TACAS 1998. LNCS, vol. 1384, pp. 85–101. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Vöge, J., Jurdziński, M.: A Discrete Strategy Improvement Algorithm for Solving Parity Games. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 202–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proceedings of the IEEE Symposium on Security and Privacy, SP 1997, pp. 94–102. IEEE Computer Society, Washington, DC (1997)Google Scholar
  22. 22.
    Zielonka, W.: Infinite games on finitely coloured graphs with applications to automata on infinite trees. Theoretical Computer Science 200(1-2), 135–183 (1998)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Dimiter Milushev
    • 1
  • Dave Clarke
    • 1
  1. 1.iMinds-DistriNetKU LeuvenHeverleeBelgium

Personalised recommendations