Franco Raimondi
Middlesex University, Engineering and Information Sciences, Faculty Member
- I am a Senior Lecturer in the School of Engineering and Information Sciences at Middlesex University. My research int... moreI am a Senior Lecturer in the School of Engineering and Information Sciences at Middlesex University. My research interests include:
* Model Checking for extensions of temporal logics.
* Multi-agent systems.
* Modal logics.
* Formal methods.edit
We consider security threats in software installation processes, posed by transitively trusted dependencies between packages from distinct repositories. To analyse them, we present SecureNDC, a Coq implemented calculus using an explicit... more
We consider security threats in software installation
processes, posed by transitively trusted dependencies between
packages from distinct repositories. To analyse them, we present SecureNDC, a Coq implemented calculus using an explicit trust function to bridge repository access and software package installation rights. Thereby, we resolve a version of the minimum install problem under trust conditions on repositories.
processes, posed by transitively trusted dependencies between
packages from distinct repositories. To analyse them, we present SecureNDC, a Coq implemented calculus using an explicit trust function to bridge repository access and software package installation rights. Thereby, we resolve a version of the minimum install problem under trust conditions on repositories.
Research Interests:
Modelling, reasoning and verifying complex situations involving a system of agents is crucial in all phases of the development of a number of safety-critical systems. In particular, it is of fundamental importance to have tools and... more
Modelling, reasoning and verifying complex situations involving a system of agents is crucial in all phases of the development of a number of safety-critical systems. In particular, it is of fundamental importance to have tools and techniques to reason about the doxastic and epistemic states of agents, to make sure that the agents behave as intended. In this paper we introduce a computationally grounded logic called COGWED and we present two types of semantics that support a range of practical situations. We provide model checking algorithms, complexity characterisations and a prototype implementation. We validate our proposal against a case study from the avionic domain: we assess and verify the situational awareness of pilots flying an aircraft with several automated components in off-nominal conditions.
Research Interests:
Research Interests:
Software evolution and its laws are essential for antifragile system design and development. In this paper we model early-stage perfective and corrective changes to software system architecture in terms of logical operations of expansion... more
Software evolution and its laws are essential for antifragile system design and development. In this paper we model early-stage perfective and corrective changes to software system architecture in terms of logical operations of expansion and safe contraction on a theory. As a result, we formulate an inference-based notion of property specification resilience for computational systems, intended as resistance to change. The individuated resilient core of a software system is used to characterize adaptability properties.
Research Interests:
The development of Cyber-Physical Systems needs to address the heterogeneity of several components that interact to build a single application. In this paper we present a model to enable easy integration and interaction of... more
The development of Cyber-Physical Systems needs
to address the heterogeneity of several components that interact
to build a single application. In this paper we present a model
to enable easy integration and interaction of micro-controllers.
Specifically, we describe the Arduino Service Interface Protocol
(ASIP), we provide an implementation and client libraries for
Java, Racket and Erlang, together with the description of a
practical example.
to address the heterogeneity of several components that interact
to build a single application. In this paper we present a model
to enable easy integration and interaction of micro-controllers.
Specifically, we describe the Arduino Service Interface Protocol
(ASIP), we provide an implementation and client libraries for
Java, Racket and Erlang, together with the description of a
practical example.
Research Interests:
Research Interests:
In this paper we present a unified framework to model and verify degrees of belief in a system of agents. In particu- lar, we describe an extension of the temporal-epistemic logic CTLK and we introduce a semantics based on interpreted... more
In this paper we present a unified framework to model and
verify degrees of belief in a system of agents. In particu-
lar, we describe an extension of the temporal-epistemic logic
CTLK and we introduce a semantics based on interpreted
systems for this extension. In this way, degrees of beliefs
do not need to be provided externally, but can be derived
automatically from the possible executions of the system,
thereby providing a computationally grounded formalism.
We leverage the semantics to (a) construct a model check-
ing algorithm, (b) investigate its complexity, (c) provide a
Java implementation of the model checking algorithm, and
(d) evaluate our approach using the standard benchmark of
the dining cryptographers. Finally, we provide a detailed
case study: using our framework and our implementation,
we assess and verify the situational awareness of the pilot
of Air France 447 flying in off-nominal conditions.
verify degrees of belief in a system of agents. In particu-
lar, we describe an extension of the temporal-epistemic logic
CTLK and we introduce a semantics based on interpreted
systems for this extension. In this way, degrees of beliefs
do not need to be provided externally, but can be derived
automatically from the possible executions of the system,
thereby providing a computationally grounded formalism.
We leverage the semantics to (a) construct a model check-
ing algorithm, (b) investigate its complexity, (c) provide a
Java implementation of the model checking algorithm, and
(d) evaluate our approach using the standard benchmark of
the dining cryptographers. Finally, we provide a detailed
case study: using our framework and our implementation,
we assess and verify the situational awareness of the pilot
of Air France 447 flying in off-nominal conditions.
Research Interests:
Abstract. Multi-agent systems are often taken as a paradigm in the specification of complex systems because of their ability to abstract away from implementation details. Different kinds of modal logics have been used to model agents'... more
Abstract. Multi-agent systems are often taken as a paradigm in the specification of complex systems because of their ability to abstract away from implementation details. Different kinds of modal logics have been used to model agents' knowledge/beliefs/desires and their evolution with time. In this paper we investigate how model checking techniques can be applied to some problems of verification in multi-agent systems.
Abstract. In the past two decades the Model-View-Controller pattern has been employed successfully in the development of software systems. In this paper we argue that this model may be improved to support the development of applications... more
Abstract. In the past two decades the Model-View-Controller pattern has been employed successfully in the development of software systems. In this paper we argue that this model may be improved to support the development of applications running on multiple devices, possibly not always connected.
Abstract The testing of the performance of opportunistic communication protocols and applications is usually done through simulation as i) deployments are expensive and should be left to the final stage of the development process, and ii)... more
Abstract The testing of the performance of opportunistic communication protocols and applications is usually done through simulation as i) deployments are expensive and should be left to the final stage of the development process, and ii) the number of varying parameters in thesesystems is so high that it would be very hard to conduct thorough testing of all the functionality within a single deployment.
We present a methodology for the verification of multi-agent systems, whose properties are specified by means of a modal logic that includes a temporal, an epistemic, and a modal operator to reason about correct behaviour of agents. The... more
We present a methodology for the verification of multi-agent systems, whose properties are specified by means of a modal logic that includes a temporal, an epistemic, and a modal operator to reason about correct behaviour of agents. The verification technique relies on model checking via ordered binary decision diagrams. We present an implementation and report on experimental results for two scenarios: the bit transmission problem with faults and the protocol of the dining cryptographers.
Abstract A multi-agent system (MAS) is usually understood as a system composed of interacting autonomous agents. In this sense, MAS have been employed successfully as a modelling paradigm in a number of scenarios, especially in Computer... more
Abstract A multi-agent system (MAS) is usually understood as a system composed of interacting autonomous agents. In this sense, MAS have been employed successfully as a modelling paradigm in a number of scenarios, especially in Computer Science. However, the process of modelling complex and heterogeneous systems is intrinsically prone to errors: for this reason, computer scientists are typically concerned with the issue of verifying that a system actually behaves as it is supposed to, especially when a system is complex.
This paper presents mcmas, a model checker for Multi-Agent Systems (MAS). Differently from traditional model checkers, mcmas permits the automatic verification of specifications that use epistemic, correctness, and cooperation modalities,... more
This paper presents mcmas, a model checker for Multi-Agent Systems (MAS). Differently from traditional model checkers, mcmas permits the automatic verification of specifications that use epistemic, correctness, and cooperation modalities, in addition to the standard temporal modalities.
Abstract If an organization depends on the service quality provided by another organization it often enters into a bilateral service level agreement (SLA), which mitigates outsourcing risks by associating penalty payments with poor... more
Abstract If an organization depends on the service quality provided by another organization it often enters into a bilateral service level agreement (SLA), which mitigates outsourcing risks by associating penalty payments with poor service quality. Once these agreements are entered into, it becomes necessary to monitor their conditions, which will commonly relate to timeliness, reliability and request throughput, at run-time. We show how these conditions can be translated into timed automata.
While temporal logic in its various forms has proven essential to reason about reactive systems, agent-based scenarios are typically specified by considering high-level agents attitudes. In particular, specification languages based on... more
While temporal logic in its various forms has proven essential to reason about reactive systems, agent-based scenarios are typically specified by considering high-level agents attitudes. In particular, specification languages based on epistemic logic [7], or logics for knowledge, have proven useful in a variety of areas including robotics, security protocols, web-services, etc.
Abstract We investigate the problem of the verification of epistemic properties of multiagent systems via model checking. Specifically, we extend and adapt methods based on ordered binary decision diagrams, a mainstream verification... more
Abstract We investigate the problem of the verification of epistemic properties of multiagent systems via model checking. Specifically, we extend and adapt methods based on ordered binary decision diagrams, a mainstream verification technique in reactive systems. We provide an algorithm, and present a software package that implements it. We discuss the software and benchmark it by means of a standard example in the literature, the dining cryptographers.
Abstract Opportunistic networking protocols have recently started to emerge in different contexts, ranging from vehicular communications and remote populations connectivity to wildlife monitoring. These protocols are mainly based on the... more
Abstract Opportunistic networking protocols have recently started to emerge in different contexts, ranging from vehicular communications and remote populations connectivity to wildlife monitoring. These protocols are mainly based on the ability to exploit asynchronous communication among hosts who can act as carriers for the messages which are first stored and transported, and then delivered when the destination is reached. At the heart of these protocols is the concept of hosts colocation and connectivity patterns.
Reasoning about agents and modalities such as knowledge and belief leads to models where different relations over states co-exist, or equivalently, where information (labels, actions) is associated to state transitions. This paper... more
Reasoning about agents and modalities such as knowledge and belief leads to models where different relations over states co-exist, or equivalently, where information (labels, actions) is associated to state transitions. This paper discusses how to augment classical CTL symbolic model-checking to support logics with actions such as A-CTL (action-CTL), and how this can be implemented using BDDs in tools such as the SMV/NuSMV package.
We present a compiler that translates a multi-agent systems specification given in the formalism of Interpreted Systems into an SMV program. We show how an SMV model checker can be coupled with a Kripke model editor (Akka) to allow for... more
We present a compiler that translates a multi-agent systems specification given in the formalism of Interpreted Systems into an SMV program. We show how an SMV model checker can be coupled with a Kripke model editor (Akka) to allow for the mechanical verification of epistemic properties of multi-agent systems. We apply this methodology to the verification of a communication protocol—the dining cryptographers.
We analyse different versions of the Dining Cryptographers protocol by means of automatic verification via model checking. Specifically we model the protocol in terms of a network of communicating automata and verify that the protocol... more
We analyse different versions of the Dining Cryptographers protocol by means of automatic verification via model checking. Specifically we model the protocol in terms of a network of communicating automata and verify that the protocol meets the anonymity requirements specified. Two different model checking techniques (ordered binary decision diagrams and SAT-based bounded model checking) are evaluated and compared to verify the protocols.
Abstract We show that the problem of model checking multidimensional modal logics can be reduced to the problem of model checking ARCTL, an extension of the temporal logic CTL with action labels and operators to reason about actions. In... more
Abstract We show that the problem of model checking multidimensional modal logics can be reduced to the problem of model checking ARCTL, an extension of the temporal logic CTL with action labels and operators to reason about actions. In particular, we introduce a methodology for model checking a temporal-epistemic logic by building upon an extension of the model checker NuSMV that enables the verification of ARCTL.
Abstract Web services are increasingly used in complex settings, and it is therefore desirable to have methodologies and tools to verify at run-time the conformance of the services to their specifications.
Abstract The potential of communication networks and middleware to enable the composition of services across organizational boundaries remains incompletely realized. In this paper, we argue that this is in part due to outsourcing risks... more
Abstract The potential of communication networks and middleware to enable the composition of services across organizational boundaries remains incompletely realized. In this paper, we argue that this is in part due to outsourcing risks and describe the possible contribution of Service-Level Agreements (SLAs) to mitigating these risks. For SLAs to be effective, it should be difficult to disregard their original provisions in the event of a dispute between the parties.
Abstract The aim of requirements-based testing is to generate test cases from a set of requirements for a given system or piece of software. In this paper we propose a formal semantics for the generation of test cases from requirements by... more
Abstract The aim of requirements-based testing is to generate test cases from a set of requirements for a given system or piece of software. In this paper we propose a formal semantics for the generation of test cases from requirements by revising and extending the results presented in previous works (eg:[21, 20, 13]).
Abstract The introduction of mobile clients and context-aware behaviors into Web Service compositions may generate faults and inconsistencies. We introduce an extension of a composition model where context-awareness is made explicit and a... more
Abstract The introduction of mobile clients and context-aware behaviors into Web Service compositions may generate faults and inconsistencies. We introduce an extension of a composition model where context-awareness is made explicit and a number of correctness properties are verifiable. In particular, our extended model enables the verification of properties commonly used to validate context dependent applications. We also propose a set of algorithms to verify these properties efficiently.
Multi-agent systems (MAS) are a successful paradigm employed in the formalisation of many scenarios [30, 31], including communication protocols, security protocols, autonomous planning, etc. In many instances, MAS are modelled by means of... more
Multi-agent systems (MAS) are a successful paradigm employed in the formalisation of many scenarios [30, 31], including communication protocols, security protocols, autonomous planning, etc. In many instances, MAS are modelled by means of multi-modal logics with modal operators to reason about temporal, epistemic, doxastic, and other properties of agents. As MAS being modelled grow larger, however, automatic techniques are crucially required for the formal verification of MAS specification.
We present an algorithm for model checking temporal-epistemic properties of multi-agent systems, expressed in the formalism of interpreted systems. We first introduce a technique for the translation of interpreted systems into boolean... more
We present an algorithm for model checking temporal-epistemic properties of multi-agent systems, expressed in the formalism of interpreted systems. We first introduce a technique for the translation of interpreted systems into boolean formulae, and then present a model-checking algorithm based on this translation. The algorithm is based on obdd's, as they offer a compact and efficient representation for boolean formulae.
Many problems can be modeled as the search for a subgraph SA with specifi c properties, given a graph G=(V; A). There are applications in which it is desirable to ensure also S to be anonymous. In this work we formalize an anonymity... more
Many problems can be modeled as the search for a subgraph SA with specifi c properties, given a graph G=(V; A). There are applications in which it is desirable to ensure also S to be anonymous. In this work we formalize an anonymity property for a generic family of subgraphs and the corresponding decision problem. We devise an algorithm to solve a particular case of the problem and we show that, under certain conditions, its computational complexity is polynomial.
We present an algorithm and its implementation for the verification of correct behaviour and epistemic states in multiagent systems. The verification is performed via model checking techniques based on obdd's. We test our implementation... more
We present an algorithm and its implementation for the verification of correct behaviour and epistemic states in multiagent systems. The verification is performed via model checking techniques based on obdd's. We test our implementation by means of a communication example: the bit transmission problem with faults.
This paper presents complexity results for model checking formulae of CTLK (a logic to reason about time and knowledge in multi-agent systems) in concurrent programs. We apply these results to evaluate the complexity of verifying programs... more
This paper presents complexity results for model checking formulae of CTLK (a logic to reason about time and knowledge in multi-agent systems) in concurrent programs. We apply these results to evaluate the complexity of verifying programs of two model checkers for multi-agent systems: mcmas and Verics.
Abstract This paper presents a practical application of model checking for multi-agent systems to the automatic verification of diagnosability. First, a characterisation of diagnosability in terms of epistemic properties of agents is... more
Abstract This paper presents a practical application of model checking for multi-agent systems to the automatic verification of diagnosability. First, a characterisation of diagnosability in terms of epistemic properties of agents is given; then, experimental results are presented for preliminary investigations in the automatic verification of diagnosability of Livingstone models.
Abstract Context-aware and adaptive applications running on mobile devices pose new challenges for the verification community. Current verification techniques are tailored for different domains (mostly hardware) and the kind of faults... more
Abstract Context-aware and adaptive applications running on mobile devices pose new challenges for the verification community. Current verification techniques are tailored for different domains (mostly hardware) and the kind of faults that are typical of applications running on mobile devices are difficult (or impossible) to encode using the patterns of ldquotraditionalrdquo verification domains.
Recommender systems exploit a set of established user preferences to predict topics or products that a new user might like [2]. Recommender systems have become an important research area in the field of information retrieval. Many... more
Recommender systems exploit a set of established user preferences to predict topics or products that a new user might like [2]. Recommender systems have become an important research area in the field of information retrieval. Many approaches have been developed in recent years and the interest is very high.
Abstract: The purpose of this paper is to present PROTEUS, a new language and, more in general, an approach for the construction of reconfiguration plans to support adaptation in systems belonging to different domains. The approach allows... more
Abstract: The purpose of this paper is to present PROTEUS, a new language and, more in general, an approach for the construction of reconfiguration plans to support adaptation in systems belonging to different domains. The approach allows the management of runtime adaptation, preventing that running shared services are terminated and taken off-line while being reconfigured, causing inefficiency and disruptions.
Abstract We present an OBDD-based methodology for verifying time, knowledge, and strategies in multi-agent systems specified by the formalism of interpreted systems. To this end, we investigate the interpretation of ATL and epistemic... more
Abstract We present an OBDD-based methodology for verifying time, knowledge, and strategies in multi-agent systems specified by the formalism of interpreted systems. To this end, we investigate the interpretation of ATL and epistemic formulae in various classes of interpreted systems, we present model checking algorithms and their implementation, and report experimental results.
Abstract This paper reviews a number of methodologies used in the development and verification of systems, with two aims:(i) provide a possible teaching path, and (ii) provide a starting point for teachers, PhD students, and researchers,... more
Abstract This paper reviews a number of methodologies used in the development and verification of systems, with two aims:(i) provide a possible teaching path, and (ii) provide a starting point for teachers, PhD students, and researchers, to select the most appropriate method for a given purpose. Additionally, the paper aims at stimulating the discussion about this topic by providing an open wiki. Keywords: Teaching formal methods; Classification of formal methods
Abstract—Anti-plagiarism tools are currently used in a large number of institutions to perform an initial assessment of students' essays, enabling an automated approach to the identification of plagiarised work. This paper presents... more
Abstract—Anti-plagiarism tools are currently used in a large number of institutions to perform an initial assessment of students' essays, enabling an automated approach to the identification of plagiarised work. This paper presents evidence that students are moving from “copy and paste” plagiarism, which can be detected by anti-plagiarism software, to more complex forms of plagiarism using a variety of techniques.
Abstract We present an OBDD-based methodology for verifying multi-agent systems specified by the logic ATL. We present an implementation, discuss traditional multi-agent systems examples, and report experimental results by comparing the... more
Abstract We present an OBDD-based methodology for verifying multi-agent systems specified by the logic ATL. We present an implementation, discuss traditional multi-agent systems examples, and report experimental results by comparing the implementation to MOCHA, a state-of-the-art model checker for ATL.
We present a methodology and a tool for the problem of testing and verifying that a PDDL planning domain satisfies a set of requirements, a need that arises for instance in space missions. We first review and analyse coverage conditions... more
We present a methodology and a tool for the problem of testing and verifying that a PDDL planning domain satisfies a set of requirements, a need that arises for instance in space missions. We first review and analyse coverage conditions for requirement-based testing, and present how test cases can be derived automatically from requirements. Additionally, we show how test cases can be translated into additional planning goals.
Consider a digraph where the vertices represent people and an arc (i, j) represents the possibility of i giving a gift to j. The basic question we pose is whether there is an anonymity-preserving “gift assignment” such that each person... more
Consider a digraph where the vertices represent people and an arc (i, j) represents the possibility of i giving a gift to j. The basic question we pose is whether there is an anonymity-preserving “gift assignment” such that each person makes and receives exactly one gift, and such that no person i can infer the remaining gift assignments from the fact that i is assigned to give a gift to j.
We address the problem of verifying planning domains as used in model-based planning, for example in space missions. We propose a methodology for testing flight rules of planning domains which is self-contained, in the sense that flight... more
We address the problem of verifying planning domains as used in model-based planning, for example in space missions. We propose a methodology for testing flight rules of planning domains which is self-contained, in the sense that flight rules are verified using a planner and no external tools are required. We review and analyse coverage conditions for requirements-based testing, and we reason in detail on" Unique First Cause"(UFC) coverage for test suites.
Abstract. We present an algorithm for the verification of multiagent systems specified by means of a modal logic that includes a temporal, an epistemic, and a deontic operator. Verification is performed by model checking on OBDD's. We... more
Abstract. We present an algorithm for the verification of multiagent systems specified by means of a modal logic that includes a temporal, an epistemic, and a deontic operator. Verification is performed by model checking on OBDD's. We present an implementation of the algorithm and report on experimental results for the bit transmission problem with faults.