Propositional Dynamic Logic for Hyperproperties

TL;DR

This paper introduces HyperPDL-Delta, a new logic for expressing hyperproperties like non-interference and linearizability, with automata-theoretic model checking that is computationally comparable to existing logics.

Contribution

It extends hyperproperty logics by incorporating propositional dynamic logic, enabling expression of more complex properties with efficient model checking.

Findings

HyperPDL-Delta can express arbitrary omega-regular hyperproperties.

Model checking HyperPDL-Delta is asymptotically as efficient as HyperCTL*.

Fragments of HyperPDL-Delta have decidable satisfiability.

Abstract

Information security properties of reactive systems like non-interference often require relating different executions of the system to each other and following them simultaneously. Such hyperproperties can also be useful in other contexts, e.g., when analysing properties of distributed systems like linearizability. Since common logics like LTL, CTL, or the modal mu-calculus cannot express hyperproperties, the hyperlogics HyperLTL and HyperCTL* were developed to cure this defect. However, these logics are not able to express arbitrary omega-regular properties. In this paper, we introduce HyperPDL-Delta, an adaptation of the Propositional Dynamic Logic of Fischer and Ladner for hyperproperties, in order to remove this limitation. Using an elegant automata-theoretic framework, we show that HyperPDL-Delta model checking is asymptotically not more expensive than HyperCTL* model checking, despite its vastly increased expressive power. We further investigate fragments of HyperPDL-Delta with regard to satisfiability checking.