Hyperproperties are system properties that relate multiple computation paths in a system and are commonly used to, e.g., define information-flow policies. In this paper, we study a novel class of hyperproperties that allow reasoning about strategic abilities in multi-agent systems. We introduce HyperATL*, an extension of computation tree logic with path variables and strategy quantifiers. Our logic supports quantification over paths in a system - as is possible in hyperlogics such as HyperCTL* - but resolves the paths based on the strategic choices of a coalition of agents. This allows us to capture many previously studied (strategic) security notions in a unifying hyperlogic. Moreover, we show that HyperATL* is particularly useful for specifying asynchronous hyperproperties, i.e., hyperproperties where the execution speed on the different computation paths depends on the choices of a scheduler. We show that finite-state model checking of HyperATL* is decidable and present a model checking algorithm based on alternating automata. We establish that our algorithm is asymptotically optimal by proving matching lower bounds. We have implemented a prototype model checker for a fragment of HyperATL* that can check various security properties in small finite-state systems.
翻译:超属性是指涉及系统中多个计算路径的系统属性,通常用于定义信息流策略。本文研究了一种新颖的超属性类别,它可以用于推理多智能体系统中的战略能力。我们引入了HyperATL*,这是一种带有路径变量和策略量词的计算树逻辑扩展。我们的逻辑支持对系统路径进行量化操作,就像超逻辑(如HyperCTL*)一样,但是在策略选择时基于一个代理联盟的战略选择解决这些路径。这允许我们使用统一的超逻辑概括以前研究过的(战略)安全概念。此外,我们证明了HyperATL*特别适用于指定异步超属性,即计算路径上的执行速度取决于调度程序的选择。我们证明了HyperATL*的有限状态模型检测是可判定的,并提出了一种基于交替自动机的模型检测算法。我们通过证明匹配下限,证实了我们的算法渐近最优。我们实现了HyperATL*的一个原型模型检查器,用于在小型有限状态系统中检查各种安全属性。