## Section: New Results

### Semantics of probabilistic systems

One of the goals of Comète is to investigate the foundations of probabilistic calculi, and in particular the probabilistic asynchronous -calculus described in Section 3.1.2 .

#### Bisimulation semantics

In [14] we have studied a process calculus which combines both nondeterministic and probabilistic behavior in the style of Segala and Lynch's probabilistic automata. We have considered various strong and weak behavioral equivalences, and we have provided complete axiomatizations for finite-state processes, restricted to guarded definitions in case of the weak equivalences. We conjecture that in the general case of unguarded recursion the ``natural'' weak equivalences are undecidable.

This has been the first work, to our knowledge, to provide a complete axiomatization for weak equivalences in the presence of recursion and both nondeterministic and probabilistic choice.

#### Metrics

In systems that model quantitative processes, steps are associated with a given quantity, such as the probability that the step will happen or the resources (e.g. time or cost) needed to perform that step. The standard notion of bisimulation can be adapted to these systems by treating the quantities as labels, but this does not provide a robust relation, since quantities are matched only when they are identical. Processes that differ for a very small probability, for instance, would be considered just as different as processes that perform completely different actions. This is particularly relevant to security systems where specifications can be given as perfect, but impractical processes and other, practical processes are considered safe if they only differ from the specification with a negligible probability.

To find a more flexible way to differentiate processes, we have
considered the notion of metric, which is a function that associates a
real number (distance) with a pair of elements. In [22] ,
we have studied metric semantic for a general framework that we call
*Action-labeled Quantitative Transition Systems* (AQTS). This
framework subsumes some other well-known quantitative systems such as
probabilistic automata [87] , reactive and
generative models [90] , and (a simplified
version of) weighted automata
[57] , [71] .

The metric semantics that we have investigated in [22] is based on rather sophisticated techniques. In particular, we needed to resort to the notion of Hutchinson distance.

Still in [22] , we have considered two extended examples which show that our results apply to both probabilistic and weighted automata as special cases of AQTS. In particular, we have shown that the operators of the corresponding process algebras are non-expansive, which is the metric correspondent of the notion of congruence.

#### Probability and guards

In [31] we have
proposed a probabilistic extension of the -calculus whose
main novelty is a probabilistic *mixed
choice* operator, that is, a choice construct
with a probability distribution on the branches, and where
input and output actions can both occur as guards.
We have developed the operational semantics
of this calculus, and we have
investigated its expressiveness.
In particular, we have compared it with the sublanguage with
the two *separate choices* , where input and output guards are
not allowed together in the same
choice construct. Our main result is that the separate choices can encode the
mixed one. Further, we have showed that *input-guarded* choice can encode
*output-guarded* choice and viceversa.

#### Parametric Probabilities

In [15] we have developed a model of Parametric Probabilistic Transition Systems, where probabilities associated with transitions may be parameters. We have showed how to find instances of the parameters that satisfy a given property and instances that either maximize or minimize the probability of reaching a certain state. As an application, we have modeled a probabilistic non–repudiation protocol with a Parametric Probabilistic Transition System. The theory we have developed allows us to find instances that maximize the probability that the protocol ends in a fair state (i.e. no participant has an advantage over the others).