Skip to Main Content
Continuous time Markov chains (CTMCs) have been used in real-time dependability and security analysis. However, existing approaches assume that the system is fully observable to a system attacker, which is not feasible for current large network systems. In this paper, we present a frame to model and specify the knowledge of attacker with partial observations. Firstly, we combine CTMCs and interpretation system as basic model. Then, a logic is defined to specify the knowledge for agents in the stochastic model. Further, we discuss the properties under different assumption for the model and agent. Finally, we present the model checking algorithms with a particular assumption and apply the frame to model the knowledge of attacker in intrusion-tolerant system.