13 research outputs found
Trust economics feasibility study
We believe that enterprises and other organisations currently lack sophisticated methods and tools to determine if and how IT changes should be introduced in an organisation, such that objective, measurable goals are met. This is especially true when dealing with security-related IT decisions. We report on a feasibility study, Trust Economics, conducted to demonstrate that such methodology can be developed. Assuming a deep understanding of the IT involved, the main components of our trust economics approach are: (i) assess the economic or financial impact of IT security solutions; (ii) determine how humans interact with or respond to IT security solutions; (iii) based on above, use probabilistic and stochastic modelling tools to analyse the consequences of IT security decisions. In the feasibility study we apply the trust economics methodology to address how enterprises should protect themselves against accidental or malicious misuse of USB memory sticks, an acute problem in many industries
Reasoning about explicit resource management
We investigate the behaviour and efficiency of concurrent processes with explicit resource management.
Our study is based on a Ï-calculus variant called RÏ [4] where the only resources available are channels,
which must be explicitly allocated before they can be used and can be deallocated when no longer
required. A substructural type system guarantees the safe allocation and deallocation of channels, as well
as safe channel reuse through strong updates. In this paper we use this type system to give compositional
proof techniques for reasoning about the behaviour and efficiency of RÏ processes.peer-reviewe
Non-normal modalities in variants of Linear Logic
This article presents modal versions of resource-conscious logics. We
concentrate on extensions of variants of Linear Logic with one minimal
non-normal modality. In earlier work, where we investigated agency in
multi-agent systems, we have shown that the results scale up to logics with
multiple non-minimal modalities. Here, we start with the language of
propositional intuitionistic Linear Logic without the additive disjunction, to
which we add a modality. We provide an interpretation of this language on a
class of Kripke resource models extended with a neighbourhood function: modal
Kripke resource models. We propose a Hilbert-style axiomatization and a
Gentzen-style sequent calculus. We show that the proof theories are sound and
complete with respect to the class of modal Kripke resource models. We show
that the sequent calculus admits cut elimination and that proof-search is in
PSPACE. We then show how to extend the results when non-commutative connectives
are added to the language. Finally, we put the logical framework to use by
instantiating it as logics of agency. In particular, we propose a logic to
reason about the resource-sensitive use of artefacts and illustrate it with a
variety of examples
Compositional Reasoning for Explicit Resource Management in Channel-Based Concurrency
We define a pi-calculus variant with a costed semantics where channels are
treated as resources that must explicitly be allocated before they are used and
can be deallocated when no longer required. We use a substructural type system
tracking permission transfer to construct coinductive proof techniques for
comparing behaviour and resource usage efficiency of concurrent processes. We
establish full abstraction results between our coinductive definitions and a
contextual behavioural preorder describing a notion of process efficiency
w.r.t. its management of resources. We also justify these definitions and
respective proof techniques through numerous examples and a case study
comparing two concurrent implementations of an extensible buffer.Comment: 51 pages, 7 figure
Transferring Obligations Through Synchronizations
One common approach for verifying safety properties of multithreaded programs is assigning appropriate permissions, such as ownership of a heap location, and obligations, such as an obligation to send a message on a channel, to each thread and making sure that each thread only performs the actions for which it has permissions and it also fulfills all of its obligations before it terminates. Although permissions can be transferred through synchronizations from a sender thread, where for example a message is sent or a condition variable is notified, to a receiver thread, where that message or that notification is received, in existing approaches obligations can only be transferred when a thread is forked. In this paper we introduce two mechanisms, one for channels and the other for condition variables, that allow obligations, along with permissions, to be transferred from the sender to the receiver, while ensuring that there is no state where the transferred obligations are lost, i.e. where they are discharged from the sender thread but not loaded onto the receiver thread yet. We show how these mechanisms can be used to modularly verify deadlock-freedom of a number of interesting programs, such as some variations of client-server programs, fair readers-writers locks, and dining philosophers, which cannot be modularly verified without such transfer. We also encoded the proposed separation logic-based proof rules in the VeriFast program verifier and succeeded in verifying the mentioned programs
Resource semantics: logic as a modelling technology
The Logic of Bunched Implications (BI) was introduced by O'Hearn and Pym. The original presentation of BI emphasised its role as a system for formal logic (broadly in the tradition of relevant logic) that has some interesting properties, combining a clean proof theory, including a categorical interpretation, with a simple truth-functional semantics. BI quickly found significant applications in program verification and program analysis, chiefly through a specific theory of BI that is commonly known as 'Separation Logic'. We survey the state of work in bunched logics - which, by now, is a quite large family of systems, including modal and epistemic logics and logics for layered graphs - in such a way as to organize the ideas into a coherent (semantic) picture with a strong interpretation in terms of resources. One such picture can be seen as deriving from an interpretation of BI's semantics in terms of resources, and this view provides a basis for a systematic interpretation of the family of bunched logics, including modal, epistemic, layered graph, and process-theoretic variants, in terms of resources. We explain the basic ideas of resource semantics, including comparisons with Linear Logic and ideas from economics and physics. We include discussions of BI's λ-calculus, of Separation Logic, and of an approach to distributed systems modelling based on resource semantics
The Huawei and Snowden Questions
This open access book answers two central questions: firstly, is it at all possible to verify electronic equipment procured from untrusted vendors? Secondly, can I build trust into my products in such a way that I support verification by untrusting customers? In separate chapters the book takes readers through the state of the art in fields of computer science that can shed light on these questions. In a concluding chapter it discusses realistic ways forward. In discussions on cyber security, there is a tacit assumption that the manufacturer of equipment will collaborate with the user of the equipment to stop third-party wrongdoers. The Snowden files and recent deliberations on the use of Chinese equipment in the critical infrastructures of western countries have changed this. The discourse in both cases revolves around what malevolent manufacturers can do to harm their own customers, and the importance of the matter is on par with questions of national security. This book is of great interest to ICT and security professionals who need a clear understanding of the two questions posed in the subtitle, and to decision-makers in industry, national bodies and nation states
Exploring the relation between intuitionistic bi and boolean bi: An unexpected embedding
International audienceThe logic of Bunched Implications, through its intuitionistic version (BI) as well as one of its classical versions called Boolean BI (BBI), serves as a logical basis to spatial or separation logic frameworks. In BI, the logical implication is interpreted intuitionistically whereas it is generally interpreted classically in spatial or separation logics like in BBI. In this paper, we aim at giving some new insights w.r.t. the semantic relations between BI and BBI. Then we propose a sound and complete syntactic constraints based framework for Kripke semantics of both BI and BBI, a sound labelled tableau proof system for BBI, and a representation theorem relating the syntactic models of BI to those of BBI. Finally we deduce, as main and unexpected result, a sound and faithful embedding of BI into BBI
On bisimulation and model-checking for concurrent systems with partial order semantics
EP/G012962/1In concurrency theoryâthe branch of (theoretical) computer science that studies the logical
and mathematical foundations of parallel computationâthere are two main formal ways of
modelling the behaviour of systems where multiple actions or events can happen independently
and at the same time: either with interleaving or with partial order semantics.
On the one hand, the interleaving semantics approach proposes to reduce concurrency to the
nondeterministic, sequential computation of the events the system can perform independently.
On the other hand, partial order semantics represent concurrency explicitly by means of an
independence relation on the set of events that the system can execute in parallel; following
this approach, the so-called âtrue concurrencyâ approach, independence or concurrency is a
primitive notion rather than a derived concept as in the interleaving framework.
Using interleaving or partial order semantics is, however, more than a matter of taste. In
fact, choosing one kind of semantics over the other can have important implicationsâboth
from theoretical and practical viewpointsâas making such a choice can raise different issues,
some of which we investigate here. More specifically, this thesis studies concurrent systems
with partial order semantics and focuses on their bisimulation and model-checking problems;
the theories and techniques herein apply, in a uniform way, to different classes of Petri nets,
event structures, and transition system with independence (TSI) models.
Some results of this work are: a number of mu-calculi (in this case, fixpoint extensions of
modal logic) that, in certain classes of systems, induce exactly the same identifications as some
of the standard bisimulation equivalences used in concurrency. Secondly, the introduction of
(infinite) higher-order logic games for bisimulation and for model-checking, where the players
of the games are given (local) monadic second-order power on the sets of elements they are
allowed to play. And, finally, the formalization of a new order-theoretic concurrent game
model that provides a uniform approach to bisimulation and model-checking and bridges some
mathematical concepts in order theory with the more operational world of games.
In particular, we show that in all cases the logic games for bisimulation and model-checking
developed in this thesis are sound and complete, and therefore, also determinedâeven when
considering models of infinite state systems; moreover, these logic games are decidable in the
finite case and underpin novel decision procedures for systems verification.
Since the mu-calculi and (infinite) logic games studied here generalise well-known fixpoint
modal logics as well as game-theoretic decision procedures for analysing concurrent systems
with interleaving semantics, this thesis provides some of the groundwork for the design of a
logic-based, game-theoretic framework for studying, in a uniform manner, several concurrent
systems regardless of whether they have an interleaving or a partial order semantics
Continuous-time temporal logic specification and verification for nonlinear biological systems in uncertain contexts
In this thesis we introduce a complete framework for modelling and verification of biological systems in uncertain contexts based on the bond-calculus process algebra and
the LBUC spatio-temporal logic. The bond-calculus is a biological process algebra which
captures complex patterns of interaction based on affinity patterns, a novel communication
mechanism using pattern matching to express multiway interaction affinities and general
kinetic laws, whilst retaining an agent-centric modelling style for biomolecular species.
The bond-calculus is equipped with a novel continuous semantics which maps models to
systems of Ordinary Differential Equations (ODEs) in a compositional way.
We then extend the bond-calculus to handle uncertain models, featuring interval uncertainties in their species concentrations and reaction rate parameters. Our semantics is also
extended to handle uncertainty in every aspect of a model, producing non-deterministic
continuous systems whose behaviour depends either on time-independent uncertain parameters and initial conditions, corresponding to our partial knowledge of the system at
hand, or time-varying uncertain inputs, corresponding to genuine variability in a systemâs
behaviour based on environmental factors.
This language is then coupled with the LBUC spatio-temporal logic which combines
Signal Temporal Logic (STL) temporal operators with an uncertain context operator
which quantifies over an uncertain context model describing the range of environments
over which a property must hold. We develop model-checking procedures for STL and
LBUC properties based on verified signal monitoring over flowpipes produced by the
Flow* verified integrator, including the technique of masking which directs monitoring for
atomic propositions to time regions relevant to the overall verification problem at hand.
This allows us to monitor many interesting nested contextual properties and frequently
reduces monitoring costs by an order of magnitude. Finally, we explore the technique
of contextual signal monitoring which can use a single Flow* flowpipe representing a
functional dependency to complete a whole tree of signals corresponding to different
uncertain contexts. This allows us to produce refined monitoring results over the whole
space and to explore the variation in system behaviour in different contexts