14,122 research outputs found
Scheduler-specific Confidentiality for Multi-Threaded Programs and Its Logic-Based Verification
Observational determinism has been proposed in the literature as a way to ensure confidentiality for multi-threaded programs. Intuitively, a program is observationally deterministic if the behavior of the public variables is deterministic, i.e., independent of the private variables and the scheduling policy. Several formal definitions of observational determinism exist, but all of them have shortcomings; for example they accept insecure programs or they reject too many innocuous programs. Besides, the role of schedulers was ignored in all the proposed definitions. A program that is secure under one kind of scheduler might not be secure when executed with a different scheduler. The existing definitions do not ensure that an accepted program behaves securely under the scheduler that is used to deploy the program. Therefore, this paper proposes a new formalization of scheduler-specific observational determinism. It accepts programs that are secure when executed under a specific scheduler. Moreover, it is less restrictive on harmless programs under a particular scheduling policy. In addition, we discuss how compliance with our definition can be verified, using model checking. We use the idea of self-composition and we rephrase the observational determinism property for a single program as a temporal logic formula over the program executed in parallel with an independent copy of itself. Thus two states reachable during the execution of are combined into a reachable program state of the self-composed program. This allows to compare two program executions in a single temporal logic formula. The actual characterization is done in two steps. First we discuss how stuttering equivalence can be characterized as a temporal logic formula. Observational determinism is then expressed in terms of the stuttering equivalence characterization. This results in a conjunction of an LTL and a CTL formula, that are amenable to model checking
Verification of Confidentiality of Multi-threaded Programs
An introduction of Slalom project: motivation, plans and some result
Call-by-value non-determinism in a linear logic type discipline
We consider the call-by-value lambda-calculus extended with a may-convergent
non-deterministic choice and a must-convergent parallel composition. Inspired
by recent works on the relational semantics of linear logic and non-idempotent
intersection types, we endow this calculus with a type system based on the
so-called Girard's second translation of intuitionistic logic into linear
logic. We prove that a term is typable if and only if it is converging, and
that its typing tree carries enough information to give a bound on the length
of its lazy call-by-value reduction. Moreover, when the typing tree is minimal,
such a bound becomes the exact length of the reduction
An Inchoate Universe: James's Probabilistic Underdeterminism
In this paper, I challenge the traditional narrative that William James’s arguments against determinism were primarily motivated by his personal struggles with depression. I argue that James presents an alternative argument against determinism that is motivated by his commitment to sound scientific practice. James argues that determinism illegitimately extrapolates from observations of past events to predictions about future events without acknowledging the distinct metaphysical difference between them. This occupation with futurity suggests that James’s true target is better understood as logical determinism rather than causal determinism. This has consequences for James’s proposed alternative, which I call his probabilistic underdeterminism, a conception of the universe that is built on chance, choice, and a local teleology. All of this forms part of a broader criticism of the scientific practices of his day based on their widespread failure to acknowledge the distorting effects of observation on that which is observed
Deep determinism and the assessment of mechanistic interaction between categorical and continuous variables
Our aim is to detect mechanistic interaction between the effects of two
causal factors on a binary response, as an aid to identifying situations where
the effects are mediated by a common mechanism. We propose a formalization of
mechanistic interaction which acknowledges asymmetries of the kind "factor A
interferes with factor B, but not viceversa". A class of tests for mechanistic
interaction is proposed, which works on discrete or continuous causal
variables, in any combination. Conditions under which these tests can be
applied under a generic regime of data collection, be it interventional or
observational, are discussed in terms of conditional independence assumptions
within the framework of Augmented Directed Graphs. The scientific relevance of
the method and the practicality of the graphical framework are illustrated with
the aid of two studies in coronary artery disease. Our analysis relies on the
"deep determinism" assumption that there exists some relevant set V - possibly
unobserved - of "context variables", such that the response Y is a
deterministic function of the values of V and of the causal factors of
interest. Caveats regarding this assumption in real studies are discussed.Comment: 20 pages including the four figures, plus two tables. Submitted to
"Biostatistics" on November 24, 201
A Temporal Logic for Hyperproperties
Hyperproperties, as introduced by Clarkson and Schneider, characterize the
correctness of a computer program as a condition on its set of computation
paths. Standard temporal logics can only refer to a single path at a time, and
therefore cannot express many hyperproperties of interest, including
noninterference and other important properties in security and coding theory.
In this paper, we investigate an extension of temporal logic with explicit path
variables. We show that the quantification over paths naturally subsumes other
extensions of temporal logic with operators for information flow and knowledge.
The model checking problem for temporal logic with path quantification is
decidable. For alternation depth 1, the complexity is PSPACE in the length of
the formula and NLOGSPACE in the size of the system, as for linear-time
temporal logic
How to avoid potential pitfalls in recurrence plot based data analysis
Recurrence plots and recurrence quantification analysis have become popular
in the last two decades. Recurrence based methods have on the one hand a deep
foundation in the theory of dynamical systems and are on the other hand
powerful tools for the investigation of a variety of problems. The increasing
interest encompasses the growing risk of misuse and uncritical application of
these methods. Therefore, we point out potential problems and pitfalls related
to different aspects of the application of recurrence plots and recurrence
quantification analysis
Fragments of ML Decidable by Nested Data Class Memory Automata
The call-by-value language RML may be viewed as a canonical restriction of
Standard ML to ground-type references, augmented by a "bad variable" construct
in the sense of Reynolds. We consider the fragment of (finitary) RML terms of
order at most 1 with free variables of order at most 2, and identify two
subfragments of this for which we show observational equivalence to be
decidable. The first subfragment consists of those terms in which the
P-pointers in the game semantic representation are determined by the underlying
sequence of moves. The second subfragment consists of terms in which the
O-pointers of moves corresponding to free variables in the game semantic
representation are determined by the underlying moves. These results are shown
using a reduction to a form of automata over data words in which the data
values have a tree-structure, reflecting the tree-structure of the threads in
the game semantic plays. In addition we show that observational equivalence is
undecidable at every third- or higher-order type, every second-order type which
takes at least two first-order arguments, and every second-order type (of arity
greater than one) that has a first-order argument which is not the final
argument
Process algebra for performance evaluation
This paper surveys the theoretical developments in the field of stochastic process algebras, process algebras where action occurrences may be subject to a delay that is determined by a random variable. A huge class of resource-sharing systems – like large-scale computers, client–server architectures, networks – can accurately be described using such stochastic specification formalisms. The main emphasis of this paper is the treatment of operational semantics, notions of equivalence, and (sound and complete) axiomatisations of these equivalences for different types of Markovian process algebras, where delays are governed by exponential distributions. Starting from a simple actionless algebra for describing time-homogeneous continuous-time Markov chains, we consider the integration of actions and random delays both as a single entity (like in known Markovian process algebras like TIPP, PEPA and EMPA) and as separate entities (like in the timed process algebras timed CSP and TCCS). In total we consider four related calculi and investigate their relationship to existing Markovian process algebras. We also briefly indicate how one can profit from the separation of time and actions when incorporating more general, non-Markovian distributions
- …