14,122 research outputs found

    Scheduler-specific Confidentiality for Multi-Threaded Programs and Its Logic-Based Verification

    Get PDF
    Observational determinism has been proposed in the literature as a way to ensure confidentiality for multi-threaded programs. Intuitively, a program is observationally deterministic if the behavior of the public variables is deterministic, i.e., independent of the private variables and the scheduling policy. Several formal definitions of observational determinism exist, but all of them have shortcomings; for example they accept insecure programs or they reject too many innocuous programs. Besides, the role of schedulers was ignored in all the proposed definitions. A program that is secure under one kind of scheduler might not be secure when executed with a different scheduler. The existing definitions do not ensure that an accepted program behaves securely under the scheduler that is used to deploy the program. Therefore, this paper proposes a new formalization of scheduler-specific observational determinism. It accepts programs that are secure when executed under a specific scheduler. Moreover, it is less restrictive on harmless programs under a particular scheduling policy. In addition, we discuss how compliance with our definition can be verified, using model checking. We use the idea of self-composition and we rephrase the observational determinism property for a single program CC as a temporal logic formula over the program CC executed in parallel with an independent copy of itself. Thus two states reachable during the execution of CC are combined into a reachable program state of the self-composed program. This allows to compare two program executions in a single temporal logic formula. The actual characterization is done in two steps. First we discuss how stuttering equivalence can be characterized as a temporal logic formula. Observational determinism is then expressed in terms of the stuttering equivalence characterization. This results in a conjunction of an LTL and a CTL formula, that are amenable to model checking

    Verification of Confidentiality of Multi-threaded Programs

    Get PDF
    An introduction of Slalom project: motivation, plans and some result

    Call-by-value non-determinism in a linear logic type discipline

    Get PDF
    We consider the call-by-value lambda-calculus extended with a may-convergent non-deterministic choice and a must-convergent parallel composition. Inspired by recent works on the relational semantics of linear logic and non-idempotent intersection types, we endow this calculus with a type system based on the so-called Girard's second translation of intuitionistic logic into linear logic. We prove that a term is typable if and only if it is converging, and that its typing tree carries enough information to give a bound on the length of its lazy call-by-value reduction. Moreover, when the typing tree is minimal, such a bound becomes the exact length of the reduction

    An Inchoate Universe: James's Probabilistic Underdeterminism

    Get PDF
    In this paper, I challenge the traditional narrative that William James’s arguments against determinism were primarily motivated by his personal struggles with depression. I argue that James presents an alternative argument against determinism that is motivated by his commitment to sound scientific practice. James argues that determinism illegitimately extrapolates from observations of past events to predictions about future events without acknowledging the distinct metaphysical difference between them. This occupation with futurity suggests that James’s true target is better understood as logical determinism rather than causal determinism. This has consequences for James’s proposed alternative, which I call his probabilistic underdeterminism, a conception of the universe that is built on chance, choice, and a local teleology. All of this forms part of a broader criticism of the scientific practices of his day based on their widespread failure to acknowledge the distorting effects of observation on that which is observed

    Deep determinism and the assessment of mechanistic interaction between categorical and continuous variables

    Get PDF
    Our aim is to detect mechanistic interaction between the effects of two causal factors on a binary response, as an aid to identifying situations where the effects are mediated by a common mechanism. We propose a formalization of mechanistic interaction which acknowledges asymmetries of the kind "factor A interferes with factor B, but not viceversa". A class of tests for mechanistic interaction is proposed, which works on discrete or continuous causal variables, in any combination. Conditions under which these tests can be applied under a generic regime of data collection, be it interventional or observational, are discussed in terms of conditional independence assumptions within the framework of Augmented Directed Graphs. The scientific relevance of the method and the practicality of the graphical framework are illustrated with the aid of two studies in coronary artery disease. Our analysis relies on the "deep determinism" assumption that there exists some relevant set V - possibly unobserved - of "context variables", such that the response Y is a deterministic function of the values of V and of the causal factors of interest. Caveats regarding this assumption in real studies are discussed.Comment: 20 pages including the four figures, plus two tables. Submitted to "Biostatistics" on November 24, 201

    A Temporal Logic for Hyperproperties

    Full text link
    Hyperproperties, as introduced by Clarkson and Schneider, characterize the correctness of a computer program as a condition on its set of computation paths. Standard temporal logics can only refer to a single path at a time, and therefore cannot express many hyperproperties of interest, including noninterference and other important properties in security and coding theory. In this paper, we investigate an extension of temporal logic with explicit path variables. We show that the quantification over paths naturally subsumes other extensions of temporal logic with operators for information flow and knowledge. The model checking problem for temporal logic with path quantification is decidable. For alternation depth 1, the complexity is PSPACE in the length of the formula and NLOGSPACE in the size of the system, as for linear-time temporal logic

    How to avoid potential pitfalls in recurrence plot based data analysis

    Full text link
    Recurrence plots and recurrence quantification analysis have become popular in the last two decades. Recurrence based methods have on the one hand a deep foundation in the theory of dynamical systems and are on the other hand powerful tools for the investigation of a variety of problems. The increasing interest encompasses the growing risk of misuse and uncritical application of these methods. Therefore, we point out potential problems and pitfalls related to different aspects of the application of recurrence plots and recurrence quantification analysis

    Fragments of ML Decidable by Nested Data Class Memory Automata

    Full text link
    The call-by-value language RML may be viewed as a canonical restriction of Standard ML to ground-type references, augmented by a "bad variable" construct in the sense of Reynolds. We consider the fragment of (finitary) RML terms of order at most 1 with free variables of order at most 2, and identify two subfragments of this for which we show observational equivalence to be decidable. The first subfragment consists of those terms in which the P-pointers in the game semantic representation are determined by the underlying sequence of moves. The second subfragment consists of terms in which the O-pointers of moves corresponding to free variables in the game semantic representation are determined by the underlying moves. These results are shown using a reduction to a form of automata over data words in which the data values have a tree-structure, reflecting the tree-structure of the threads in the game semantic plays. In addition we show that observational equivalence is undecidable at every third- or higher-order type, every second-order type which takes at least two first-order arguments, and every second-order type (of arity greater than one) that has a first-order argument which is not the final argument

    Process algebra for performance evaluation

    Get PDF
    This paper surveys the theoretical developments in the field of stochastic process algebras, process algebras where action occurrences may be subject to a delay that is determined by a random variable. A huge class of resource-sharing systems – like large-scale computers, client–server architectures, networks – can accurately be described using such stochastic specification formalisms. The main emphasis of this paper is the treatment of operational semantics, notions of equivalence, and (sound and complete) axiomatisations of these equivalences for different types of Markovian process algebras, where delays are governed by exponential distributions. Starting from a simple actionless algebra for describing time-homogeneous continuous-time Markov chains, we consider the integration of actions and random delays both as a single entity (like in known Markovian process algebras like TIPP, PEPA and EMPA) and as separate entities (like in the timed process algebras timed CSP and TCCS). In total we consider four related calculi and investigate their relationship to existing Markovian process algebras. We also briefly indicate how one can profit from the separation of time and actions when incorporating more general, non-Markovian distributions
    • …
    corecore