Combining behavioural types with security analysis

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties

Dynamic Congruence vs. Progressing Bisimulation for CCS

Weak Observational Congruence (woc) defined on CCS agents is not a bisimulation since it does not require two states reached by bisimilar computations of woc agents to be still woc, e.g. \alpha.\tau.\beta.nil and \alpha.\beta.nil are woc but \tau.\beta.nil and \beta.nil are not. This fact prevent us from characterizing CCS semantics (when \tau is considered invisible) as a final algebra, since the semantic function would induce an equivalence over the agents that is both a congruence and a bisimulation. In the paper we introduce a new behavioural equivalence for CCS agents, which is the coarsest among those bisimulations which are also congruences. We call it Dynamic Observational Congruence because it expresses a natural notion of equivalence for concurrent systems required to simulate each other in the presence of dynamic, i.e. run time, (re)configurations. We provide an algebraic characterization of Dynamic Congruence in terms of a universal property of finality. Furthermore we introduce Progressing Bisimulation, which forces processes to simulate each other performing explicit steps. We provide an algebraic characterization of it in terms of finality, two logical characterizations via modal logic in the style of HML and a complete axiomatization for finite agents (consisting of the axioms for Strong Observational Congruence and of two of the three Milner's $\tau$-laws). Finally, we prove that Dynamic Congruence and Progressing Bisimulation coincide for CCS agents

Expressing business rules : a fact based approach : a thesis presented in partial fulfilment of the requirements for the degree of Master of Philosophy in Information Systems at Massey University, Palmerston North, New Zealand

Numerous industry surveys have suggested that many IT projects still end in failure. Incomplete, ambiguous and inaccurate specifications are cited as a major causal factor. Traditional techniques for specifying data requirements often lack the expressiveness with which to model subtle but common features within organisations. As a consequence, categories of business rules that determine the structure and behaviour of organisations may not be captured until the latter stages of the systems development lifecycle. A fact-based technique called Object Role Modelling (ORM) has been investigated as an altemative approach for specifying data requirements. The technique's ability to capture and represent a wide range of data requirements rigorously, but still in a form comprehensible to business people, could provide a powerful tool for analysts. In this report, ORM constructs have been synthesised with the concepts and definitions provided by the Business Rules Group (BRG), who have produced a detailed taxonomy of business rule categories. In doing so, business rules discovered in an organisation can be expressed in a form that is meaningful to both analysts and business people. Exploiting the expressive simplicity of a conceptual modelling technique to articulate an organisation's business rules could help to fill a significant requirements gap

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

The framing of options for retirement: Experimental tests for policy. ESRI WP604, December 2018

We hypothesise and confirm a substantial framing effect in relation to whether people opt for an annuity on retirement. Two laboratory experiments were conducted in collaboration with a national pensions regulator. Individuals demanded a higher annuity rate when pensions were initially conceived of as an accumulated lump sum – a “nest egg” or “pension pot” – than when they were initially conceived of as retirement income. The effect was recorded using both a matching and a choice procedure. Effect sizes implied more than a doubling of demand for annuities at market rates. While mindful of the need for caution in generalising from hypothetical laboratory studies, the findings have potentially strong policy implications. The framing of pension products in marketing materials and disclosures may have substantial effects on financial risks borne in later life

Keystroke dynamics in the pre-touchscreen era

Biometric authentication seeks to measure an individual’s unique physiological attributes for the purpose of identity verification. Conventionally, this task has been realized via analyses of fingerprints or signature iris patterns. However, whilst such methods effectively offer a superior security protocol compared with password-based approaches for example, their substantial infrastructure costs, and intrusive nature, make them undesirable and indeed impractical for many scenarios. An alternative approach seeks to develop similarly robust screening protocols through analysis of typing patterns, formally known as keystroke dynamics. Here, keystroke analysis methodologies can utilize multiple variables, and a range of mathematical techniques, in order to extract individuals’ typing signatures. Such variables may include measurement of the period between key presses, and/or releases, or even key-strike pressures. Statistical methods, neural networks, and fuzzy logic have often formed the basis for quantitative analysis on the data gathered, typically from conventional computer keyboards. Extension to more recent technologies such as numerical keypads and touch-screen devices is in its infancy, but obviously important as such devices grow in popularity. Here, we review the state of knowledge pertaining to authentication via conventional keyboards with a view toward indicating how this platform of knowledge can be exploited and extended into the newly emergent type-based technological contexts

PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software

Paphos, Cyprus. March 201