Journey Beyond Full Abstraction: Exploring Robust Property Preservation for Secure Compilation

—Good programming languages provide helpful abstractions for writing secure code, but the security properties of the source language are generally not preserved when compiling a program and linking it with adversarial code in a low-level target language (e.g., a library or a legacy application). Linked target code that is compromised or malicious may, for instance, read and write the compiled program’s data and code, jump to arbitrary memory locations, or smash the stack, blatantly violating any source-level abstraction. By contrast, a fully abstract compilation chain protects source-level abstractions all the way down, ensuring that linked adversarial target code cannot observe more about the compiled program than what some linked source code could about the source program. However, while research in this area has so far focused on preserving observational equivalence, as needed for achieving full abstraction, there is a much larger space of security properties one can choose to preserve against linked adversarial code. And the precise class of security properties one chooses crucially impacts not only the supported security goals and the strength of the attacker model, but also the kind of protections a secure compilation chain has to introduce. We are the first to thoroughly explore a large space of formal secure compilation criteria based on robust property preservation, i.e., the preservation of properties satisfied against arbitrary adversarial contexts. We study robustly preserving various classes of trace properties such as safety, of hyperproperties such as noninterference, and of relational hyperproperties such as trace equivalence. This leads to many new secure compilation criteria, some of which are easier to practically achieve and prove than full abstraction, and some of which provide strictly stronger security guarantees. For each of the studied criteria we propose an equivalent “property-free” characterization that clarifies which proof techniques apply. For relational properties and hyperproperties, which relate the behaviors of multiple programs, our formal definitions of the property classes themselves are novel. We order our criteria by their relative strength and show several collapses and separation results. Finally, we adapt existing proof techniques to show that even the strongest of our secure compilation criteria, the robust preservation of all relational hyperproperties, is achievable for a simple translation from a statically typed to a dynamically typed language

The design of urban quality: innovative community facilites in support of strategies of urban renewal a methodological proposal

2015 - 2016Currently, urban planning theory and practice is focusing on the renewal and enhancement of the existing urban settlements and no longer on enlargement and expansion of the city. Generally, cities are looking for the sustainable use of resources, paying particular attention to environmental and social aspects. The urban quality and collective well-being cannot be separated from the identification of a network, structuring of the city, of infrastructures and services that are not resolved in the themes provided by legislation. In fact, the characteristics, that transform a place into a liveable area, derive from a set of tangible and intangible urban endowments, that evolve continuously according to their type. Without a balance between the built environment and the consequent urban facilities and services, which are named as Standard Urbanistici (Urban Standards) by the Italian legislation, a town can go into crisis. In Italy, almost fifty years on from the issue of the Decree on the Urban Standards (DI no.1444/1968), currently in force, the problems relating to their planning are unresolved and, moreover, exacerbated: application methods, criteria for the users computing, land acquisition processes, raising funding to move from planning to implementation and management of the infrastructures. Noting the failure of attempts to define, a priori, a quantity of universally valid services, it is necessary to rethink the strategies and criteria for the provision of infrastructure. In order to meet the real needs of local communities, which are continuously changing, elastic and flexible facilities must be coupled also with a change in the method for their determination and verification. Consequently, a need for the redefinition of tools to interpret the social dynamics and to ensure and assess a changed concept of urban and environmental quality can be revealed, through the identification of innovative equipment and services. “The Urban Standards are and will be those specific services and facilities which the local community, over time, recognizes as basic and essential for the balanced structuring of the territory, and that are standard, i.e. constant, for its management” (Lr Lombardia no.01/2001). From an initial analysis of the current situation, on the basis of technical references, and from the best practices on services planning, a methodology was developed to evaluate the system of urban standards quantitatively and qualitatively, in order to fully understand what the priorities are and the benefits they can bring. The intent of the methodology is to define an innovative tool to support land use decisions and to implement the planning of services (Piano dei Servizi). From the application to the planning of services of different techniques, tools and models belonging to different disciplines, the methodology has been defined and integrated into the practice of traditional urban planning, thus becoming also a regeneration tool of the urban system. The methodology has been tested in various municipal systems, producing significant results, reflecting the identity of the places and their morphological, social, cultural and economic features. The conclusion of the work also tracks possible future developments, which can turn to an operational simplification of the methodology in order to guide the definition of legislation for new services planning. [edited by author]Attualmente, le teorie e le pratiche di pianificazione urbana pongono l’attenzione alla riqualificazione e valorizzazione dell’esistente e non più sull’ampliamento e lo sviluppo delle città. In generale, esse sono rivolte all’uso sostenibile delle risorse, ponendo particolare attenzione agli aspetti sociali e ambientali. La qualità urbana e il benessere collettivo non possono prescindere dall’individuazione di una rete, strutturante per la città, di infrastrutture e servizi che non si risolvono nei temi previsti dalla norma. Infatti, le caratteristiche che rendono un luogo in un buon posto per vivere, derivano da una serie di dotazioni materiali e immateriali, che si evolvono in continuazione per tipologia. In mancanza di un bilanciamento tra l’ambiente costruito e le attrezzature e i sevizi che ne derivano (quelli che vengono definiti “standard urbanistici”), la città va in crisi. In Italia, a distanza di quasi cinquant’anni dall’emanazione del Decreto sugli Standard Urbanistici (D.I. no.1444/1968), attualmente ancora vigente, i problemi in materia di standard sono, nonché irrisolti, aumentati di numero: modalità applicative, criteri di calcolo dell’utenza, procedura di acquisizione delle aree occorrenti, reperimento delle risorse finanziarie per passare dalla programmazione all’attuazione ed alla gestione delle opere. Appurati i tentativi di fallimento di definire, a priori, una quantità universalmente valida dei servizi, è necessario ripensare alle modalità e ai criteri da considerare nella definizione della maggior parte delle attrezzature. Con l’intento di incontrare i bisogni reali delle comunità locali, che hanno cambiato il loro aspetto, attrezzature elastiche e flessibili devono essere combinate anche attraverso il cambiamento nel metodo della loro definizione e verifica. Di conseguenza, può essere rilevata la necessità di ridefinire strumenti in grado di interpretare le dinamiche sociali e di assicurare e valutare un diverso concetto di qualità urbana e ambientale, attraverso attrezzature e servizi innovativi. “Gli standard urbanistici sono e saranno quelle attrezzature e quei servizi specifici che a comunità locale, nel tempo, riconosce come basilari ed essenziali per la strutturazione bilanciata del territorio, e che, sono standard, costanti, per la sua gestione” (Legge regionale lombarda, 2001). Da una prima analisi dello stato dell’arte, sulla base della consultazione tecnica nazionale ed internazionale, e le esperienze di pianificazione dei servizi, è tato possibile delineare, a partire dalle diverse sue componenti, un percorso di ricerca che mira alla definizione di una metodologia di localizzazione dei servizi, intesi in un’ottica innovativa rispetto a quella tradizionale. Lo scopo della metodologia è quello di definire uno strumento innovativo di supporto alle decisioni dell’uso del suolo e capace di implementare la pianificazione dei servizi (Piano dei Servizi). Attraverso l’applicazione alla pianificazione dei servizi di diverse tecniche, strumenti e modelli appartenenti a diverse discipline, la metodologia è stata definita e integrata alla prassi di pianificazione urbana tradizionale, diventando quindi anche strumento di rigenerazione del sistema urbano. La metodologia è stata testata in diversi ambiti comunali, producendo dei risultati significativi, che possono rispecchiano l’identità dei luoghi e le loro caratteristiche fisiche, sociali, culturali ed economiche. La conclusione del lavoro traccia anche possibili sviluppi futuri, che possono rivolgersi a una semplificazione operativa della metodologia per poter orientare la definizione normativa di pianificazione dei servizi. [a cura dell'autore]XV n.

Efficient Enforcement of Security Policies in Distributed Systems

Policy-based management (PBM) is an adaptable security policy mechanism in information systems (IS) that confirm only authorised users can access resources. A few decades ago, the traditional PBM has focused on closed systems, where enforcement mechanisms are trusted by system administrators who define access control policies. Most of current work on the PBM systems focuses on designing a centralised policy decision point (PDP), the component that evaluates an access request against a policy and reports the decision back, which can have performance and resilience drawbacks. Performance and resilience are a major concern for applications in military, health and national security domains where the performance is desirable to increase situational awareness through collaboration and to decrease the length of the decision making cycle. The centralised PDP also represents a single point of failure. In case of the failure of the centralised PDP, all resources in the system may cease to function. The efficient distribution of enforcement mechanisms is therefore key in building large scale policy managed distributed systems. Moving from the traditional PBM systems to dynamic PBM systems supports dynamic adaptability of behaviour by changing policy without recoding or stopping the system. The SANTA history-based dynamic PBM system has a formal underpinning in Interval Temporal Logic (ITL) allowing for formal analysis and verification to take place. The main aim of the research to automatically distribute enforcement mechanisms in the distributed system in order to provide resilience against network failure whilst preserving efficiency of policy decision making. The policy formalisation is based on SANTA policy model to provide a high level of assurance. The contribution of this work addresses the challenge of performance, manageability and security, by designing a Decentralised PBM framework and a corresponding Distributed Enforcements Architecture (DENAR). The ability of enforcing static and dynamic security policies in DENAR is the prime research issue, which balances the desire to distribute systems for flexibility whilst maintaining sufficient security over operations. Our research developed mechanisms to improve the efficiency of the enforcement of security policy mechanisms and their resilience against network failures in distributed information systems

Papers presented at the International Planning Workshop for a Desert Margins Initiative, Nairobi,Kenya, 23-26 Jan 1995

This volume provides for early publication, the full texts of 27 papers presented in fascimile form in the original English or French. These papers are presented in 6 sessions dealing with the themes: 1) research needs and opportunities for resource management progress to arrest land degradation: national and regional perspectives; 2) generic research imperatives:international perspectives; 3) designing an effective research approach: target-oriented project planning; 4) institution building and enhancement of human resource capacity: TOPP; 5) review of objectives, aspects, collaborative linkages, and project formulation; and 6) institutional mechanisms: TOPP (target oriented project planning). The companion volume, combating land degradation in Sub-Sahara Africa, describes the background, organization, and outcomes of the workshop, including summaries of development constraints in desert margin areas of Botswana, Burkina Faso, Kenya, Mali, Namibia and Nige