Explaining Engineered Computing Systems’ Behaviour: the Role of Abstraction and Idealization

This paper addresses the methodological problem of analysing what it is to explain observed behaviours of engineered computing systems (BECS), focusing on the crucial role that abstraction and idealization play in explanations of both correct and incorrect BECS. First, it is argued that an understanding of explanatory requests about observed miscomputations crucially involves reference to the rich background afforded by hierarchies of functional specifications. Second, many explanations concerning incorrect BECS are found to abstract away (and profitably so on account of both relevance and intelligibility of the explanans) from descriptions of physical components and processes of computing systems that one finds below the logic circuit and gate layer of functional specification hierarchies. Third, model-based explanations of both correct and incorrect BECS that are provided in the framework of formal verification methods often involve idealizations. Moreover, a distinction between restrictive and permissive idealizations is introduced and their roles in BECS explanations are analysed

Capturing design process information and rationale to support knowledge-based design and analysis integration

Issued as final reportUnited States. Dept. of Commerc

Formal and Informal Methods for Multi-Core Design Space Exploration

We propose a tool-supported methodology for design-space exploration for embedded systems. It provides means to define high-level models of applications and multi-processor architectures and evaluate the performance of different deployment (mapping, scheduling) strategies while taking uncertainty into account. We argue that this extension of the scope of formal verification is important for the viability of the domain.Comment: In Proceedings QAPL 2014, arXiv:1406.156

Knowledge composition methodology for effective analysis problem formulation in simulation-based design

In simulation-based design, a key challenge is to formulate and solve analysis problems efficiently to evaluate a large variety of design alternatives. The solution of analysis problems has benefited from advancements in commercial off-the-shelf math solvers and computational capabilities. However, the formulation of analysis problems is often a costly and laborious process. Traditional simulation templates used for representing analysis problems are typically brittle with respect to variations in artifact topology and the idealization decisions taken by analysts. These templates often require manual updates and "re-wiring" of the analysis knowledge embodied in them. This makes the use of traditional simulation templates ineffective for multi-disciplinary design and optimization problems. Based on these issues, this dissertation defines a special class of problems known as variable topology multi-body (VTMB) problems that characterizes the types of variations seen in design-analysis interoperability. This research thus primarily answers the following question: How can we improve the effectiveness of the analysis problem formulation process for VTMB problems? The knowledge composition methodology (KCM) presented in this dissertation answers this question by addressing the following research gaps: (1) the lack of formalization of the knowledge used by analysts in formulating simulation templates, and (2) the inability to leverage this knowledge to define model composition methods for formulating simulation templates. KCM overcomes these gaps by providing: (1) formal representation of analysis knowledge as modular, reusable, analyst-intelligible building blocks, (2) graph transformation-based methods to automatically compose simulation templates from these building blocks based on analyst idealization decisions, and (3) meta-models for representing advanced simulation templates VTMB design models, analysis models, and the idealization relationships between them. Applications of the KCM to thermo-mechanical analysis of multi-stratum printed wiring boards and multi-component chip packages demonstrate its effectiveness handling VTMB and idealization variations with significantly enhanced formulation efficiency (from several hours in existing methods to few minutes). In addition to enhancing the effectiveness of analysis problem formulation, KCM is envisioned to provide a foundational approach to model formulation for generalized variable topology problems.Ph.D.Committee Co-Chair: Dr. Christiaan J. J. Paredis; Committee Co-Chair: Dr. Russell S. Peak; Committee Member: Dr. Charles Eastman; Committee Member: Dr. David McDowell; Committee Member: Dr. David Rosen; Committee Member: Dr. Steven J. Fenve

Everest: Towards a Verified, Drop-in Replacement of HTTPS

The HTTPS ecosystem is the foundation on which Internet security is built. At the heart of this ecosystem is the Transport Layer Security (TLS) protocol, which in turn uses the X.509 public-key infrastructure and numerous cryptographic constructions and algorithms. Unfortunately, this ecosystem is extremely brittle, with headline-grabbing attacks and emergency patches many times a year. We describe our ongoing efforts in Everest (The Everest VERified End-to-end Secure Transport) a project that aims to build and deploy a verified version of TLS and other components of HTTPS, replacing the current infrastructure with proven, secure software. Aiming both at full verification and usability, we conduct high-level code-based, game-playing proofs of security on cryptographic implementations that yield efficient, deployable code, at the level of C and assembly. Concretely, we use F*, a dependently typed language for programming, meta-programming, and proving at a high level, while relying on low-level DSLs embedded within F* for programming low-level components when necessary for performance and, sometimes, side-channel resistance. To compose the pieces, we compile all our code to source-like C and assembly, suitable for deployment and integration with existing code bases, as well as audit by independent security experts. Our main results so far include (1) the design of Low*, a subset of F* designed for C-like imperative programming but with high-level verification support, and KreMLin, a compiler that extracts Low* programs to C; (2) an implementation of the TLS-1.3 record layer in Low*, together with a proof of its concrete cryptographic security; (3) Vale, a new DSL for verified assembly language, and several optimized cryptographic primitives proven functionally correct and side-channel resistant. In an early deployment, all our verified software is integrated and deployed within libcurl, a widely used library of networking protocols

Towards the Correctness of Security Protocols

AbstractIn [19], the authors presented a type-theoretic approach to the verification of security protocols. In this approach, a universal type system is proposed to capture in a finite way all the possible computations (internal actions or protocol instrumentations) that could be performed by a smart malicious intruder. This reduces the verification of cryptographic protocols to a typing problem where types are attack scenarios. In this paper, we recall this type system and we prove its completeness i.e. if the intruder can learn a message from a given protocol instrumentation, then this message could be infered from the type system. A significant result of this paper is the presentation of a new transformation that allows us to abstract a non-terminating type inference system into a terminating deductive proof system. We demonstrate how these results could be used to establish the security of cryptographic protocols from the secrecy standpoint. Finally, the usefulness and the efficiency of the whole approach is illustrated by proving the correctness of a new version of the Needham-Shoreder protocol with respect to the secrecy property

Concept of Triangle: Examples of Mathematical Abstraction in Two Different Contexts

Geometry has abstract notions to be learnt so that all those notions cannot be just transferred into students’ mind like a bunch of information that should be memorized. Students need to construct those concepts during their learning process. This process of knowledge construction can be considered as an abstraction process. This study aimed to qualitatively compare abstraction process of students who learned the topic of triangle in conventional method and in van Hiele model of teaching aided by Geometers’ sketchpad. Subjects of this study were junior high school students in grade 7. This is a qualitative study with grounded theory design. Data were collected through classroom observation, test, and task-based interview. Results of the study show that theoretical abstraction processes tend to dominate classrom with conventional method of teaching while classroom with van Hiele model of teaching aided by Geometers’ sketchpad accommodated empirical abstraction process of the students