7,910 research outputs found
A template-based approach for the generation of abstractable and reducible models of featured networks
We investigate the relationship between symmetry reduction and inductive reasoning when applied to model checking networks of featured components. Popular reduction techniques for combatting state space explosion in model checking, like abstraction and symmetry reduction, can only be applied effectively when the natural symmetry of a system is not destroyed during specification. We introduce a property which ensures this is preserved, open symmetry. We describe a template-based approach for the construction of open symmetric Promela specifications of featured systems. For certain systems (safely featured parameterised systems) our generated specifications are suitable for conversion to abstract specifications representing any size of network. This enables feature interaction analysis to be carried out, via model checking and induction, for systems of any number of featured components. In addition, we show how, for any balanced network of components, by using a graphical representation of the features and the process communication structure, a group of permutations of the underlying state space of the generated specification can be determined easily. Due to the open symmetry of our Promela specifications, this group of permutations can be used directly for symmetry reduced model checking.
The main contributions of this paper are an automatic method for developing open symmetric specifications which can be used for generic feature interaction analysis, and the novel application of symmetry detection and reduction in the context of model checking featured networks.
We apply our techniques to a well known example of a featured network ā an email system
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
On Termination for Faulty Channel Machines
A channel machine consists of a finite controller together with several fifo
channels; the controller can read messages from the head of a channel and write
messages to the tail of a channel. In this paper, we focus on channel machines
with insertion errors, i.e., machines in whose channels messages can
spontaneously appear. Such devices have been previously introduced in the study
of Metric Temporal Logic. We consider the termination problem: are all the
computations of a given insertion channel machine finite? We show that this
problem has non-elementary, yet primitive recursive complexity
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Information Security as Strategic (In)effectivity
Security of information flow is commonly understood as preventing any
information leakage, regardless of how grave or harmless consequences the
leakage can have. In this work, we suggest that information security is not a
goal in itself, but rather a means of preventing potential attackers from
compromising the correct behavior of the system. To formalize this, we first
show how two information flows can be compared by looking at the adversary's
ability to harm the system. Then, we propose that the information flow in a
system is effectively information-secure if it does not allow for more harm
than its idealized variant based on the classical notion of noninterference
A generic approach for the automatic verification of featured, parameterised systems
A general technique is presented that allows property based feature analysis of systems consisting of an arbitrary number of components. Each component may have an arbitrary set of safe features. The components are defined in a guarded command form and the technique combines model checking and abstraction. Features must fulfill certain criteria in order to be safe, the criteria express constraints on the variables which occur in feature guards. The main result is a generalisation theorem which we apply to a well known example: the ubiquitous, featured telephone system
The natural algorithmic approach of mixed trigonometric-polynomial problems
The aim of this paper is to present a new algorithm for proving mixed
trigonometric-polynomial inequalities by reducing to polynomial inequalities.
Finally, we show the great applicability of this algorithm and as examples, we
use it to analyze some new rational (Pade) approximations of the function
, and to improve a class of inequalities by Z.-H. Yang. The results
of our analysis could be implemented by means of an automated proof assistant,
so our work is a contribution to the library of automatic support tools for
proving various analytic inequalities
The WTO Comes to Dinner: U.S. Implementation of Trade Rules Bypasses Food Safety Requirements
A Special Report By Public Citizen's Global Trade Watch and Critical Mass Energy and Environment Program. A review of U.S. government "system" audits of five nations (Brazil, Mexico, Argentina, Australia and Canada) reveals that the U.S. Department of Agriculture (USDA)'s Food Safety and Inspection Service (FSIS) deemed "equivalent" systems with sanitary measures that differ from FSIS policy, and in some cases, violate the express language of U.S. laws and regulations. Because FSIS has refused to respond to Public Citizen Freedom of Information Act requests for correspondence and other documentation regarding these equivalency decisions, it is impossible to determine what is the current status of these issues and whether they have been resolved by regulators. - The U.S. law requiring meat to be inspected by independent government officials was violated by Brazil and Mexico and they retained their eligibility to export to the United States. - The USDA's zero tolerance policy for contamination by feces was repeatedly violated by Australia, Canada and Mexico. - U.S. regulations requiring monthly supervisory reviews of plants eligible to export be conducted on behalf of USDA by foreign government officials were violated by Argentina, Brazil, Canada and Mexico, several of whom are seeking to avoid this core requirement of U.S. regulation. Monthly reviews are vitally important to remind the meat industry that the meat inspector who works the line in the plant is backed by the weight of the government and to double-check the work of meat inspectors on a regular basis. - Even though U.S. regulations requiring that a government official -- not a company employee -- sample meat for salmonella microbial contamination, the USDA approved company employees performing this task as part of an equivalency determination with Brazil and Canada. - Even though U.S. regulations require certain microbial testing to be performed at government labs, the U.S. approved testing by private labs as part of the equivalency determination with Brazil, Canada and Mexico. - Unapproved and/or improper testing procedures and sanitation violations have been re-identified by FSIS year after year for Australia, Brazil, Canada and Mexico, but the countries have retained their eligibility to export to the United States. - After its regulatory systems was designated "equivalent," Mexico began using alternative procedures for salmonella and E. coli that had never been evaluated by FSIS, yet the country retained its eligibility to import to the United States. - Australia and Canada were allowed to export to the United States while using their own methods and procedures for such matters as E. coli testing, postmortem inspection, monthly supervisory reviews and pre-shipment reviews while awaiting an equivalency determination from FSIS. - FSIS auditors and Canadian food safety officials continue to disagree about whether particular measures have already been found "equivalent" by FSIS, yet Canadian imports remained uninterrupted. - The regulatory systems of Brazil and Mexico have been rated equivalent even though the countries plead insufficient personnel and monetary resources to explain their inability to carry out all required functions
- ā¦