7,455 research outputs found
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Multilevel Contracts for Trusted Components
This article contributes to the design and the verification of trusted
components and services. The contracts are declined at several levels to cover
then different facets, such as component consistency, compatibility or
correctness. The article introduces multilevel contracts and a
design+verification process for handling and analysing these contracts in
component models. The approach is implemented with the COSTO platform that
supports the Kmelia component model. A case study illustrates the overall
approach.Comment: In Proceedings WCSI 2010, arXiv:1010.233
Specification and Verification of Context-dependent Services
Current approaches for the discovery, specification, and provision of
services ignore the relationship between the service contract and the
conditions in which the service can guarantee its contract. Moreover, they do
not use formal methods for specifying services, contracts, and compositions.
Without a formal basis it is not possible to justify through formal
verification the correctness conditions for service compositions and the
satisfaction of contractual obligations in service provisions. We remedy this
situation in this paper. We present a formal definition of services with
context-dependent contracts. We define a composition theory of services with
context-dependent contracts taking into consideration functional,
nonfunctional, legal and contextual information. Finally, we present a formal
verification approach that transforms the formal specification of service
composition into extended timed automata that can be verified using the model
checking tool UPPAAL.Comment: In Proceedings WWV 2011, arXiv:1108.208
Behavioral types in programming languages
A recent trend in programming language research is to use behav- ioral type theory to ensure various correctness properties of large- scale, communication-intensive systems. Behavioral types encompass concepts such as interfaces, communication protocols, contracts, and choreography. The successful application of behavioral types requires a solid understanding of several practical aspects, from their represen- tation in a concrete programming language, to their integration with other programming constructs such as methods and functions, to de- sign and monitoring methodologies that take behaviors into account. This survey provides an overview of the state of the art of these aspects, which we summarize as the pragmatics of behavioral types
Chainspace: A Sharded Smart Contracts Platform
Chainspace is a decentralized infrastructure, known as a distributed ledger,
that supports user defined smart contracts and executes user-supplied
transactions on their objects. The correct execution of smart contract
transactions is verifiable by all. The system is scalable, by sharding state
and the execution of transactions, and using S-BAC, a distributed commit
protocol, to guarantee consistency. Chainspace is secure against subsets of
nodes trying to compromise its integrity or availability properties through
Byzantine Fault Tolerance (BFT), and extremely high-auditability,
non-repudiation and `blockchain' techniques. Even when BFT fails, auditing
mechanisms are in place to trace malicious participants. We present the design,
rationale, and details of Chainspace; we argue through evaluating an
implementation of the system about its scaling and other features; we
illustrate a number of privacy-friendly smart contracts for smart metering,
polling and banking and measure their performance
CaSPiS: A Calculus of Sessions, Pipelines and Services
Service-oriented computing is calling for novel computational models and languages with well
disciplined primitives for client-server interaction, structured orchestration and unexpected events handling. We present CaSPiS, a process calculus where the conceptual abstractions of sessioning and pipelining play a central role for modelling service-oriented systems. CaSPiS sessions are two-sided, uniquely named and can be nested. CaSPiS pipelines permit orchestrating the flow of data produced by different sessions. The calculus is also equipped with operators for handling (unexpected) termination of the partner’s side of a session. Several examples are presented to provide evidence of the flexibility of the chosen set of primitives. One key contribution is a fully abstract encoding of Misra et al.’s orchestration language Orc. Another main result shows that in CaSPiS it is possible to program a “graceful termination” of nested sessions, which guarantees that no session is forced to hang forever after the loss of its partner
From usability to secure computing and back again
Secure multi-party computation (MPC) allows multiple parties
to jointly compute the output of a function while preserving
the privacy of any individual party’s inputs to that function.
As MPC protocols transition from research prototypes to realworld
applications, the usability of MPC-enabled applications
is increasingly critical to their successful deployment and
widespread adoption. Our Web-MPC platform, designed with
a focus on usability, has been deployed for privacy-preserving
data aggregation initiatives with the City of Boston and the
Greater Boston Chamber of Commerce. After building and
deploying an initial version of the platform, we conducted a
heuristic evaluation to identify usability improvements and
implemented corresponding application enhancements. However,
it is difficult to gauge the effectiveness of these changes
within the context of real-world deployments using traditional
web analytics tools without compromising the security guarantees
of the platform. This work consists of two contributions
that address this challenge: (1) the Web-MPC platform has
been extended with the capability to collect web analytics
using existing MPC protocols, and (2) as a test of this feature
and a way to inform future work, this capability has been
leveraged to conduct a usability study comparing the two versions
ofWeb-MPC. While many efforts have focused on ways
to enhance the usability of privacy-preserving technologies,
this study serves as a model for using a privacy-preserving
data-driven approach to evaluate and enhance the usability of
privacy-preserving websites and applications deployed in realworld
scenarios. Data collected in this study yields insights
into the relationship between usability and security; these can
help inform future implementations of MPC solutions.Published versio
- …