1,205 research outputs found
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Automatic Music Composition using Answer Set Programming
Music composition used to be a pen and paper activity. These these days music
is often composed with the aid of computer software, even to the point where
the computer compose parts of the score autonomously. The composition of most
styles of music is governed by rules. We show that by approaching the
automation, analysis and verification of composition as a knowledge
representation task and formalising these rules in a suitable logical language,
powerful and expressive intelligent composition tools can be easily built. This
application paper describes the use of answer set programming to construct an
automated system, named ANTON, that can compose melodic, harmonic and rhythmic
music, diagnose errors in human compositions and serve as a computer-aided
composition tool. The combination of harmonic, rhythmic and melodic composition
in a single framework makes ANTON unique in the growing area of algorithmic
composition. With near real-time composition, ANTON reaches the point where it
can not only be used as a component in an interactive composition tool but also
has the potential for live performances and concerts or automatically generated
background music in a variety of applications. With the use of a fully
declarative language and an "off-the-shelf" reasoning engine, ANTON provides
the human composer a tool which is significantly simpler, more compact and more
versatile than other existing systems. This paper has been accepted for
publication in Theory and Practice of Logic Programming (TPLP).Comment: 31 pages, 10 figures. Extended version of our ICLP2008 paper.
Formatted following TPLP guideline
Hybrid knowledge representation in a blackboard KBS for liquid retaining structure design
Author name used in this publication: K. W. Chau2003-2004 > Academic research: refereed > Publication in refereed journalAccepted ManuscriptPublishe
Access Control Synthesis for Physical Spaces
Access-control requirements for physical spaces, like office buildings and
airports, are best formulated from a global viewpoint in terms of system-wide
requirements. For example, "there is an authorized path to exit the building
from every room." In contrast, individual access-control components, such as
doors and turnstiles, can only enforce local policies, specifying when the
component may open. In practice, the gap between the system-wide, global
requirements and the many local policies is bridged manually, which is tedious,
error-prone, and scales poorly.
We propose a framework to automatically synthesize local access control
policies from a set of global requirements for physical spaces. Our framework
consists of an expressive language to specify both global requirements and
physical spaces, and an algorithm for synthesizing local, attribute-based
policies from the global specification. We empirically demonstrate the
framework's effectiveness on three substantial case studies. The studies
demonstrate that access control synthesis is practical even for complex
physical spaces, such as airports, with many interrelated security
requirements
Next generation software environments : principles, problems, and research directions
The past decade has seen a burgeoning of research and development in software environments. Conferences have been devoted to the topic of practical environments, journal papers produced, and commercial systems sold. Given all the activity, one might expect a great deal of consensus on issues, approaches, and techniques. This is not the case, however. Indeed, the term "environment" is still used in a variety of conflicting ways. Nevertheless substantial progress has been made and we are at least nearing consensus on many critical issues.The purpose of this paper is to characterize environments, describe several important principles that have emerged in the last decade or so, note current open problems, and describe some approaches to these problems, with particular emphasis on the activities of one large-scale research program, the Arcadia project. Consideration is also given to two related topics: empirical evaluation and technology transition. That is, how can environments and their constituents be evaluated, and how can new developments be moved effectively into the production sector
Secure Diagnostics And Forensics With Network Provenance
In large-scale networks, many things can go wrong: routers can be misconfigured, programs can be buggy, and computers can be compromised by an attacker. As a result, there is a constant need to perform network diagnostics and forensics. In this dissertation, we leverage the concept of provenance to build better support for diagnostic and forensic tasks. At a high level, provenance tracks causality between network states and events, and produces a detailed explanation of any event of interest, which makes it a good starting point for investigating network problems.
However, in order to use provenance for network diagnostics and forensics, several challenges need to be addressed. First, existing provenance systems cannot provide security properties on high-speed network traffic, because the cryptographic operations would cause enormous overhead when the data rates are high. To address this challenge, we design secure packet provenance, a system that comes with a novel lightweight security protocol, to maintain secure provenance with low overhead. Second, in large-scale distributed systems, the provenance of a network event can be quite complex, so it is still challenging to identify the problem root cause from the complex provenance. To address this challenge, we design differential provenance, which can identify a symptom event’s root cause by reasoning about the differences between its provenance and the provenance of a similar “reference” event. Third, provenance can only explain why a current network state came into existence, but by itself, it does not reason about changes to the network state to fix a problem. To provide operators with more diagnostic support, we design causal networks – a generalization of network provenance – to reason about network repairs that can avoid undesirable side effects in the network. Causal networks can encode multiple diagnostic goals in the same data structure, and, therefore, generate repairs that satisfy multiple constraints simultaneously. We have applied these techniques to Software-Defined Networks, Hadoop MapReduce, as well as the Internet’s data plane. Our evaluation with real-world traffic traces and network topologies shows that our systems can run with reasonable overhead, and that they can accurately identify root causes of practical problems and generate repairs without causing collateral damage
- …