A Distributed Security Architecture for Large Scale Systems

This thesis describes the research leading from the conception, through development, to the practical implementation of a comprehensive security architecture for use within, and as a value-added enhancement to, the ISO Open Systems Interconnection (OSI) model. The Comprehensive Security System (CSS) is arranged basically as an Application Layer service but can allow any of the ISO recommended security facilities to be provided at any layer of the model. It is suitable as an 'add-on' service to existing arrangements or can be fully integrated into new applications. For large scale, distributed processing operations, a network of security management centres (SMCs) is suggested, that can help to ensure that system misuse is minimised, and that flexible operation is provided in an efficient manner. The background to the OSI standards are covered in detail, followed by an introduction to security in open systems. A survey of existing techniques in formal analysis and verification is then presented. The architecture of the CSS is described in terms of a conceptual model using agents and protocols, followed by an extension of the CSS concept to a large scale network controlled by SMCs. A new approach to formal security analysis is described which is based on two main methodologies. Firstly, every function within the system is built from layers of provably secure sequences of finite state machines, using a recursive function to monitor and constrain the system to the desired state at all times. Secondly, the correctness of the protocols generated by the sequences to exchange security information and control data between agents in a distributed environment, is analysed in terms of a modified temporal Hoare logic. This is based on ideas concerning the validity of beliefs about the global state of a system as a result of actions performed by entities within the system, including the notion of timeliness. The two fundamental problems in number theory upon which the assumptions about the security of the finite state machine model rest are described, together with a comprehensive survey of the very latest progress in this area. Having assumed that the two problems will remain computationally intractable in the foreseeable future, the method is then applied to the formal analysis of some of the components of the Comprehensive Security System. A practical implementation of the CSS has been achieved as a demonstration system for a network of IBM Personal Computers connected via an Ethernet LAN, which fully meets the aims and objectives set out in Chapter 1. This implementation is described, and finally some comments are made on the possible future of research into security aspects of distributed systems.IBM (United Kingdom) Laboratories Hursley Park, Winchester, U

Formalizing graphical notations

The thesis describes research into graphical notations for software engineering, with a principal interest in ways of formalizing them. The research seeks to provide a theoretical basis that will help in designing both notations and the software tools that process them. The work starts from a survey of literature on notation, followed by a review of techniques for formal description and for computational handling of notations. The survey concentrates on collecting views of the benefits and the problems attending notation use in software development; the review covers picture description languages, grammars and tools such as generic editors and visual programming environments. The main problem of notation is found to be a lack of any coherent, rigorous description methods. The current approaches to this problem are analysed as lacking in consensus on syntax specification and also lacking a clear focus on a defined concept of notated expression. To address these deficiencies, the thesis embarks upon an exploration of serniotic, linguistic and logical theory; this culminates in a proposed formalization of serniosis in notations, using categorial model theory as a mathematical foundation. An argument about the structure of sign systems leads to an analysis of notation into a layered system of tractable theories, spanning the gap between expressive pictorial medium and subject domain. This notion of 'tectonic' theory aims to treat both diagrams and formulae together. The research gives details of how syntactic structure can be sketched in a mathematical sense, with examples applying to software development diagrams, offering a new solution to the problem of notation specification. Based on these methods, the thesis discusses directions for resolving the harder problems of supporting notation design, processing and computer-aided generic editing. A number of future research areas are thereby opened up. For practical trial of the ideas, the work proceeds to the development and partial implementation of a system to aid the design of notations and editors. Finally the thesis is evaluated as a contribution to theory in an area which has not attracted a standard approach

Legal knowledge engineering: Computing, logic and law

The general problem approached in this thesis is that of building computer based legal advisory programs (otherwise known as expert systems or Intelligent Knowledge Based Systems). Such computer systems should be able to provide an individual with advice about either the general legal area being investigated, or advice about how the individual should proceed in a given case. In part the thesis describes a program (the ELl program) which attempts to confront some of the problems inherent in the building of these systems. The ELl system is seen as an experimental program (currently handling welfare rights legislation) and development vehicle. It is not presented as a final commercially implementable program. We present a detailed criticism of the type of legal knowledge contained within the system. The second, though in part intertwined, major subject of the thesis describes the jurisprudential aspects of the attempt to model the law by logic, a conjunction which is seen to be at the heart of the computer/law problem. We suggest that the conjunction offers very little to those who are interested in the real application of the real law, and that this is most forcefully seen when a working computer system models that conjunction. Our conclusion is that neither logic nor rule-based methods are sufficient for handling legal knowledge. The novelty and import of this thesis is not simply that it presents a negative conclusion; rather that it offers a sound theoretical and pragmatic framework for understanding why these methods are insufficient - the limits to the field are, in fact, defined

Augustus De Morgan and the development of university mathematics in London in the nineteenth century.

This thesis investigates the teaching of mathematics at university level in London, and in particular by Augustus De Morgan (1806-1871) during his period as founder professor of mathematics at London University (later University College London) from 1828 to 1867. An examination of De Morgan's life and professorial career is followed by a review of changes in instruction at the college under his successors, together with a survey of higher mathematical tuition at other university-level institutions in the capital up to the turn of the twentieth century. Particular attention is paid to original teaching material and the set of students who later achieved distinction in mathematics and other disciplines. A key feature of the research undertaken for this project has been its intensive use of previously unpublished archival documents, hitherto mostly unstudied. Consequently, much of the information which has been gleaned from these sources (such as De Morgan's lecture material, student notes and contemporary correspondence) has never appeared in print before. The data thus derived has been used in conjunction with publications from the period, as well as more recent works, to produce a contribution to the history of mathematical education which gives a more complete picture of how well nineteenth-century London was served for mathematical instruction than was previously available. Previous studies of De Morgan have mainly concentrated on his work in algebra and logic, with little or no reference to his mathematical teaching, while published histories of relevant institutions (e. g. University College, University of London) are similarly localised, with few comparisons being drawn with other bodies, and almost no reference to mathematical tuition. By concentrating on the work of De Morgan as a teacher in the context of London mathematics, this thesis will attempt to fill these two important gaps in the literature

Instructional strategies in explicating the discovery function of proof for lower secondary school students

In this paper, we report on the analysis of teaching episodes selected from our pedagogical and cognitive research on geometry teaching that illustrate how carefully-chosen instructional strategies can guide Grade 8 students to see and appreciate the discovery function of proof in geometr

Relations between logic and mathematics in the work of Benjamin and Charles S. Peirce.

Charles Peirce (1839-1914) was one of the most important logicians of the nineteenth century. This thesis traces the development of his algebraic logic from his early papers, with especial attention paid to the mathematical aspects. There are three main sources to consider. 1) Benjamin Peirce (1809-1880), Charles's father and also a leading American mathematician of his day, was an inspiration. His memoir Linear Associative Algebra (1870) is summarised and for the first time the algebraic structures behind its 169 algebras are analysed in depth. 2) Peirce's early papers on algebraic logic from the late 1860s were largely an attempt to expand and adapt George Boole's calculus, using a part/whole theory of classes and algebraic analogies concerning symbols, operations and equations to produce a method of deducing consequences from premises. 3) One of Peirce's main achievements was his work on the theory of relations, following in the pioneering footsteps of Augustus De Morgan. By linking the theory of relations to his post-Boolean algebraic logic, he solved many of the limitations that beset Boole's calculus. Peirce's seminal paper `Description of a Notation for the Logic of Relatives' (1870) is analysed in detail, with a new interpretation suggested for his mysterious process of logical differentiation. Charles Peirce's later work up to the mid 1880s is then surveyed, both for its extended algebraic character and for its novel theory of quantification. The contributions of two of his students at the Johns Hopkins University, Oscar Mitchell and Christine Ladd-Franklin are traced, specifically with an analysis of their problem solving methods. The work of Peirce's successor Ernst Schröder is also reviewed, contrasting the differences and similarities between their logics. During the 1890s and later, Charles Peirce turned to a diagrammatic representation and extension of his algebraic logic. The basic concepts of this topological twist are introduced. Although Peirce's work in logic has been studied by previous scholars, this thesis stresses to a new extent the mathematical aspects of his logic - in particular the algebraic background and methods, not only of Peirce but also of several of his contemporaries

From axiomatization to generalizatrion of set theory

The thesis examines the philosophical and foundational significance of Cohen's Independence results. A distinction is made between the mathematical and logical analyses of the "set" concept. It is argued that topos theory is the natural generalization of the mathematical theory of sets and is the appropriate foundational response to the problems raised by Cohen's results. The thesis is divided into three parts. The first is a discussion of the relationship between "informal" mathematical theories and their formal axiomatic realizations this relationship being singularly problematic in the case of set theory. The second part deals with the development of the set concept within the mathemtical approach. In particular Skolem's reformulation of Zermlelo's notion of "definite properties". In the third part an account is given of the emergence and development of topos theory. Then the considerations of the first two parts are applied to demonstrate that the shift to topos theory, specifically in its guise of LST (local set theory), is the appropriate next step in the evolution of the concept of set, within the mathematical approach, in the light of the significance of Cohen's Independence results

A Review of Work Based Learning in Higher Education

The idea of work based learning in higher education might sound like a contradiction in terms. Work based learning is surely in the the workplace. The senses in which it might also, under certain conditions, be in higher education are explored in this review. There are increasing arrangements whereby people can obtain academic recognition for learning which has taken place outside of educational institutions. In addition to traditional forms of professional education and sandwich courses, one can add a host of relationships between employers and higher education institutions which involve quite fundamental questioning of the roles and responsibilities of each in the continuing education and training of adults. Such developments can be related to broader themes concerning the organisation of knowledge in society, the changing nature of work and career, the learning society and the implications they hold for individual workers, their employers and educational providers. The Department for Education and Employment sponsored the study to produce a substantial literature review of progress and issues raised in the field of work based learning in higher education. The first part of the book provides a contextual and conceptual backdrop against which more practical aspects of work based learning are then considered in part two. The final part considers strategic issues of implementation for higher education institutions, employers and individuals, before turning to more wide ranging issues of policy

Suitably underspecified: systematic notations and the relations between paper and music

Through building a taxonomy of drawing, and a set of four drawing research studies aimed at generating innovative cross-disciplinary practices, an argument will be developed that systematised drawings such as the music notation are hybrid representational environments, sufficiently different from other inscriptive practices as to merit a separate classification. The taxonomical model will decentralise specific modes of drawing, in favour of a multi-disciplinary view appropriate to the persistence of its subject as a deeply rooted strategic and executive practice, and the four studies will engage the time-factoring of notation systems as transductive environments, setting the conditions for innovative practices both in and outside of the frame of the inscription

Training and dual processes in human thinking

The aim of the research presented in this thesis was to investigate the effects of trainin- on reasoning and decision making performance. In Experiment Ia study is reported which examined the relationships between performance on a variety of reasoning tasks and measures of individual differences. Tasks employed were documented in the literature for their differential responding according to heuristic and analytic processes. The reasoning tasks to be utilised in the training studies were also validated. In Chapter 4, two statistical training studies are reported which demonstrate that analytic responding on everyday reasoning problems can be increased after instruction on the Law Of Large Numbers. Bias was eliminated, but only on written justifications of their responses. Belief-based responding was still utilised when participants were asked for a quick indication of argument strength on a rating scale. This demonstrates a dissociation between analytic and belief-based responding. A second series of experiments explored the effects of both abstract and schema-based training on selection task responding. All the training procedures resulted in positive transfer apart from training on the logic of the material conditional which facilitated perforinance on arbitrary tasks only. Relationships between perforinance on the tasks post-training and cognitive ability indicated that training was more effective for higher ability participants. The differential training effects were discussed in terrns of complexity of training procedures. The findings overall have implications for dual process theories of reasoning. The findings suggest that the interaction between training and System I and System 2 tasks/responses is a great deal more complicated than the simple analysis that is afforded by dual process accounts.the Economic and Social Research Counci