144,282 research outputs found
Automated Certification of Authorisation Policy Resistance
Attribute-based Access Control (ABAC) extends traditional Access Control by
considering an access request as a set of pairs attribute name-value, making it
particularly useful in the context of open and distributed systems, where
security relevant information can be collected from different sources. However,
ABAC enables attribute hiding attacks, allowing an attacker to gain some access
by withholding information. In this paper, we first introduce the notion of
policy resistance to attribute hiding attacks. We then propose the tool ATRAP
(Automatic Term Rewriting for Authorisation Policies), based on the recent
formal ABAC language PTaCL, which first automatically searches for resistance
counter-examples using Maude, and then automatically searches for an Isabelle
proof of resistance. We illustrate our approach with two simple examples of
policies and propose an evaluation of ATRAP performances.Comment: 20 pages, 4 figures, version including proofs of the paper that will
be presented at ESORICS 201
Design and Analysis of an Estimation of Distribution Approximation Algorithm for Single Machine Scheduling in Uncertain Environments
In the current work we introduce a novel estimation of distribution algorithm
to tackle a hard combinatorial optimization problem, namely the single-machine
scheduling problem, with uncertain delivery times. The majority of the existing
research coping with optimization problems in uncertain environment aims at
finding a single sufficiently robust solution so that random noise and
unpredictable circumstances would have the least possible detrimental effect on
the quality of the solution. The measures of robustness are usually based on
various kinds of empirically designed averaging techniques. In contrast to the
previous work, our algorithm aims at finding a collection of robust schedules
that allow for a more informative decision making. The notion of robustness is
measured quantitatively in terms of the classical mathematical notion of a norm
on a vector space. We provide a theoretical insight into the relationship
between the properties of the probability distribution over the uncertain
delivery times and the robustness quality of the schedules produced by the
algorithm after a polynomial runtime in terms of approximation ratios
On the tree-transformation power of XSLT
XSLT is a standard rule-based programming language for expressing
transformations of XML data. The language is currently in transition from
version 1.0 to 2.0. In order to understand the computational consequences of
this transition, we restrict XSLT to its pure tree-transformation capabilities.
Under this focus, we observe that XSLT~1.0 was not yet a computationally
complete tree-transformation language: every 1.0 program can be implemented in
exponential time. A crucial new feature of version~2.0, however, which allows
nodesets over temporary trees, yields completeness. We provide a formal
operational semantics for XSLT programs, and establish confluence for this
semantics
The Hardness of Finding Linear Ranking Functions for Lasso Programs
Finding whether a linear-constraint loop has a linear ranking function is an
important key to understanding the loop behavior, proving its termination and
establishing iteration bounds. If no preconditions are provided, the decision
problem is known to be in coNP when variables range over the integers and in
PTIME for the rational numbers, or real numbers. Here we show that deciding
whether a linear-constraint loop with a precondition, specifically with
partially-specified input, has a linear ranking function is EXPSPACE-hard over
the integers, and PSPACE-hard over the rationals. The precise complexity of
these decision problems is yet unknown. The EXPSPACE lower bound is derived
from the reachability problem for Petri nets (equivalently, Vector Addition
Systems), and possibly indicates an even stronger lower bound (subject to open
problems in VAS theory). The lower bound for the rationals follows from a novel
simulation of Boolean programs. Lower bounds are also given for the problem of
deciding if a linear ranking-function supported by a particular form of
inductive invariant exists. For loops over integers, the problem is PSPACE-hard
for convex polyhedral invariants and EXPSPACE-hard for downward-closed sets of
natural numbers as invariants.Comment: In Proceedings GandALF 2014, arXiv:1408.5560. I thank the organizers
of the Dagstuhl Seminar 14141, "Reachability Problems for Infinite-State
Systems", for the opportunity to present an early draft of this wor
SAT-based Explicit LTL Reasoning
We present here a new explicit reasoning framework for linear temporal logic
(LTL), which is built on top of propositional satisfiability (SAT) solving. As
a proof-of-concept of this framework, we describe a new LTL satisfiability
tool, Aalta\_v2.0, which is built on top of the MiniSAT SAT solver. We test the
effectiveness of this approach by demonnstrating that Aalta\_v2.0 significantly
outperforms all existing LTL satisfiability solvers. Furthermore, we show that
the framework can be extended from propositional LTL to assertional LTL (where
we allow theory atoms), by replacing MiniSAT with the Z3 SMT solver, and
demonstrating that this can yield an exponential improvement in performance
Bug Hunting with False Negatives Revisited
Safe data abstractions are widely used for verification purposes. Positive verification results can be transferred from the abstract to the concrete system. When a property is violated in the abstract system, one still has to check whether a concrete violation scenario exists. However, even when the violation scenario is not reproducible in the concrete system (a false negative), it may still contain information on possible sources of bugs. Here, we propose a bug hunting framework based on abstract violation scenarios. We first extract a violation pattern from one abstract violation scenario. The violation pattern represents multiple abstract violation scenarios, increasing the chance that a corresponding concrete violation exists. Then, we look for a concrete violation that corresponds to the violation pattern by using constraint solving techniques. Finally, we define the class of counterexamples that we can handle and argue correctness of the proposed framework. Our method combines two formal techniques, model checking and constraint solving. Through an analysis of contracting and precise abstractions, we are able to integrate overapproximation by abstraction with concrete counterexample generation
Recommended from our members
Testing a deterministic implementation against a non-controllable non-deterministic stream X-machine
A stream X-machine is a type of extended finite state machine with an associated development approach that consists of building a system from a set of trusted components. One of the great benefits of using stream X-machines for the purpose of specification is the existence of test generation techniques that produce test suites that are guaranteed to determine correctness as long as certain well-defined conditions hold. One of the conditions that is traditionally assumed to hold is controllability: this insists that all paths through the stream X-machine are feasible. This restrictive condition has recently been weakened for testing from a deterministic stream X-machine. This paper shows how controllability can be replaced by a weaker condition when testing
a deterministic system against a non-deterministic stream X-machine. This paper therefore develops a new, more general, test generation algorithm for testing from a non-deterministic stream X-machine
- …