413 research outputs found
A unifying Petri net model of non-interference and non-deducibility information flow security
In this paper we introduce FIFO Information Flow Nets (FIFN) as a model for describing information flow security properties. The FIFN is based on Petri nets and has been derived from the work described in [Var89], [Var90] and [Rou86]. Using this new model, we present the information flow security properties Non-Interference between Places (which corresponds to Non-Interference) and Non-Deducibility on Views (which corresponds to Non-Deducibility on Inputs). Then we consider a very general composition operation and show that neither Non-Interference on Places nor Non-Deducibility on Views is preserved under this composition operation. This leads us to a new definition of information flow security referred to as the Feedback Non-Deducibility on Views. We then show that this definition is preserved under the composition operation. This leads us to a new definition of information flow security referred to as the Feedback Non-Deducibility on Views. We then show that this definition is preserved under the composition operation. We then show some similarities between this property and the notion of Non-Deducibility on Strategies
Fifty years of Hoare's Logic
We present a history of Hoare's logic.Comment: 79 pages. To appear in Formal Aspects of Computin
Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems
This thesis addresses the foundational aspects of formal methods for
applications in security and in particular in anonymity. More concretely, we
develop frameworks for the specification of anonymity properties and propose
algorithms for their verification. Since in practice anonymity protocols always
leak some information, we focus on quantitative properties, which capture the
amount of information leaked by a protocol.
The main contribution of this thesis is cpCTL, the first temporal logic that
allows for the specification and verification of conditional probabilities
(which are the key ingredient of most anonymity properties). In addition, we
have considered several prominent definitions of information-leakage and
developed the first algorithms allowing us to compute (and even approximate)
the information leakage of anonymity protocols according to these definitions.
We have also studied a well-known problem in the specification and analysis of
distributed anonymity protocols, namely full-information scheduling. To
overcome this problem, we have proposed an alternative notion of scheduling and
adjusted accordingly several anonymity properties from the literature. Our last
major contribution is a debugging technique that helps on the detection of
flaws in security protocols.Comment: thesis, ISBN: 978-94-91211-74-
RHLE: Modular Deductive Verification of Relational Properties
Relational program logics are used to prove that a desired relationship holds
between the execution of multiple programs. Existing relational program logics
have focused on verifying that all runs of a collection of programs do not fall
outside a desired set of behaviors. Several important relational properties,
including refinement and noninterference, do not fit into this category, as
they require the existence of specific desirable executions. This paper
presents RHLE, a logic for verifying a class of relational properties which we
term properties. properties assert that for
all executions of a collection of programs, there exist executions of another
set of programs exhibiting some intended behavior. Importantly, RHLE can reason
modularly about programs which make library calls, ensuring that
properties are preserved when the programs are linked with any
valid implementation of the library. To achieve this, we develop a novel form
of function specification that requires the existence of certain behaviors in
valid implementations. We have built a tool based on RHLE which we use to
verify a diverse set of relational properties drawn from the literature,
including refinement and generalized noninterference
Controller Synthesis for Autonomous Systems Interacting With Human Operators
We propose an approach to synthesize control protocols for autonomous systems that account for uncertainties and imperfections in interactions with human operators. As an illustrative example, we consider a scenario involving road network surveillance by an unmanned aerial vehicle (UAV) that is controlled remotely by a human operator but also has a certain degree of autonomy. Depending on the type (i.e., probabilistic and/or nondeterministic) of knowledge about the uncertainties and imperfections in the operatorautonomy interactions, we use abstractions based on Markov decision processes and augment these models to stochastic two-player games. Our approach enables the synthesis of operator-dependent optimal mission plans for the UAV, highlighting the effects of operator characteristics (e.g., workload, proficiency, and fatigue) on UAV mission performance; it can also provide informative feedback (e.g., Pareto curves showing the trade-offs between multiple mission objectives), potentially assisting the operator in decision-making
Towards the fast and robust optimal design of Wireless Body Area Networks
Wireless body area networks are wireless sensor networks whose adoption has
recently emerged and spread in important healthcare applications, such as the
remote monitoring of health conditions of patients. A major issue associated
with the deployment of such networks is represented by energy consumption: in
general, the batteries of the sensors cannot be easily replaced and recharged,
so containing the usage of energy by a rational design of the network and of
the routing is crucial. Another issue is represented by traffic uncertainty:
body sensors may produce data at a variable rate that is not exactly known in
advance, for example because the generation of data is event-driven. Neglecting
traffic uncertainty may lead to wrong design and routing decisions, which may
compromise the functionality of the network and have very bad effects on the
health of the patients. In order to address these issues, in this work we
propose the first robust optimization model for jointly optimizing the topology
and the routing in body area networks under traffic uncertainty. Since the
problem may result challenging even for a state-of-the-art optimization solver,
we propose an original optimization algorithm that exploits suitable linear
relaxations to guide a randomized fixing of the variables, supported by an
exact large variable neighborhood search. Experiments on realistic instances
indicate that our algorithm performs better than a state-of-the-art solver,
fast producing solutions associated with improved optimality gaps.Comment: Authors' manuscript version of the paper that was published in
Applied Soft Computin
- …