The Anatomy and Facets of Dynamic Policies

Information flow policies are often dynamic; the security concerns of a program will typically change during execution to reflect security-relevant events. A key challenge is how to best specify, and give proper meaning to, such dynamic policies. A large number of approaches exist that tackle that challenge, each yielding some important, but unconnected, insight. In this work we synthesise existing knowledge on dynamic policies, with an aim to establish a common terminology, best practices, and frameworks for reasoning about them. We introduce the concept of facets to illuminate subtleties in the semantics of policies, and closely examine the anatomy of policies and the expressiveness of policy specification mechanisms. We further explore the relation between dynamic policies and the concept of declassification.Comment: Technical Report of publication under the same name in Computer Security Foundations (CSF) 201

Dynamic-Epistemic reasoning on distributed systems

We propose a new logic designed for modelling and reasoning about information flow and information exchange between spatially located (but potentially mobile), interconnected agents witnessing a distributed computation. This is a major problem in the field of distributed systems, covering many different issues, with potential applications from Computer Science and Economy to Chemistry and Systems Biology. Underpinning on the dual algebraical-coalgebraical characteristics of process calculi, we design a decidable and completely axiomatizad logic that combines the processalgebraical/ equational and the modal/coequational features and is developed for process-algebraical semantics. The construction is done by mixing operators from dynamic and epistemic logics with operators from spatial logics for distributed and mobile systems. This is the preliminary version of a paper that will appear in Proceedings of the second Conference on Algebra and Coalgebra in Computer Science (CALCO2007), LNCS 4624, Springer, 2007. The original publication is available at www.springerlink.co

Conditional Spectrum Computation Incorporating Multiple Causal Earthquakes and Ground‐Motion Prediction Models

The Conditional Spectrum (CS) is a target spectrum (with conditional mean and conditional standard deviation) that links seismic hazard information with ground motion selection for nonlinear dynamic analysis. Probabilistic seismic hazard analysis (PSHA) estimates the ground motion hazard by incorporating the aleatory uncertainties in all earthquake scenarios and resulting ground motions as well as the epistemic uncertainties in ground motion prediction models (GMPMs) and seismic source models. Typical CS calculations to date are produced for a single earthquake scenario using a single GMPM, but more precise use requires consideration of at least multiple causal earthquakes and multiple GMPMs that are often considered in a PSHA computation. This paper presents the mathematics underlying these more precise CS calculations. Despite requiring more effort to compute than approximate calculations using a single causal earthquake and GMPM, the proposed approach produces an exact output that has a theoretical basis. To demonstrate the results of this approach and compare the exact and approximate calculations, several example calculations are performed for real sites in the western U.S. (WUS). The results also provide some insights regarding the circumstances under which approximate results are likely to closely match more exact results. To facilitate these more precise calculations for real applications, the exact CS calculations can now be performed for real sites in the U.S. using new deaggregation features in the U.S. Geological Survey hazard mapping tools. Details regarding this implementation are discussed in this paper

A Temporal Logic for Hyperproperties

Hyperproperties, as introduced by Clarkson and Schneider, characterize the correctness of a computer program as a condition on its set of computation paths. Standard temporal logics can only refer to a single path at a time, and therefore cannot express many hyperproperties of interest, including noninterference and other important properties in security and coding theory. In this paper, we investigate an extension of temporal logic with explicit path variables. We show that the quantification over paths naturally subsumes other extensions of temporal logic with operators for information flow and knowledge. The model checking problem for temporal logic with path quantification is decidable. For alternation depth 1, the complexity is PSPACE in the length of the formula and NLOGSPACE in the size of the system, as for linear-time temporal logic

Modeling Belief in Dynamic Systems, Part II: Revision and Update

The study of belief change has been an active area in philosophy and AI. In recent years two special cases of belief change, belief revision and belief update, have been studied in detail. In a companion paper (Friedman & Halpern, 1997), we introduce a new framework to model belief change. This framework combines temporal and epistemic modalities with a notion of plausibility, allowing us to examine the change of beliefs over time. In this paper, we show how belief revision and belief update can be captured in our framework. This allows us to compare the assumptions made by each method, and to better understand the principles underlying them. In particular, it shows that Katsuno and Mendelzon's notion of belief update (Katsuno & Mendelzon, 1991a) depends on several strong assumptions that may limit its applicability in artificial intelligence. Finally, our analysis allow us to identify a notion of minimal change that underlies a broad range of belief change operations including revision and update.Comment: See http://www.jair.org/ for other files accompanying this articl