7 research outputs found

    Fast exact algorithms for some connectivity problems parametrized by clique-width

    Full text link
    Given a clique-width kk-expression of a graph GG, we provide 2O(k)⋅n2^{O(k)}\cdot n time algorithms for connectivity constraints on locally checkable properties such as Node-Weighted Steiner Tree, Connected Dominating Set, or Connected Vertex Cover. We also propose a 2O(k)⋅n2^{O(k)}\cdot n time algorithm for Feedback Vertex Set. The best running times for all the considered cases were either 2O(k⋅log⁡(k))⋅nO(1)2^{O(k\cdot \log(k))}\cdot n^{O(1)} or worse

    Improved Algorithms for the Approximate k-List Problem in Euclidean Norm

    Get PDF
    We present an algorithm for the approximate kk-List problem for the Euclidean distance that improves upon the Bai-Laarhoven-Stehle (BLS) algorithm from ANTS\u2716. The improvement stems from the observation that almost all the solutions to the approximate kk-List problem form a particular configuration in nn-dimensional space. Due to special properties of configurations, it is much easier to verify whether a kk-tuple forms a configuration rather than checking whether it gives a solution to the kk-List problem. Thus, phrasing the kk-List problem as a problem of finding such configurations immediately gives a better algorithm. Furthermore, the search for configurations can be sped up using techniques from Locality-Sensitive Hashing (LSH). Stated in terms of configuration-search, our LSH-like algorithm offers a broader picture on previous LSH algorithms. For the Shortest Vector Problem, our configuration-search algorithm results in an exponential improvement for memory-efficient sieving algorithms. For k=3k=3, it allows us to bring down the complexity of the BLS sieve algorithm on an nn-dimensional lattice from 20.4812n+o(n)2^{0.4812n+o(n)} to 20.3962n+o(n)2^{0.3962n + o(n)} with the same space-requirement 20.1887n+o(n)2^{0.1887n + o(n)}. Note that our algorithm beats the Gauss Sieve algorithm with time resp. space requirements of 20.415n+o(n)2^{0.415n+o(n)} resp. 20.208n+o(n)2^{0.208n + o(n)}, while being easy to implement. Using LSH techniques, we can further reduce the time complexity down to 20.3717n+o(n)2^{0.3717n + o(n)} while retaining a memory complexity of 20.1887n+o(n)2^{0.1887n+o(n)}

    Enforcing security policies with runtime monitors

    Get PDF
    Le monitorage (monitoring) est une approche pour la sĂ©curisation du code qui permet l'exĂ©cution d’un code potentiellement malicieux en observant son exĂ©cution, et en intervenant au besoin pour Ă©viter une violation d’une politique de sĂ©curitĂ©. Cette mĂ©thode a plusieurs applications prometteuses, notamment en ce qui a trait Ă  la sĂ©curisation du code mobile. Les recherches acadĂ©miques sur le monitorage se sont gĂ©nĂ©ralement concentrĂ©es sur deux questions. La premiĂšre est celle de dĂ©limiter le champ des politiques de sĂ©curitĂ© applicables par des moniteurs opĂ©rant sous diffĂ©rentes contraintes. La seconde question est de construire des mĂ©thodes permettant d’insĂ©rer un moniteur dans un programme, ce qui produit un nouveau programme instrumentĂ© qui respecte la politique de sĂ©curitĂ© appliquĂ©e par ce moniteur. Mais malgrĂ© le fait qu’une vaste gamme de moniteurs a Ă©tĂ© Ă©tudiĂ©e dans la littĂ©rature, les travaux sur l’insertion des moniteurs dans les programmes se sont limitĂ©s Ă  une classe particuliĂšre de moniteurs, qui sont parmi les plus simples et les plus restreint quant Ă  leur champ de politiques applicables. Cette thĂšse Ă©tend les deux avenues de recherches mentionnĂ©es prĂ©cĂ©demment et apporte un Ă©clairage nouveau Ă  ces questions. Elle s’attarde en premier lieu Ă  Ă©tendre le champ des politiques applicables par monitorage en dĂ©veloppabt une nouvelle approche pour l’insertion d’un moniteur dans un programme. En donnant au moniteur accĂšs Ă  un modĂšle du comportement du programme, l’étude montre que le moniteur acquiert la capacitĂ© d’appliquer une plus vaste gamme de politiques de sĂ©curitĂ©. De plus, les recherches ont aussi dÂŽemontrĂ© qu’un moniteur capable de transformer l’exĂ©cution qu’il surveille est plus puissant qu’un moniteur qui ne possĂšde pas cette capacitĂ©. Naturellement, des contraintes doivent ĂȘtre imposĂ©es sur cette capacitĂ© pour que l’application de la politique soit cohĂ©rente. Autrement, si aucune restriction n’est imposĂ©e au moniteur, n’importe quelle politique devient applicable, mais non d’une maniĂšre utile ou dĂ©sirable. Dans cette Ă©tude, nous proposons deux nouveaux paradigmes d’application des politiques de sĂ©curitĂ© qui permettent d’incorporer des restrictions raisonnables imposĂ©es sur la capacitĂ© des moniteurs de transformer les exĂ©cutions sous leur contrĂŽle. Nous Ă©tudions le champ des politiques applicables avec ces paradigmes et donnons des exemples de politiques rĂ©elles qui peuvent ĂȘtre appliquĂ©es Ă  l’aide de notre approche.Execution monitoring is an approach that seeks to allow an untrusted code to run safely by observing its execution and reacting if need be to prevent a potential violation of a user-supplied security policy. This method has many promising applications, particularly with respect to the safe execution of mobile code. Academic research on monitoring has generally focused on two questions. The first, relates to the set of policies that can be enforced by monitors under various constraints and the conditions under which this set can be extended. The second question deals with the way to inline a monitor into an untrusted or potentially malicious program in order to produce a new instrumented program that provably respects the desired security policy. This study builds on the two strands of research mentioned above and brings new insights to this study. It seeks, in the first place, to increase the scope of monitorable properties by suggesting a new approach of monitor inlining. By drawing on an a priori model of the program’s possible behavior, we develop a monitor that can enforce a strictly larger set of security properties. Furthermore, longstanding research has showed that a monitor that is allowed to transform its input is more powerful than one lacking this ability. Naturally, this ability must be constrained for the enforcement to be meaningful. Otherwise, if the monitor is given too broad a leeway to transform valid and invalid sequences, any property can be enforced, but not in a way that is useful or desirable. In this study, we propose two new enforcement paradigms which capture reasonable restrictions on a monitor’s ability to alter its input. We study the set of properties enforceable if these enforcement paradigms are used and give examples of real-life security policies that can be enforced using our approach

    Runtime verification on data-carrying traces

    No full text
    Malfunctioning software systems can cause severe loss of money, sensitive data, or even human life. The ambition is therefore to verify these systems not only statically, but also monitor their behaviour at runtime. For the latter case, the temporal logic LTL---a de facto standard specification formalism in runtime verification---is widely used and well-understood. However, propositional variables are usually not a natural nor sufficient model to represent the behaviour of complex, interactive systems that can process arbitrary input values. Consequently, there is a demand for more expressive formalisms that are defined what we call traces with data, i.e., traces that contain propositions enriched with values from a (possibly) infinite domain. This thesis studies the runtime monitoring with data for a natural extension of LTL that includes first-order quantification, called LTLFO. The logic's quantifiers range over values that appear in a trace. Under assumptions laid out of what should arguably be considered a ``proper'' runtime monitor, this thesis first identifies and analyses the underlying decision problems of monitoring properties in LTL and LTLFO. Moreover, it proposes a monitoring procedure for the latter. A result is that LTLFO is undecidable, and the prefix problem too, which an online monitor has to preferably solve to coincide with monotonicity. Hence, the obtained monitor cannot be complete for LTLFO; however, this thesis proves the soundness of its construction and gives experimental results from an implementation, in order to justify its usefulness and efficiency in practice. The monitor is based on a new type of automaton, called spawning automaton; it helps to efficiently decide what parts of a possibly infinite state space need to be memorised at runtime. Furthermore, the problem occurs that not every property can be monitored trace-length independently, which is possible in LTL. For that reason, a hierarchy of effectively monitorable properties is proposed. It distinguishes properties for which a monitor requires only constant memory from ones for which a monitor inevitably has to grow ad infinitum, independently of how the future of a trace evolves. Last but not least, a proof of concept validates the monitoring means developed in this thesis on a widely established system with intensive data use: Malicious behaviour is checked on Android devices based on the most comprehensive malware set presently available. The overall detection and false positive rates are 93.9% and 28%, respectively. As a means of conducting the experiments and as a contribution in itself, an application-agnostic logging-layer for the Android system has been developed and its technical insights are explained. It aims at leveraging runtime verification techniques on Android, like other domain-specific instrumentation approaches did, such as AspectJ for Java

    On locally checkable properties

    No full text
    Abstract. The large computational price of formal verification of general ωregular properties has led to the study of restricted classes of properties, and to the development of verification methodologies for them. Examples that have been widely accepted by the industry include the verification of safety properties, and bounded model checking. We introduce and study another restricted class of properties – the class of locally checkable properties. For an integer k ≄ 1, a language L ⊆ ÎŁ ω is k-checkable if there is a language R ⊆ ÎŁ k (of “allowed subwords”) such that a word w belongs to L iff all the subwords of w of length k belong to R. A property is locally checkable if its language is k-checkable for some k. Locally checkable properties, which are a special case of safety properties, are common in the specification of systems. In particular, one can often bound an eventuality constraint in a property by a fixed time frame. The practical importance of locally checkable properties lies in the low memory demand for their run-time verification. A monitor for a k-checkable property needs only a record of the last k computation cycles. Furthermore, even if a large number of k-checkable properties are monitored, the monitors can share their memory, resulting in memory demand that do not depend on the number of properties monitored. This advantage of locally checkable properties makes them particularly suitable for run-time verification. In the paper, we define locally checkable languages, study their relation to other restricted classes of properties, study the question of deciding whether a property is locally checkable, and study the relation between the size of the property (specified by an LTL formula or an automaton) and the smallest k for which the property is k-checkable.

    Fast exact algorithms for some connectivity problems parametrized by clique-width

    No full text
    Given a clique-width kk-expression of a graph GG, we provide 2O(k)⋅n2^{O(k)}\cdot n time algorithms for connectivity constraints on locally checkable properties such as Node-Weighted Steiner Tree, Connected Dominating Set, or Connected Vertex Cover. We also propose a 2O(k)⋅n2^{O(k)}\cdot n time algorithm for Feedback Vertex Set. The best running times for all the considered cases were either 2O(k⋅log⁡(k))⋅nO(1)2^{O(k\cdot \log(k))}\cdot n^{O(1)} or worse

    A Meta-Algorithm for Solving Connectivity and Acyclicity Constraints on Locally Checkable Properties Parameterized by Graph Width Measures

    No full text
    In this paper, we design a framework to obtain efficient algorithms for several problems with a global constraint (acyclicity or connectivity) such as Connected Dominating Set, Node Weighted Steiner Tree, Maximum Induced Tree, Longest Induced Path, and Feedback Vertex Set. We design a meta-algorithm that solves all these problems and whose running time is upper bounded by 2O(k)⋅nO(1)2^{O(k)}\cdot n^{O(1)}, 2O(klog⁡(k))⋅nO(1)2^{O(k \log(k))}\cdot n^{O(1)}, 2O(k2)⋅nO(1)2^{O(k^2)}\cdot n^{O(1)} and nO(k)n^{O(k)} where kk is respectively the clique-width, Q\mathbb{Q}-rank-width, rank-width and maximum induced matching width of a given decomposition.Our meta-algorithm simplifies and unifies the known algorithms for each of the parameters and its running time matches asymptotically also the running times of the best known algorithms for basic NP-hard problems such as Vertex Cover and Dominating Set.Our framework is based on the dd-neighbor equivalence defined in [Bui-Xuan, Telle and Vatshelle, TCS 2013].The results we obtain highlight the importance of this equivalence relation on the algorithmic applications of width measures. We also prove that our framework could be useful for W[1]W[1]-hard problems parameterized by clique-width such as Max Cut and Maximum Minimal Cut.For these latter problems, we obtain nO(k)n^{O(k)}, nO(k)n^{O(k)} and n2O(k)n^{2^{O(k)}} time algorithms where kk is respectively the clique-width, the Q\mathbb{Q}-rank-width and the rank-width of the input graph
    corecore