7 research outputs found
Fast exact algorithms for some connectivity problems parametrized by clique-width
Given a clique-width -expression of a graph , we provide time algorithms for connectivity constraints on locally checkable properties
such as Node-Weighted Steiner Tree, Connected Dominating Set, or Connected
Vertex Cover. We also propose a time algorithm for Feedback
Vertex Set. The best running times for all the considered cases were either
or worse
Improved Algorithms for the Approximate k-List Problem in Euclidean Norm
We present an algorithm for the approximate -List problem for the Euclidean distance that improves upon the Bai-Laarhoven-Stehle (BLS) algorithm from ANTS\u2716. The improvement stems from the observation that almost all the solutions to the approximate -List problem form a particular configuration in -dimensional space. Due to special properties of configurations, it is much easier to verify whether a -tuple forms a configuration rather than checking whether it gives a solution to the -List problem. Thus, phrasing the -List problem as a problem of finding such configurations immediately gives a better algorithm. Furthermore, the search for configurations can be sped up using techniques from Locality-Sensitive Hashing (LSH). Stated in terms of configuration-search, our LSH-like algorithm offers a broader picture on previous LSH algorithms.
For the Shortest Vector Problem, our configuration-search algorithm results in an exponential improvement for memory-efficient sieving algorithms. For , it allows us to bring down the complexity of the BLS sieve algorithm on an -dimensional lattice from to with the same space-requirement . Note that our algorithm beats the Gauss Sieve algorithm with time resp. space requirements of resp. , while being easy to implement. Using LSH techniques, we can further reduce the time complexity down to while retaining a memory complexity of
Enforcing security policies with runtime monitors
Le monitorage (monitoring) est une approche pour la sĂ©curisation du code qui permet l'exĂ©cution dâun code potentiellement malicieux en observant son exĂ©cution, et en intervenant au besoin pour Ă©viter une violation dâune politique de sĂ©curitĂ©. Cette mĂ©thode a plusieurs applications prometteuses, notamment en ce qui a trait Ă la sĂ©curisation du code mobile. Les recherches acadĂ©miques sur le monitorage se sont gĂ©nĂ©ralement concentrĂ©es sur deux questions. La premiĂšre est celle de dĂ©limiter le champ des politiques de sĂ©curitĂ© applicables par des moniteurs opĂ©rant sous diffĂ©rentes contraintes. La seconde question est de construire des mĂ©thodes permettant dâinsĂ©rer un moniteur dans un programme, ce qui produit un nouveau programme instrumentĂ© qui respecte la politique de sĂ©curitĂ© appliquĂ©e par ce moniteur. Mais malgrĂ© le fait quâune vaste gamme de moniteurs a Ă©tĂ© Ă©tudiĂ©e dans la littĂ©rature, les travaux sur lâinsertion des moniteurs dans les programmes se sont limitĂ©s Ă une classe particuliĂšre de moniteurs, qui sont parmi les plus simples et les plus restreint quant Ă leur champ de politiques applicables. Cette thĂšse Ă©tend les deux avenues de recherches mentionnĂ©es prĂ©cĂ©demment et apporte un Ă©clairage nouveau Ă ces questions. Elle sâattarde en premier lieu Ă Ă©tendre le champ des politiques applicables par monitorage en dĂ©veloppabt une nouvelle approche pour lâinsertion dâun moniteur dans un programme. En donnant au moniteur accĂšs Ă un modĂšle du comportement du programme, lâĂ©tude montre que le moniteur acquiert la capacitĂ© dâappliquer une plus vaste gamme de politiques de sĂ©curitĂ©. De plus, les recherches ont aussi dÂŽemontrĂ© quâun moniteur capable de transformer lâexĂ©cution quâil surveille est plus puissant quâun moniteur qui ne possĂšde pas cette capacitĂ©. Naturellement, des contraintes doivent ĂȘtre imposĂ©es sur cette capacitĂ© pour que lâapplication de la politique soit cohĂ©rente. Autrement, si aucune restriction nâest imposĂ©e au moniteur, nâimporte quelle politique devient applicable, mais non dâune maniĂšre utile ou dĂ©sirable. Dans cette Ă©tude, nous proposons deux nouveaux paradigmes dâapplication des politiques de sĂ©curitĂ© qui permettent dâincorporer des restrictions raisonnables imposĂ©es sur la capacitĂ© des moniteurs de transformer les exĂ©cutions sous leur contrĂŽle. Nous Ă©tudions le champ des politiques applicables avec ces paradigmes et donnons des exemples de politiques rĂ©elles qui peuvent ĂȘtre appliquĂ©es Ă lâaide de notre approche.Execution monitoring is an approach that seeks to allow an untrusted code to run safely by observing its execution and reacting if need be to prevent a potential violation of a user-supplied security policy. This method has many promising applications, particularly with respect to the safe execution of mobile code. Academic research on monitoring has generally focused on two questions. The first, relates to the set of policies that can be enforced by monitors under various constraints and the conditions under which this set can be extended. The second question deals with the way to inline a monitor into an untrusted or potentially malicious program in order to produce a new instrumented program that provably respects the desired security policy. This study builds on the two strands of research mentioned above and brings new insights to this study. It seeks, in the first place, to increase the scope of monitorable properties by suggesting a new approach of monitor inlining. By drawing on an a priori model of the programâs possible behavior, we develop a monitor that can enforce a strictly larger set of security properties. Furthermore, longstanding research has showed that a monitor that is allowed to transform its input is more powerful than one lacking this ability. Naturally, this ability must be constrained for the enforcement to be meaningful. Otherwise, if the monitor is given too broad a leeway to transform valid and invalid sequences, any property can be enforced, but not in a way that is useful or desirable. In this study, we propose two new enforcement paradigms which capture reasonable restrictions on a monitorâs ability to alter its input. We study the set of properties enforceable if these enforcement paradigms are used and give examples of real-life security policies that can be enforced using our approach
Runtime verification on data-carrying traces
Malfunctioning software systems can cause severe loss of money,
sensitive data, or even human life. The ambition is therefore to
verify these systems not only statically, but also monitor their
behaviour at runtime. For the latter case, the temporal logic
LTL---a de facto standard specification formalism in runtime
verification---is widely used and well-understood. However,
propositional variables are usually not a natural nor sufficient
model to represent the behaviour of complex, interactive systems
that can process arbitrary input values. Consequently, there is a
demand for more expressive formalisms that are defined what we
call traces with data, i.e., traces that contain propositions
enriched with values from a (possibly) infinite domain.
This thesis studies the runtime monitoring with data for a
natural extension of LTL that includes first-order
quantification, called LTLFO. The logic's quantifiers range over
values that appear in a trace. Under assumptions laid out of what
should arguably be considered a ``proper'' runtime monitor, this
thesis first identifies and analyses the underlying decision
problems of monitoring properties in LTL and LTLFO. Moreover, it
proposes a monitoring procedure for the latter. A result is that
LTLFO is undecidable, and the prefix problem too, which an online
monitor has to preferably solve to coincide with monotonicity.
Hence, the obtained monitor cannot be complete for LTLFO;
however, this thesis proves the soundness of its construction and
gives experimental results from an implementation, in order to
justify its usefulness and efficiency in practice. The monitor is
based on a new type of automaton, called spawning automaton; it
helps to efficiently decide what parts of a possibly infinite
state space need to be memorised at runtime. Furthermore, the
problem occurs that not every property can be monitored
trace-length independently, which is possible in LTL. For that
reason, a hierarchy of effectively monitorable properties is
proposed. It distinguishes properties for which a monitor
requires only constant memory from ones for which a monitor
inevitably has to grow ad infinitum, independently of how the
future of a trace evolves.
Last but not least, a proof of concept validates the monitoring
means developed in this thesis on a widely established system
with intensive data use: Malicious behaviour is checked on
Android devices based on the most comprehensive malware set
presently available. The overall detection and false positive
rates are 93.9% and 28%, respectively. As a means of conducting
the experiments and as a contribution in itself, an
application-agnostic logging-layer for the Android system has
been developed and its technical insights are explained. It aims
at leveraging runtime verification techniques on Android, like
other domain-specific instrumentation approaches did, such as
AspectJ for Java
On locally checkable properties
Abstract. The large computational price of formal verification of general Ïregular properties has led to the study of restricted classes of properties, and to the development of verification methodologies for them. Examples that have been widely accepted by the industry include the verification of safety properties, and bounded model checking. We introduce and study another restricted class of properties â the class of locally checkable properties. For an integer k â„ 1, a language L â ÎŁ Ï is k-checkable if there is a language R â ÎŁ k (of âallowed subwordsâ) such that a word w belongs to L iff all the subwords of w of length k belong to R. A property is locally checkable if its language is k-checkable for some k. Locally checkable properties, which are a special case of safety properties, are common in the specification of systems. In particular, one can often bound an eventuality constraint in a property by a fixed time frame. The practical importance of locally checkable properties lies in the low memory demand for their run-time verification. A monitor for a k-checkable property needs only a record of the last k computation cycles. Furthermore, even if a large number of k-checkable properties are monitored, the monitors can share their memory, resulting in memory demand that do not depend on the number of properties monitored. This advantage of locally checkable properties makes them particularly suitable for run-time verification. In the paper, we define locally checkable languages, study their relation to other restricted classes of properties, study the question of deciding whether a property is locally checkable, and study the relation between the size of the property (specified by an LTL formula or an automaton) and the smallest k for which the property is k-checkable.
Fast exact algorithms for some connectivity problems parametrized by clique-width
Given a clique-width -expression of a graph , we provide time algorithms for connectivity constraints on locally checkable properties such as Node-Weighted Steiner Tree, Connected Dominating Set, or Connected Vertex Cover. We also propose a time algorithm for Feedback Vertex Set. The best running times for all the considered cases were either or worse
A Meta-Algorithm for Solving Connectivity and Acyclicity Constraints on Locally Checkable Properties Parameterized by Graph Width Measures
In this paper, we design a framework to obtain efficient algorithms for several problems with a global constraint (acyclicity or connectivity) such as Connected Dominating Set, Node Weighted Steiner Tree, Maximum Induced Tree, Longest Induced Path, and Feedback Vertex Set. We design a meta-algorithm that solves all these problems and whose running time is upper bounded by , , and where is respectively the clique-width, -rank-width, rank-width and maximum induced matching width of a given decomposition.Our meta-algorithm simplifies and unifies the known algorithms for each of the parameters and its running time matches asymptotically also the running times of the best known algorithms for basic NP-hard problems such as Vertex Cover and Dominating Set.Our framework is based on the -neighbor equivalence defined in [Bui-Xuan, Telle and Vatshelle, TCS 2013].The results we obtain highlight the importance of this equivalence relation on the algorithmic applications of width measures. We also prove that our framework could be useful for -hard problems parameterized by clique-width such as Max Cut and Maximum Minimal Cut.For these latter problems, we obtain , and time algorithms where is respectively the clique-width, the -rank-width and the rank-width of the input graph