Security Analysis of Separation Kernels Specifications and a Framework for the Verification of Concurrent Implementations

Due to the new trend of integrating safe and secure functionalities into one separation kernel, security analysis of ARINC 653 as well as a formal specification with security proofs are thus significant for the development and certification of Separation Kernels (SKs). In this talk we present a specification development and security analysis method for ARINC SKs based on refinement. We present a security model for event-based non-Interference and a stepwise refinement framework that will allow us to check security on sequential SKs specifications. Moreover to be able to reason on SKs implementations running on top of multi-core architectures it is essential to deal with the interference of the environment between SKs instances running on different cores. Concurrent program reasoning techniques such as rely-guarantee can be leveraged to reason on multi-core SKs implementations. However the source code of the programs to be verified often involves language features such as exceptions and procedures which are not supported by the existing mechanizations of those concurrent reasoning techniques. CSimpl, is a rich specification language with concurrency-oriented language features and verification techniques that will allow reasoning on multi-core SKs implementations.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

Broadening the scope of weak quantum measurements I: A single particle accurately measured yet left superposed

Weak measurement is unique in enabling measurements of non-commuting operators as well as otherwise-undetectable peculiar phenomena predicted by the Two-State-Vector-Formalism (TSVF). This article, the first in two parts, explores novel applications of weak measurement. We first revisit the basic principles of quantum measurement with the aid of the Michelson interferometer. Weak measurement is then introduced in a simple visualized manner by a specific choice of the reflecting mirror's position and momentum uncertainties. Having introduced the method, we proceed to its refinement for a single particle. We consider a photon going back and forth inside the interferometer, oscillating between a superposed and a localized state, while subjected to alternating strong and weak measurements. This cyclic process enables directly measuring both the photon's position ("which-path") and momentum (interference), without disturbing either. An alternative explanation of this result, not invoking weak values, is thoroughly considered and shown to be at odds with the experimental data. Finally a practical application of this experiment is demonstrated, where a single photon measures the various transmission coefficients of a multiport beam-splitter yet remains superposed. This method is then generalized to measurement of the wave-function itself, performed again on a single particle.Comment: 20 pages, 5 figures. Submitted to Physical Review

1-Bit Massive MIMO Downlink Based on Constructive Interference

In this paper, we focus on the multiuser massive multiple-input single-output (MISO) downlink with low-cost 1-bit digital-to-analog converters (DACs) for PSK modulation, and propose a low-complexity refinement process that is applicable to any existing 1-bit precoding approaches based on the constructive interference (CI) formulation. With the decomposition of the signals along the detection thresholds, we first formulate a simple symbol-scaling method as the performance metric. The low-complexity refinement approach is subsequently introduced, where we aim to improve the introduced symbol-scaling performance metric by modifying the transmit signal on one antenna at a time. Numerical results validate the effectiveness of the proposed refinement method on existing approaches for massive MIMO with 1-bit DACs, and the performance improvements are most significant for the low-complexity quantized zero-forcing (ZF) method.Comment: 5 pages, EUSIPCO 201

Some Challenges of Specifying Concurrent Program Components

The purpose of this paper is to address some of the challenges of formally specifying components of shared-memory concurrent programs. The focus is to provide an abstract specification of a component that is suitable for use both by clients of the component and as a starting point for refinement to an implementation of the component. We present some approaches to devising specifications, investigating different forms suitable for different contexts. We examine handling atomicity of access to data structures, blocking operations and progress properties, and transactional operations that may fail and need to be retried.Comment: In Proceedings Refine 2018, arXiv:1810.0873

Source Broadcasting to the Masses: Separation has a Bounded Loss

This work discusses the source broadcasting problem, i.e. transmitting a source to many receivers via a broadcast channel. The optimal rate-distortion region for this problem is unknown. The separation approach divides the problem into two complementary problems: source successive refinement and broadcast channel transmission. We provide bounds on the loss incorporated by applying time-sharing and separation in source broadcasting. If the broadcast channel is degraded, it turns out that separation-based time-sharing achieves at least a factor of the joint source-channel optimal rate, and this factor has a positive limit even if the number of receivers increases to infinity. For the AWGN broadcast channel a better bound is introduced, implying that all achievable joint source-channel schemes have a rate within one bit of the separation-based achievable rate region for two receivers, or within $\log_2 T$ bits for $T$ receivers

Simplifying proofs of linearisability using layers of abstraction

Linearisability has become the standard correctness criterion for concurrent data structures, ensuring that every history of invocations and responses of concurrent operations has a matching sequential history. Existing proofs of linearisability require one to identify so-called linearisation points within the operations under consideration, which are atomic statements whose execution causes the effect of an operation to be felt. However, identification of linearisation points is a non-trivial task, requiring a high degree of expertise. For sophisticated algorithms such as Heller et al's lazy set, it even is possible for an operation to be linearised by the concurrent execution of a statement outside the operation being verified. This paper proposes an alternative method for verifying linearisability that does not require identification of linearisation points. Instead, using an interval-based logic, we show that every behaviour of each concrete operation over any interval is a possible behaviour of a corresponding abstraction that executes with coarse-grained atomicity. This approach is applied to Heller et al's lazy set to show that verification of linearisability is possible without having to consider linearisation points within the program code