9,572 research outputs found
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Automatic Liver Segmentation Using an Adversarial Image-to-Image Network
Automatic liver segmentation in 3D medical images is essential in many
clinical applications, such as pathological diagnosis of hepatic diseases,
surgical planning, and postoperative assessment. However, it is still a very
challenging task due to the complex background, fuzzy boundary, and various
appearance of liver. In this paper, we propose an automatic and efficient
algorithm to segment liver from 3D CT volumes. A deep image-to-image network
(DI2IN) is first deployed to generate the liver segmentation, employing a
convolutional encoder-decoder architecture combined with multi-level feature
concatenation and deep supervision. Then an adversarial network is utilized
during training process to discriminate the output of DI2IN from ground truth,
which further boosts the performance of DI2IN. The proposed method is trained
on an annotated dataset of 1000 CT volumes with various different scanning
protocols (e.g., contrast and non-contrast, various resolution and position)
and large variations in populations (e.g., ages and pathology). Our approach
outperforms the state-of-the-art solutions in terms of segmentation accuracy
and computing efficiency.Comment: Accepted by MICCAI 201
Provably correct Java implementations of Spi Calculus security protocols specifications
Spi Calculus is an untyped high level modeling language for security protocols, used for formal protocols specification and verification. In this paper, a type system for the Spi Calculus and a translation function are formally defined, in order to formalize the refinement of a Spi Calculus specification into a Java implementation. The Java implementation generated by the translation function uses a custom Java library. Formal conditions on such library are stated, so that, if the library implementation code satisfies such conditions, then the generated Java implementation correctly simulates the Spi Calculus specification. A verified implementation of part of the custom library is further presente
The thermodynamics of prediction
A system responding to a stochastic driving signal can be interpreted as
computing, by means of its dynamics, an implicit model of the environmental
variables. The system's state retains information about past environmental
fluctuations, and a fraction of this information is predictive of future ones.
The remaining nonpredictive information reflects model complexity that does not
improve predictive power, and thus represents the ineffectiveness of the model.
We expose the fundamental equivalence between this model inefficiency and
thermodynamic inefficiency, measured by dissipation. Our results hold
arbitrarily far from thermodynamic equilibrium and are applicable to a wide
range of systems, including biomolecular machines. They highlight a profound
connection between the effective use of information and efficient thermodynamic
operation: any system constructed to keep memory about its environment and to
operate with maximal energetic efficiency has to be predictive.Comment: 5 pages, 1 figur
Liveness of Randomised Parameterised Systems under Arbitrary Schedulers (Technical Report)
We consider the problem of verifying liveness for systems with a finite, but
unbounded, number of processes, commonly known as parameterised systems.
Typical examples of such systems include distributed protocols (e.g. for the
dining philosopher problem). Unlike the case of verifying safety, proving
liveness is still considered extremely challenging, especially in the presence
of randomness in the system. In this paper we consider liveness under arbitrary
(including unfair) schedulers, which is often considered a desirable property
in the literature of self-stabilising systems. We introduce an automatic method
of proving liveness for randomised parameterised systems under arbitrary
schedulers. Viewing liveness as a two-player reachability game (between
Scheduler and Process), our method is a CEGAR approach that synthesises a
progress relation for Process that can be symbolically represented as a
finite-state automaton. The method is incremental and exploits both
Angluin-style L*-learning and SAT-solvers. Our experiments show that our
algorithm is able to prove liveness automatically for well-known randomised
distributed protocols, including Lehmann-Rabin Randomised Dining Philosopher
Protocol and randomised self-stabilising protocols (such as the Israeli-Jalfon
Protocol). To the best of our knowledge, this is the first fully-automatic
method that can prove liveness for randomised protocols.Comment: Full version of CAV'16 pape
Learning to Prove Safety over Parameterised Concurrent Systems (Full Version)
We revisit the classic problem of proving safety over parameterised
concurrent systems, i.e., an infinite family of finite-state concurrent systems
that are represented by some finite (symbolic) means. An example of such an
infinite family is a dining philosopher protocol with any number n of processes
(n being the parameter that defines the infinite family). Regular model
checking is a well-known generic framework for modelling parameterised
concurrent systems, where an infinite set of configurations (resp. transitions)
is represented by a regular set (resp. regular transducer). Although verifying
safety properties in the regular model checking framework is undecidable in
general, many sophisticated semi-algorithms have been developed in the past
fifteen years that can successfully prove safety in many practical instances.
In this paper, we propose a simple solution to synthesise regular inductive
invariants that makes use of Angluin's classic L* algorithm (and its variants).
We provide a termination guarantee when the set of configurations reachable
from a given set of initial configurations is regular. We have tested L*
algorithm on standard (as well as new) examples in regular model checking
including the dining philosopher protocol, the dining cryptographer protocol,
and several mutual exclusion protocols (e.g. Bakery, Burns, Szymanski, and
German). Our experiments show that, despite the simplicity of our solution, it
can perform at least as well as existing semi-algorithms.Comment: Full version of FMCAD'17 pape
- ā¦