Privacy-Preserving Reengineering of Model-View-Controller Application Architectures Using Linked Data

When a legacy system’s software architecture cannot be redesigned, implementing additional privacy requirements is often complex, unreliable and costly to maintain. This paper presents a privacy-by-design approach to reengineer web applications as linked data-enabled and implement access control and privacy preservation properties. The method is based on the knowledge of the application architecture, which for the Web of data is commonly designed on the basis of a model-view-controller pattern. Whereas wrapping techniques commonly used to link data of web applications duplicate the security source code, the new approach allows for the controlled disclosure of an application’s data, while preserving non-functional properties such as privacy preservation. The solution has been implemented and compared with existing linked data frameworks in terms of reliability, maintainability and complexity

Extensible sparse functional arrays with circuit parallelism

A longstanding open question in algorithms and data structures is the time and space complexity of pure functional arrays. Imperative arrays provide update and lookup operations that require constant time in the RAM theoretical model, but it is conjectured that there does not exist a RAM algorithm that achieves the same complexity for functional arrays, unless restrictions are placed on the operations. The main result of this paper is an algorithm that does achieve optimal unit time and space complexity for update and lookup on functional arrays. This algorithm does not run on a RAM, but instead it exploits the massive parallelism inherent in digital circuits. The algorithm also provides unit time operations that support storage management, as well as sparse and extensible arrays. The main idea behind the algorithm is to replace a RAM memory by a tree circuit that is more powerful than the RAM yet has the same asymptotic complexity in time (gate delays) and size (number of components). The algorithm uses an array representation that allows elements to be shared between many arrays with only a small constant factor penalty in space and time. This system exemplifies circuit parallelism, which exploits very large numbers of transistors per chip in order to speed up key algorithms. Extensible Sparse Functional Arrays (ESFA) can be used with both functional and imperative programming languages. The system comprises a set of algorithms and a circuit specification, and it has been implemented on a GPGPU with good performance

GLOVE: towards privacy-preserving publishing of record-level-truthful mobile phone trajectories

Datasets of mobile phone trajectories collected by network operators offer an unprecedented opportunity to discover new knowledge from the activity of large populations of millions. However, publishing such trajectories also raises significant privacy concerns, as they contain personal data in the form of individual movement patterns. Privacy risks induce network operators to enforce restrictive confidential agreements in the rare occasions when they grant access to collected trajectories, whereas a less involved circulation of these data would fuel research and enable reproducibility in many disciplines. In this work, we contribute a building block toward the design of privacy-preserving datasets of mobile phone trajectories that are truthful at the record level. We present GLOVE, an algorithm that implements k-anonymity, hence solving the crucial unicity problem that affects this type of data while ensuring that the anonymized trajectories correspond to real-life users. GLOVE builds on original insights about the root causes behind the undesirable unicity of mobile phone trajectories, and leverages generalization and suppression to remove them. Proof-of-concept validations with large-scale real-world datasets demonstrate that the approach adopted by GLOVE allows preserving a substantial level of accuracy in the data, higher than that granted by previous methodologies.This work was supported by the Atracción de Talento Investigador program of the Comunidad de Madrid under Grant No. 2019-T1/TIC-16037 NetSense

On duality relations for session types

Session types are a type formalism used to describe communication protocols over private session channels. Each participant in a binary session owns one endpoint of a session channel. A key notion is that of duality: the endpoints of a session channel should have dual session types in order to guarantee communication safety. Duality relations have been independently defined in different ways and different works, without considering their effect on the type system. In this paper we systematically study the existing duality relations and some new ones, and compare them in order to understand their expressiveness. The outcome is that those relations are split into two groups, one related to the na¨ıve inductive duality, and the other related to a notion of mutual compliance, which we borrow from the literature on contracts for web-services

Cooperative Privacy-Preserving Data Collection Protocol Based on Delocalized-Record Chains

This paper aims to advance the field of data anonymization within the context of Internet of Things (IoT), an environment where data collected may contain sensitive information about users. Specifically, we propose a privacy-preserving data publishing alternative that extends the privacy requirement to the data collection phase. Because our proposal offers privacy-preserving conditions in both the data collecting and publishing, it is suitable for scenarios where a central node collects personal data supplied by a set of devices, typically associated with individuals, without these having to assume trust in the collector. In particular, to limit the risk of individuals' re-identification, the probabilistic k-anonymity property is satisfied during the data collection process and the k-anonymity property is satisfied by the data set derived from the anonymization process. To carry out the anonymous sending of personal data during the collection process, we introduce the delocalized-record chain, a new mechanism of anonymous communication aimed at multi-user environments to collaboratively protect information, which by not requiring third-party intermediaries makes it especially suitable for private IoT networks (besides public IoT networks)

Inferring Energy Bounds via Static Program Analysis and Evolutionary Modeling of Basic Blocks

The ever increasing number and complexity of energy-bound devices (such as the ones used in Internet of Things applications, smart phones, and mission critical systems) pose an important challenge on techniques to optimize their energy consumption and to verify that they will perform their function within the available energy budget. In this work we address this challenge from the software point of view and propose a novel parametric approach to estimating tight bounds on the energy consumed by program executions that are practical for their application to energy verification and optimization. Our approach divides a program into basic (branchless) blocks and estimates the maximal and minimal energy consumption for each block using an evolutionary algorithm. Then it combines the obtained values according to the program control flow, using static analysis, to infer functions that give both upper and lower bounds on the energy consumption of the whole program and its procedures as functions on input data sizes. We have tested our approach on (C-like) embedded programs running on the XMOS hardware platform. However, our method is general enough to be applied to other microprocessor architectures and programming languages. The bounds obtained by our prototype implementation can be tight while remaining on the safe side of budgets in practice, as shown by our experimental evaluation.Comment: Pre-proceedings paper presented at the 27th International Symposium on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur, Belgium, 10-12 October 2017 (arXiv:1708.07854). Improved version of the one presented at the HIP3ES 2016 workshop (v1): more experimental results (added benchmark to Table 1, added figure for new benchmark, added Table 3), improved Fig. 1, added Fig.

The neognathostomates (Echinodermata: Echinoidea) of the Artoles Formation, from the Barremian of the Maestrat Basin

Es descriu i figura la fauna d'equínids neognatostomats barremians del jaciment del Barranc de la Torre Folch (el Forcall, els Ports), a la formació Margues i calcàries de les Artoles, dins la conca del Maestrat. Es descriuen dues espècies noves: Nucleolites usoi sp. nov. i Plagiochasma saurai sp. nov. Es figura també Pygorhynchus royoi (Lambert, 1935), endemic de la conca de! Maestrat del qual es completa la descripció amb precisions sobre el sistema apical i els fíl·lodes.The fauna of echinoids from the outcrop of the Barranc de la Torre Fo1ch (el Forcall, e!s Ports; Spain) from the Barremian, Artoles formation, Maestrat Basin is described and figured. Two new species are described: Nucleolites usoi sp. nov. and Plagiochasma saurai sp. nov. The endemic echinoid of the Maestrat Basin Pygorhynchus royoi (Lambert, 1935) is also figured and its description completed with details on the apical system and phyllodes

Polymorphic Typestate for Session Types

Session types provide a principled approach to typed communication protocols that guarantee type safety and protocol fidelity. Formalizations of session-typed communication are typically based on process calculi, concurrent lambda calculi, or linear logic. An alternative model based on context-sensitive typing and typestate has not received much attention due to its apparent restrictions. However, this model is attractive because it does not force programmers into particular patterns like continuation-passing style or channel-passing style, but rather enables them to treat communication channels like mutable variables. Polymorphic typestate is the key that enables a full treatment of session-typed communication. Previous work in this direction was hampered by its setting in a simply-typed lambda calculus. We show that higher-order polymorphism and existential types enable us to lift the restrictions imposed by the previous work, thus bringing the expressivity of the typestate-based approach on par with the competition. On this basis, we define PolyVGR, the system of polymorphic typestate for session types, establish its basic metatheory, type preservation and progress, and present a prototype implementation.Comment: 29 pages. Short version appears in PPDP 202

A Two-Level Logic Approach to Reasoning about Typed Specification Languages

International audienceThe two-level logic approach (2LL) to reasoning about computational specifications, as implemented by the Abella theorem prover, represents derivations of a specification language as an inductive definition in a reasoning logic. This approach has traditionally been formulated with the specification and reasoning logics having the same type system, and only the formulas being translated. However, requiring identical type systems limits the approach in two important ways: (1) every change in the specification language's type system requires a corresponding change in that of the reasoning logic, and (2) the same reasoning logic cannot be used with two specification languages at once if they have incompatible type systems. We propose a technique based on adequate encodings of the types and judgements of a typed specification language in terms of a simply typed higher-order logic program, which is then used for reasoning about the specification language in the usual 2LL. Moreover, a single specification logic implementation can be used as a basis for a number of other specification languages just by varying the encoding. We illustrate our technique with an implementation of the LF dependent type theory as a new specification language for Abella, co-existing with its current simply typed higher-order hereditary Harrop specification logic, without modifying the type system of its reasoning logic