57 research outputs found
MaxSAT Evaluation 2020 : Solver and Benchmark Descriptions
Non peer reviewe
Logic Programming Applications: What Are the Abstractions and Implementations?
This article presents an overview of applications of logic programming,
classifying them based on the abstractions and implementations of logic
languages that support the applications. The three key abstractions are join,
recursion, and constraint. Their essential implementations are for-loops, fixed
points, and backtracking, respectively. The corresponding kinds of applications
are database queries, inductive analysis, and combinatorial search,
respectively. We also discuss language extensions and programming paradigms,
summarize example application problems by application areas, and touch on
example systems that support variants of the abstractions with different
implementations
MaxSAT Evaluation 2019 : Solver and Benchmark Descriptions
Non peer reviewe
Optimization of Access Control Policies
Organizations undertake complex and costly projects to model high-quality Access Control Policies (ACPs). Once built, these policies must be maintained and managed in an ongoing process to keep their quality high. Insufficient maintenance leads to inaccurate authorization decisions and increases the policiesâ administrative effort and susceptibility to errors. While the initial modeling of ACPs has received significant research interest, their optimization is not yet covered as broadly. This work provides a theoretical foundation for ACP quality and its optimization. Furthermore, it analyzes how existing research addresses optimization of ACPs with regard to six crucial optimization dimensions. It presents a structured literature survey tracing these optimization dimensions, the contributed research artifact and data requirements. Building on this literature catalogue, this work elaborates on inaccuracies for user permission assignments, data availability, minimal perturbation and recommendation-based optimization
Unifying Reasoning and Core-Guided Search for Maximum Satisfiability
A central algorithmic paradigm in maximum satisfiability solving geared towards real-world optimization problems is the core-guided approach. Furthermore, recent progress on preprocessing techniques is bringing in additional reasoning techniques to MaxSAT solving. Towards realizing their combined potential, understanding formal underpinnings of interleavings of preprocessing-style reasoning and core-guided algorithms is important. It turns out that earlier proposed notions for establishing correctness of core-guided algorithms and preprocessing, respectively, are not enough for capturing correctness of interleavings of the techniques. We provide an in-depth analysis of these and related MaxSAT instance transformations, and propose correction set reducibility as a notion that captures inprocessing MaxSAT solving within a state-transition style abstract MaxSAT solving framework. Furthermore, we establish a general theorem of correctness for applications of SAT-based preprocessing techniques in MaxSAT. The results pave way for generic techniques for arguing about the formal correctness of MaxSAT algorithms.Peer reviewe
Vérification et validation de politiques de contrÎle d'accÚs dans le domaine médical
Dans le domaine meÌdical, la numeÌrisation des documents et lâutilisation des dossiers patient eÌlectroniques (DPE, ou en anglais EHR pour Electronic Health Record) offrent de nombreux avantages, tels que la faciliteÌ de recherche et de transmission de ces donneÌes. Les systeÌmes informatiques doivent reprendre ainsi progressivement le roÌle traditionnellement tenu par les archivistes, roÌle qui comprenait notamment la gestion des acceÌs aÌ ces donneÌes sensibles. Ces derniers doivent en effet eÌtre rigoureusement controÌleÌs pour tenir compte des souhaits de confidentialiteÌ des patients, des reÌgles des eÌtablissements et de la leÌgislation en vigueur. SGAC, ou Solution de Gestion AutomatiseÌe du Consentement, a pour but de fournir une solution dans laquelle lâacceÌs aux donneÌes du patient serait non seulement baseÌe sur les reÌgles mises en place par le patient lui-meÌme mais aussi sur le reÌglement de lâeÌtablissement et sur la leÌgislation. Cependant, cette liberteÌ octroyeÌe au patient est source de divers probleÌmes : conflits, masquage des donneÌes neÌcessaires aux soins ou encore tout simplement erreurs de saisie. Pour effectuer ces veÌrifications, les meÌthodes formelles fournissent des moyens fiables de veÌrification de proprieÌteÌs tels que les preuves ou la veÌrification de modeÌles. Cette theÌse propose des meÌthodes de veÌrification adapteÌes aÌ SGAC pour le patient : elle introduit le modeÌle formel de SGAC, des meÌthodes de veÌrifications de proprieÌteÌs. Afin de mener ces veÌrifications de manieÌre automatiseÌe, SGAC est modeÌliseÌ en B et Alloy ; ces diffeÌrentes modeÌlisations donnent acceÌs aux outils Alloy et ProB, et ainsi aÌ la veÌrification automatiseÌe de proprieÌteÌs via la veÌrification de modeÌles ou model checking.Abstract : In healthcare, data digitization and the use of the Electronic Health Records (EHR) offer several benefits, such as the reduction of the space occupied by data, or the ease of data search or data exchanges. IT systems must gradually take up the archivistâs role by managing the accesses over sensitive data, which have to be compliant with patient wishes, hospital rules, as well as laws and regulations. SGAC, or Solution de Gestion AutomatiseÌe du Consentement (Automated Consent Management Solution), aims to provide a solution in which access to patient data would be based on patient rules, hospital rules and laws. However, the freedom granted to the patient can cause several problems : conflicts, concealment of crucial data needed to treat the patient adequately, and data-capture errors. Therefore, verification and validation of policies are essential : formal methods provide reliable ways, such as proofs or model checking, to conduct verifications of properties. This thesis provides verification methods applied on SGAC for the patient : it introduces the formal model of SGAC, methods to verify properties such as data access resolution, hidden data detection or redundant rule identification. Modeling of SGAC in B and Alloy provides access to the tools Alloy and ProB, and thus, automated property verification through model checking
Just-in-Time Detection of Protection-Impacting Changes on Wordpress and Mediawiki
Les mĂ©canismes de contrĂŽle dâaccĂšs basĂ©s sur les rĂŽles accordĂ©s et les privilĂšges prĂ©dĂ©finis limitent lâaccĂšs des utilisateurs aux ressources sensibles Ă la sĂ©curitĂ© dans un systĂšme logiciel multi-utilisateurs. Des modifications non intentionnelles des privilĂšges protĂ©gĂ©s peuvent survenir lors de lâĂ©volution dâun systĂšme, ce qui peut entraĂźner des vulnĂ©rabilitĂ©s de sĂ©curitĂ© et par la suite menacer les donnĂ©es confidentielles des utilisateurs et causer dâautres graves problĂšmes. Dans ce mĂ©moire, nous avons utilisĂ© la technique âPattern Traversal Flow Analysisâ pour identifier les diffĂ©rences de protection introduite dans les systĂšmes WordPress et MediaWiki. Nous avons analysĂ© lâĂ©volution des privilĂšges protĂ©gĂ©s dans 211 et 193 versions respectivement de WordPress et Mediawiki, et nous avons constatĂ© quâenviron 60% des commits affectent les privilĂšges protĂ©gĂ©s dans les deux projets Ă©tudiĂ©s. Nous nous rĂ©fĂ©rons au commits causant un changement protĂ©gĂ© comme commits (PIC). Pour aider les dĂ©veloppeurs Ă identifier les commits PIC en temps rĂ©el, câest Ă dire dĂšs leur soumission dans le rĂ©pertoire de code, nous extrayons une sĂ©rie de mĂ©triques Ă partir des logs de commits et du code source, ensuite, nous construisons des modĂšles statistiques. LâĂ©valuation de ces modĂšles a rĂ©vĂ©lĂ© quâils pouvaient atteindre une prĂ©cision allant jusquâĂ 73,8 % et un rappel de 98,8 % dans WordPress, et pour MediaWiki, une prĂ©cision de 77,2 % et un rappel allant jusquâĂ 97,8 %. Parmi les mĂ©triques examinĂ©s, changement de lignes de code, correction de bogues, expĂ©rience des auteurs, et complexitĂ© du code entre deux versions sont les facteurs prĂ©dictifs
les plus importants de ces modÚles. Nous avons effectué une analyse qualitative des faux positifs et des faux négatifs et avons observé que le détecteur des commits PIC doit ignorer les commits de documentation uniquement et les modifications de code non accompagnées de commentaires.
Les entreprises de dĂ©veloppement logiciel peuvent utiliser notre approche et les modĂšles proposĂ©s dans ce mĂ©moire, pour identifier les modifications non intentionnelles des privilĂšges protĂ©gĂ©s dĂšs leur apparition, afin dâempĂȘcher lâintroduction de vulnĂ©rabilitĂ©s dans leurs systĂšmes. ----------ABSTRACT: Access control mechanisms based on roles and privileges restrict the access of users to security sensitive resources in a multi-user software system. Unintentional privilege protection changes may occur during the evolution of a system, which may introduce security vulnerabilities, threatening userâs confidential data, and causing other severe problems. In this thesis, we use
the Pattern Traversal Flow Analysis technique to identify definite protection differences in WordPress and MediaWiki systems. We analyse the evolution of privilege protections across 211 and 193 releases from respectively WordPress and Mediawiki, and observe that around 60% of commits affect privileges protections in both projects. We refer to these commits as protection-impacting change (PIC) commits. To help developers identify PIC commits justin-time, i.e., as soon as they are introduced in the code base, we extract a series of metrics from commit logs and source code, and build statistical models. The evaluation of these models revealed that they can achieve a precision up to 73.8% and a recall up to 98.8% in WordPress and for MediaWiki, a precision up to 77.2% and recall up to 97.8%. Among the
metrics examined, commit churn, bug fixing, author experiences and code complexity between two releases are the most important predictors in the models. We performed a qualitative analysis of false positives and false negatives and observe that PIC commits detectors should ignore documentation-only commits and process code changes without the comments. Software organizations can use our proposed approach and models, to identify unintentional privilege protection changes as soon as they are introduced, in order to prevent the introduction of vulnerabilities in their systems
- âŠ