18,343 research outputs found
Scather: programming with multi-party computation and MapReduce
We present a prototype of a distributed computational infrastructure, an associated high level programming language, and an underlying formal framework that allow multiple parties to leverage their own cloud-based computational resources (capable of supporting MapReduce [27] operations) in concert with multi-party computation (MPC) to execute statistical analysis algorithms that have privacy-preserving properties. Our architecture allows a data analyst unfamiliar with MPC to: (1) author an analysis algorithm that is agnostic with regard to data privacy policies, (2) to use an automated process to derive algorithm implementation variants that have different privacy and performance properties, and (3) to compile those implementation variants so that they can be deployed on an infrastructures that allows computations to take place locally within each participantâs MapReduce cluster as well as across all the participantsâ clusters using an MPC protocol. We describe implementation details of the architecture, discuss and demonstrate how the formal framework enables the exploration of tradeoffs between the efficiency and privacy properties of an analysis algorithm, and present two example applications that illustrate how such an infrastructure can be utilized in practice.This work was supported in part by NSF Grants: #1430145, #1414119, #1347522, and #1012798
Rodin: an open toolset for modelling and reasoning in Event-B
Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling tool that seamlessly integrates modelling and proving. We outline how the Event-B language was designed to facilitate proof and how the tool has been designed to support changes to models while minimising the impact of changes on existing proofs. We outline the important features of the prover architecture and explain how well-definedness is treated. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods
Type classes for efficient exact real arithmetic in Coq
Floating point operations are fast, but require continuous effort on the part
of the user in order to ensure that the results are correct. This burden can be
shifted away from the user by providing a library of exact analysis in which
the computer handles the error estimates. Previously, we [Krebbers/Spitters
2011] provided a fast implementation of the exact real numbers in the Coq proof
assistant. Our implementation improved on an earlier implementation by O'Connor
by using type classes to describe an abstract specification of the underlying
dense set from which the real numbers are built. In particular, we used dyadic
rationals built from Coq's machine integers to obtain a 100 times speed up of
the basic operations already. This article is a substantially expanded version
of [Krebbers/Spitters 2011] in which the implementation is extended in the
various ways. First, we implement and verify the sine and cosine function.
Secondly, we create an additional implementation of the dense set based on
Coq's fast rational numbers. Thirdly, we extend the hierarchy to capture order
on undecidable structures, while it was limited to decidable structures before.
This hierarchy, based on type classes, allows us to share theory on the
naturals, integers, rationals, dyadics, and reals in a convenient way. Finally,
we obtain another dramatic speed-up by avoiding evaluation of termination
proofs at runtime.Comment: arXiv admin note: text overlap with arXiv:1105.275
Verifying That a Compiler Preserves Concurrent Value-Dependent Information-Flow Security
It is common to prove by reasoning over source code that programs do not leak sensitive data. But doing so leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. This task is complicated when programs enforce value-dependent information-flow security properties (in which classification of locations can vary depending on values in other locations) and complicated further when programs exploit shared-variable concurrency.
Prior work has formally defined a notion of concurrency-aware refinement for preserving value-dependent security properties. However, that notion is considerably more complex than standard refinement definitions typically applied in the verification of semantics preservation by compilers. To date it remains unclear whether it can be applied to a realistic compiler, because there exist no general decomposition principles for separating it into smaller, more familiar, proof obligations.
In this work, we provide such a decomposition principle, which we show can almost halve the complexity of proving secure refinement. Further, we demonstrate its applicability to secure compilation, by proving in Isabelle/HOL the preservation of value-dependent security by a proof-of-concept compiler from an imperative While language to a generic RISC-style assembly language, for programs with shared-memory concurrency mediated by locking primitives. Finally, we execute our compiler in Isabelle on a While language model of the Cross Domain Desktop Compositor, demonstrating to our knowledge the first use of a compiler verification result to carry an information-flow security property down to the assembly-level model of a non-trivial concurrent program
Properties preservation during transformation
To prove the correctness of a program (written in a high level programming language) with respect to a speciïŹcation (a set of proof obligations) does not assure the correctness of the machine code
that the end-user will run after compilation and deployment phases. The code generated by the compiler should be veriïŹed again to guarantee
that its correctness was preserved, and then that it can be executed in safety.
In the context of a Ph.D. work in the area of software analysis and transformation, we are looking for a suitable approach to prove that the
software properties (validated at source level) are kept during translation.
In this position paper we introduce our architectural proposal, and discuss the platform and we are building for Java+JML on the top of Eclipse.Fundação para a CiĂȘncia e a Tecnologia (FCT) - MAPi/FCT, bolsa de doutoramento nÂș. SFRH/BD/33231/2007
Lending Petri nets and contracts
Choreography-based approaches to service composition typically assume that,
after a set of services has been found which correctly play the roles
prescribed by the choreography, each service respects his role. Honest services
are not protected against adversaries. We propose a model for contracts based
on a extension of Petri nets, which allows services to protect themselves while
still realizing the choreography. We relate this model with Propositional
Contract Logic, by showing a translation of formulae into our Petri nets which
preserves the logical notion of agreement, and allows for compositional
verification
Australian best practice guide to collecting cultural material
INTRODUCTION
Australiaâs public collecting institutions enrich public life by displaying, interpreting, making accessible and preserving the worldâs shared cultural, scientific and historic heritage.
Acquisitions to collections and loans to institutions play a vital role in increasing our societyâs understanding of culture. They also increase education and outreach activities and are an important impetus for research. Australian institutions safeguard and protect the cultural property of Australia and other nations. They also develop their collections according to the highest ethical standards and legal requirements. To uphold this commitment, institutions should undertake due diligence to ensure they only acquire or borrow cultural material that has legal title, established provenance, is authentic and not identified as having been looted or illegally obtained or exported.
The Australian Best Practice Guide to Collecting Cultural Material outlines principles and standards to assist Australiaâs institutions when considering acquiring cultural material, whether through purchase, gift, bequest or exchange. This guide can be used by collecting institutions when developing their policies and setting out their principles for due diligence research and other processes required when considering an acquisition. Sections of this guide may also apply to cultural material being considered for inward loan
- âŠ