20,649 research outputs found
Cutting the Cake: A Language for Fair Division
The fair division literature in economics considers how to divide resources
between multiple agents such that the allocation is envy-free: each agent
receives their favorite piece. Researchers have developed a variety of fair
division protocols for the most standard setting, where the agents want to
split a single item, however, the protocols are highly intricate and the proofs
of envy-freeness involve tedious case analysis.
We propose Slice, a domain specific language for fair-division. Programs in
our language can be converted to logical formulas encoding envy-freeness and
other target properties. Then, the constraints can be dispatched to automated
solvers. We prove that our constraint generation procedure is sound and
complete. We also report on a prototype implementation of Slice, which we have
used to automatically check envy-freeness for several protocols from the fair
division literature.Comment: 31 pages, 15 figures, PLDI 202
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols
Coercion resistance is an important and one of the most intricate security
requirements of electronic voting protocols. Several definitions of coercion
resistance have been proposed in the literature, including definitions based on
symbolic models. However, existing definitions in such models are rather
restricted in their scope and quite complex.
In this paper, we therefore propose a new definition of coercion resistance
in a symbolic setting, based on an epistemic approach. Our definition is
relatively simple and intuitive. It allows for a fine-grained formulation of
coercion resistance and can be stated independently of a specific, symbolic
protocol and adversary model. As a proof of concept, we apply our definition to
three voting protocols. In particular, we carry out the first rigorous analysis
of the recently proposed Civitas system. We precisely identify those conditions
under which this system guarantees coercion resistance or fails to be coercion
resistant. We also analyze protocols proposed by Lee et al. and Okamoto.Comment: An extended version of a paper from IEEE Symposium on Security and
Privacy (S&P) 200
Resource Usage Protocols for Iterators
We discuss usage protocols for iterator objects that prevent concurrent modifications of the underlying collection while iterators are in progress. We formalize these protocols in Java-like object interfaces, enriched with separation logic contracts. We present examples of iterator clients and proofs that they adhere to the iterator protocol, as well as examples of iterator implementations and proofs that they implement the iterator interface
Deductive Verification of Parallel Programs Using Why3
The Message Passing Interface specification (MPI) defines a portable
message-passing API used to program parallel computers. MPI programs manifest a
number of challenges on what concerns correctness: sent and expected values in
communications may not match, resulting in incorrect computations possibly
leading to crashes; and programs may deadlock resulting in wasted resources.
Existing tools are not completely satisfactory: model-checking does not scale
with the number of processes; testing techniques wastes resources and are
highly dependent on the quality of the test set.
As an alternative, we present a prototype for a type-based approach to
programming and verifying MPI like programs against protocols. Protocols are
written in a dependent type language designed so as to capture the most common
primitives in MPI, incorporating, in addition, a form of primitive recursion
and collective choice. Protocols are then translated into Why3, a deductive
software verification tool. Source code, in turn, is written in WhyML, the
language of the Why3 platform, and checked against the protocol. Programs that
pass verification are guaranteed to be communication safe and free from
deadlocks.
We verified several parallel programs from textbooks using our approach, and
report on the outcome.Comment: In Proceedings ICE 2015, arXiv:1508.0459
How to Simulate It in Isabelle: Towards Formal Proof for Secure Multi-Party Computation
In cryptography, secure Multi-Party Computation (MPC) protocols allow
participants to compute a function jointly while keeping their inputs private.
Recent breakthroughs are bringing MPC into practice, solving fundamental
challenges for secure distributed computation. Just as with classic protocols
for encryption and key exchange, precise guarantees are needed for MPC designs
and implementations; any flaw will give attackers a chance to break privacy or
correctness. In this paper we present the first (as far as we know)
formalisation of some MPC security proofs. These proofs provide probabilistic
guarantees in the computational model of security, but have a different
character to machine proofs and proof tools implemented so far --- MPC proofs
use a \emph{simulation} approach, in which security is established by showing
indistinguishability between execution traces in the actual protocol execution
and an ideal world where security is guaranteed by definition. We show that
existing machinery for reasoning about probabilistic programs adapted to this
setting, paving the way to precisely check a new class of cryptography
arguments. We implement our proofs using the CryptHOL framework inside
Isabelle/HOL
Certified Impossibility Results for Byzantine-Tolerant Mobile Robots
We propose a framework to build formal developments for robot networks using
the COQ proof assistant, to state and to prove formally various properties. We
focus in this paper on impossibility proofs, as it is natural to take advantage
of the COQ higher order calculus to reason about algorithms as abstract
objects. We present in particular formal proofs of two impossibility results
forconvergence of oblivious mobile robots if respectively more than one half
and more than one third of the robots exhibit Byzantine failures, starting from
the original theorems by Bouzid et al.. Thanks to our formalization, the
corresponding COQ developments are quite compact. To our knowledge, these are
the first certified (in the sense of formally proved) impossibility results for
robot networks
- …