3,600 research outputs found
On Verifying Causal Consistency
Causal consistency is one of the most adopted consistency criteria for
distributed implementations of data structures. It ensures that operations are
executed at all sites according to their causal precedence. We address the
issue of verifying automatically whether the executions of an implementation of
a data structure are causally consistent. We consider two problems: (1)
checking whether one single execution is causally consistent, which is relevant
for developing testing and bug finding algorithms, and (2) verifying whether
all the executions of an implementation are causally consistent.
We show that the first problem is NP-complete. This holds even for the
read-write memory abstraction, which is a building block of many modern
distributed systems. Indeed, such systems often store data in key-value stores,
which are instances of the read-write memory abstraction. Moreover, we prove
that, surprisingly, the second problem is undecidable, and again this holds
even for the read-write memory abstraction. However, we show that for the
read-write memory abstraction, these negative results can be circumvented if
the implementations are data independent, i.e., their behaviors do not depend
on the data values that are written or read at each moment, which is a
realistic assumption.Comment: extended version of POPL 201
Partial Order Reduction for Security Protocols
Security protocols are concurrent processes that communicate using
cryptography with the aim of achieving various security properties. Recent work
on their formal verification has brought procedures and tools for deciding
trace equivalence properties (e.g., anonymity, unlinkability, vote secrecy) for
a bounded number of sessions. However, these procedures are based on a naive
symbolic exploration of all traces of the considered processes which,
unsurprisingly, greatly limits the scalability and practical impact of the
verification tools.
In this paper, we overcome this difficulty by developing partial order
reduction techniques for the verification of security protocols. We provide
reduced transition systems that optimally eliminate redundant traces, and which
are adequate for model-checking trace equivalence properties of protocols by
means of symbolic execution. We have implemented our reductions in the tool
Apte, and demonstrated that it achieves the expected speedup on various
protocols
Proving Abstractions of Dynamical Systems through Numerical Simulations
A key question that arises in rigorous analysis of cyberphysical systems
under attack involves establishing whether or not the attacked system deviates
significantly from the ideal allowed behavior. This is the problem of deciding
whether or not the ideal system is an abstraction of the attacked system. A
quantitative variation of this question can capture how much the attacked
system deviates from the ideal. Thus, algorithms for deciding abstraction
relations can help measure the effect of attacks on cyberphysical systems and
to develop attack detection strategies. In this paper, we present a decision
procedure for proving that one nonlinear dynamical system is a quantitative
abstraction of another. Directly computing the reach sets of these nonlinear
systems are undecidable in general and reach set over-approximations do not
give a direct way for proving abstraction. Our procedure uses (possibly
inaccurate) numerical simulations and a model annotation to compute tight
approximations of the observable behaviors of the system and then uses these
approximations to decide on abstraction. We show that the procedure is sound
and that it is guaranteed to terminate under reasonable robustness assumptions
Labeling Workflow Views with Fine-Grained Dependencies
This paper considers the problem of efficiently answering reachability
queries over views of provenance graphs, derived from executions of workflows
that may include recursion. Such views include composite modules and model
fine-grained dependencies between module inputs and outputs. A novel
view-adaptive dynamic labeling scheme is developed for efficient query
evaluation, in which view specifications are labeled statically (i.e. as they
are created) and data items are labeled dynamically as they are produced during
a workflow execution. Although the combination of fine-grained dependencies and
recursive workflows entail, in general, long (linear-size) data labels, we show
that for a large natural class of workflows and views, labels are compact
(logarithmic-size) and reachability queries can be evaluated in constant time.
Experimental results demonstrate the benefit of this approach over the
state-of-the-art technique when applied for labeling multiple views.Comment: VLDB201
Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation
We present Anadroid, a static malware analysis framework for Android apps.
Anadroid exploits two techniques to soundly raise precision: (1) it uses a
pushdown system to precisely model dynamically dispatched interprocedural and
exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to
soundly approximate all possible interleavings of asynchronous entry points in
Android applications. (It also integrates static taint-flow analysis and least
permissions analysis to expand the class of malicious behaviors which it can
catch.) Anadroid provides rich user interface support for human analysts which
must ultimately rule on the "maliciousness" of a behavior.
To demonstrate the effectiveness of Anadroid's malware analysis, we had teams
of analysts analyze a challenge suite of 52 Android applications released as
part of the Auto- mated Program Analysis for Cybersecurity (APAC) DARPA
program. The first team analyzed the apps using a ver- sion of Anadroid that
uses traditional (finite-state-machine-based) control-flow-analysis found in
existing malware analysis tools; the second team analyzed the apps using a
version of Anadroid that uses our enhanced pushdown-based
control-flow-analysis. We measured machine analysis time, human analyst time,
and their accuracy in flagging malicious applications. With pushdown analysis,
we found statistically significant (p < 0.05) decreases in time: from 85
minutes per app to 35 minutes per app in human plus machine analysis time; and
statistically significant (p < 0.05) increases in accuracy with the
pushdown-driven analyzer: from 71% correct identification to 95% correct
identification.Comment: Appears in 3rd Annual ACM CCS workshop on Security and Privacy in
SmartPhones and Mobile Devices (SPSM'13), Berlin, Germany, 201
Distributed Deterministic Broadcasting in Uniform-Power Ad Hoc Wireless Networks
Development of many futuristic technologies, such as MANET, VANET, iThings,
nano-devices, depend on efficient distributed communication protocols in
multi-hop ad hoc networks. A vast majority of research in this area focus on
design heuristic protocols, and analyze their performance by simulations on
networks generated randomly or obtained in practical measurements of some
(usually small-size) wireless networks. %some library. Moreover, they often
assume access to truly random sources, which is often not reasonable in case of
wireless devices. In this work we use a formal framework to study the problem
of broadcasting and its time complexity in any two dimensional Euclidean
wireless network with uniform transmission powers. For the analysis, we
consider two popular models of ad hoc networks based on the
Signal-to-Interference-and-Noise Ratio (SINR): one with opportunistic links,
and the other with randomly disturbed SINR. In the former model, we show that
one of our algorithms accomplishes broadcasting in rounds, where
is the number of nodes and is the diameter of the network. If nodes
know a priori the granularity of the network, i.e., the inverse of the
maximum transmission range over the minimum distance between any two stations,
a modification of this algorithm accomplishes broadcasting in
rounds.
Finally, we modify both algorithms to make them efficient in the latter model
with randomly disturbed SINR, with only logarithmic growth of performance.
Ours are the first provably efficient and well-scalable, under the two
models, distributed deterministic solutions for the broadcast task.Comment: arXiv admin note: substantial text overlap with arXiv:1207.673
- …