Formal security analysis of registration protocols for interactive systems: a methodology and a case of study

In this work we present and formally analyze CHAT-SRP (CHAos based Tickets-Secure Registration Protocol), a protocol to provide interactive and collaborative platforms with a cryptographically robust solution to classical security issues. Namely, we focus on the secrecy and authenticity properties while keeping a high usability. In this sense, users are forced to blindly trust the system administrators and developers. Moreover, as far as we know, the use of formal methodologies for the verification of security properties of communication protocols isn't yet a common practice. We propose here a methodology to fill this gap, i.e., to analyse both the security of the proposed protocol and the pertinence of the underlying premises. In this concern, we propose the definition and formal evaluation of a protocol for the distribution of digital identities. Once distributed, these identities can be used to verify integrity and source of information. We base our security analysis on tools for automatic verification of security protocols widely accepted by the scientific community, and on the principles they are based upon. In addition, it is assumed perfect cryptographic primitives in order to focus the analysis on the exchange of protocol messages. The main property of our protocol is the incorporation of tickets, created using digests of chaos based nonces (numbers used only once) and users' personal data. Combined with a multichannel authentication scheme with some previous knowledge, these tickets provide security during the whole protocol by univocally linking each registering user with a single request. [..]Comment: 32 pages, 7 figures, 8 listings, 1 tabl

An Adynamical, Graphical Approach to Quantum Gravity and Unification

We use graphical field gradients in an adynamical, background independent fashion to propose a new approach to quantum gravity and unification. Our proposed reconciliation of general relativity and quantum field theory is based on a modification of their graphical instantiations, i.e., Regge calculus and lattice gauge theory, respectively, which we assume are fundamental to their continuum counterparts. Accordingly, the fundamental structure is a graphical amalgam of space, time, and sources (in parlance of quantum field theory) called a "spacetimesource element." These are fundamental elements of space, time, and sources, not source elements in space and time. The transition amplitude for a spacetimesource element is computed using a path integral with discrete graphical action. The action for a spacetimesource element is constructed from a difference matrix K and source vector J on the graph, as in lattice gauge theory. K is constructed from graphical field gradients so that it contains a non-trivial null space and J is then restricted to the row space of K, so that it is divergence-free and represents a conserved exchange of energy-momentum. This construct of K and J represents an adynamical global constraint between sources, the spacetime metric, and the energy-momentum content of the element, rather than a dynamical law for time-evolved entities. We use this approach via modified Regge calculus to correct proper distance in the Einstein-deSitter cosmology model yielding a fit of the Union2 Compilation supernova data that matches LambdaCDM without having to invoke accelerating expansion or dark energy. A similar modification to lattice gauge theory results in an adynamical account of quantum interference.Comment: 47 pages text, 14 figures, revised per recent results, e.g., dark energy result

Designing compliant business processes with obligations and permissions. Business process management workshops.

The sequence and timing constraints on the activities in business processes are an important aspect of business process compliance. To date, these constraints are most often implicitly transcribed into control-flow-based process models. This implicit representation of constraints, however, complicates the verification, validation and reuse in business process design. In this paper, we investigate the use of temporal deontic assignments on activities as a means to declaratively capture the control-flow semantics that reside in business regulations and business policies. In particular, we introduce PENELOPE, a language to express temporal rules about the obligations and permissions in a business interaction, and an algorithm to generate compliant sequence-flow-based process models that can be used in business process design.

A monitoring approach for runtime service discovery

Effective runtime service discovery requires identification of services based on different service characteristics such as structural, behavioural, quality, and contextual characteristics. However, current service registries guarantee services described in terms of structural and sometimes quality characteristics and, therefore, it is not always possible to assume that services in them will have all the characteristics required for effective service discovery. In this paper, we describe a monitor-based runtime service discovery framework called MoRSeD. The framework supports service discovery in both push and pull modes of query execution. The push mode of query execution is performed in parallel to the execution of a service-based system, in a proactive way. Both types of queries are specified in a query language called SerDiQueL that allows the representation of structural, behavioral, quality, and contextual conditions of services to be identified. The framework uses a monitor component to verify if behavioral and contextual conditions in the queries can be satisfied by services, based on translations of these conditions into properties represented in event calculus, and verification of the satisfiability of these properties against services. The monitor is also used to support identification that services participating in a service-based system are unavailable, and identification of changes in the behavioral and contextual characteristics of the services. A prototype implementation of the framework has been developed. The framework has been evaluated in terms of comparison of its performance when using and when not using the monitor component