8,557 research outputs found
Formal security analysis of registration protocols for interactive systems: a methodology and a case of study
In this work we present and formally analyze CHAT-SRP (CHAos based
Tickets-Secure Registration Protocol), a protocol to provide interactive and
collaborative platforms with a cryptographically robust solution to classical
security issues. Namely, we focus on the secrecy and authenticity properties
while keeping a high usability. In this sense, users are forced to blindly
trust the system administrators and developers. Moreover, as far as we know,
the use of formal methodologies for the verification of security properties of
communication protocols isn't yet a common practice. We propose here a
methodology to fill this gap, i.e., to analyse both the security of the
proposed protocol and the pertinence of the underlying premises. In this
concern, we propose the definition and formal evaluation of a protocol for the
distribution of digital identities. Once distributed, these identities can be
used to verify integrity and source of information. We base our security
analysis on tools for automatic verification of security protocols widely
accepted by the scientific community, and on the principles they are based
upon. In addition, it is assumed perfect cryptographic primitives in order to
focus the analysis on the exchange of protocol messages. The main property of
our protocol is the incorporation of tickets, created using digests of chaos
based nonces (numbers used only once) and users' personal data. Combined with a
multichannel authentication scheme with some previous knowledge, these tickets
provide security during the whole protocol by univocally linking each
registering user with a single request. [..]Comment: 32 pages, 7 figures, 8 listings, 1 tabl
An Adynamical, Graphical Approach to Quantum Gravity and Unification
We use graphical field gradients in an adynamical, background independent
fashion to propose a new approach to quantum gravity and unification. Our
proposed reconciliation of general relativity and quantum field theory is based
on a modification of their graphical instantiations, i.e., Regge calculus and
lattice gauge theory, respectively, which we assume are fundamental to their
continuum counterparts. Accordingly, the fundamental structure is a graphical
amalgam of space, time, and sources (in parlance of quantum field theory)
called a "spacetimesource element." These are fundamental elements of space,
time, and sources, not source elements in space and time. The transition
amplitude for a spacetimesource element is computed using a path integral with
discrete graphical action. The action for a spacetimesource element is
constructed from a difference matrix K and source vector J on the graph, as in
lattice gauge theory. K is constructed from graphical field gradients so that
it contains a non-trivial null space and J is then restricted to the row space
of K, so that it is divergence-free and represents a conserved exchange of
energy-momentum. This construct of K and J represents an adynamical global
constraint between sources, the spacetime metric, and the energy-momentum
content of the element, rather than a dynamical law for time-evolved entities.
We use this approach via modified Regge calculus to correct proper distance in
the Einstein-deSitter cosmology model yielding a fit of the Union2 Compilation
supernova data that matches LambdaCDM without having to invoke accelerating
expansion or dark energy. A similar modification to lattice gauge theory
results in an adynamical account of quantum interference.Comment: 47 pages text, 14 figures, revised per recent results, e.g., dark
energy result
Designing compliant business processes with obligations and permissions. Business process management workshops.
The sequence and timing constraints on the activities in business processes are an important aspect of business process compliance. To date, these constraints are most often implicitly transcribed into control-flow-based process models. This implicit representation of constraints, however, complicates the verification, validation and reuse in business process design. In this paper, we investigate the use of temporal deontic assignments on activities as a means to declaratively capture the control-flow semantics that reside in business regulations and business policies. In particular, we introduce PENELOPE, a language to express temporal rules about the obligations and permissions in a business interaction, and an algorithm to generate compliant sequence-flow-based process models that can be used in business process design.
Recommended from our members
A monitoring approach for runtime service discovery
Effective runtime service discovery requires identification of services based on different service characteristics such as structural, behavioural, quality, and contextual characteristics. However, current service registries guarantee services described in terms of structural and sometimes quality characteristics and, therefore, it is not always possible to assume that services in them will have all the characteristics required for effective service discovery. In this paper, we describe a monitor-based runtime service discovery framework called MoRSeD. The framework supports service discovery in both push and pull modes of query execution. The push mode of query execution is performed in parallel to the execution of a service-based system, in a proactive way. Both types of queries are specified in a query language called SerDiQueL that allows the representation of structural, behavioral, quality, and contextual conditions of services to be identified. The framework uses a monitor component to verify if behavioral and contextual conditions in the queries can be satisfied by services, based on translations of these conditions into properties represented in event calculus, and verification of the satisfiability of these properties against services. The monitor is also used to support identification that services participating in a service-based system are unavailable, and identification of changes in the behavioral and contextual characteristics of the services. A prototype implementation of the framework has been developed. The framework has been evaluated in terms of comparison of its performance when using and when not using the monitor component
- …