5,150 research outputs found
Towards a Study of Meta-Predicate Semantics
We describe and compare design choices for meta-predicate semantics, as found
in representative Prolog module systems and in Logtalk. We look at the
consequences of these design choices from a pragmatic perspective, discussing
explicit qualification semantics, computational reflection support,
expressiveness of meta-predicate declarations, safety of meta-predicate
definitions, portability of meta-predicate definitions, and meta-predicate
performance. Our aim is to provide useful insight for debating meta-predicate
semantics and portability issues based on actual implementations and common
usage patterns.Comment: Online proceedings of the Joint Workshop on Implementation of
Constraint Logic Programming Systems and Logic-based Methods in Programming
Environments (CICLOPS-WLPE 2010), Edinburgh, Scotland, U.K., July 15, 201
Declarative Reconfigurable Trust Management
In recent years, there has been a proliferation of declarative logic-based
trust management languages and systems proposed to ease the description,
configuration, and enforcement of security policies. These systems have
different tradeoffs in expressiveness and complexity, depending on the security
constructs (e.g. authentication, delegation, secrecy, etc.) that are supported,
and the assumed trust level and scale of the execution environment. In this
paper, we present LBTrust, a unified declarative system for reconfigurable
trust management, where various security constructs can be customized and
composed in a declarative fashion. We present an initial proof-of-concept
implementation of LBTrust using LogicBlox, an emerging commercial Datalog-based
platform for enterprise software systems. The LogicBlox language enhances
Datalog in a variety of ways, including constraints and meta-programming, as
well as support for programmer defined constraints which on the meta-model
itself ? meta-constraints ? which act to restrict the set of allowable
programs. LBTrust utilizes LogicBlox?s meta-programming and meta-constraints to
enable customizable cryptographic, partitioning and distribution strategies
based on the execution environment. We present uses cases of LBTrust based on
three trust management systems (Binder, D1LP, and Secure Network Datalog), and
provide a preliminary evaluation of a Binder-based trust management system.Comment: CIDR 200
Secure Prolog-Based Mobile Code
LogicWeb mobile code consists of Prolog-like rules embedded in Web pages,
thereby adding logic programming behaviour to those pages. Since LogicWeb
programs are downloaded from foreign hosts and executed locally, there is a
need to protect the client from buggy or malicious code. A security model is
crucial for making LogicWeb mobile code safe to execute. This paper presents
such a model, which supports programs of varying trust levels by using
different resource access policies. The implementation of the model derives
from an extended operational semantics for the LogicWeb language, which
provides a precise meaning of safety.Comment: Appeared in Theory and Practice of Logic Programming, vol. 1, no. 3,
200
Multidimensional Predicates for Prolog
In 2014, Ungar et al. proposed Korz, a new computational model for
structuring adaptive (object-oriented) systems. Korz combines implicit
parameters and multiple dispatch to structure the behavior of objects in a
multidimensional space. Korz is a simple yet expressive model which does not
require special programming techniques such as the Visitor or Strategy pattern
to accommodate a system for emerging contextual requirements. We show how the
ideas of Korz can be integrated in a Prolog system by extending its syntax and
semantics with simple meta-programming techniques. We developed a library,
called mdp (multidimensional predicates) which can be used to experiment with
multidimensional Prolog systems. We highlight its benefits with numerous
scenarios such as printing debugging information, memoization, object-oriented
programming and adaptive GUIs. In particular, we point out that we can
structure and extend Prolog programs with additional concerns in a clear and
concise manner. We also demonstrate how Prolog's unique meta-programming
capabilities allow for quick experimentation with syntactical and semantical
enhancement of the new, multidimensional model. While there are many open
concerns, such as efficiency and comprehensibility in the case of larger
systems, we will see that we can use the leverage of mdp and Prolog to explore
new horizons in the design of adaptive systems.Comment: 17 pages, to be submitted to ICLP 201
Data Querying and Access Control for Secure Multiparty Computation
In the Internet of Things and smart environments data, collected from
distributed sensors, is typically stored and processed by a central middleware.
This allows applications to query the data they need for providing further
services. However, centralization of data causes several privacy threats: The
middleware becomes a third party which has to be trusted, linkage and
correlation of data from different context becomes possible and data subject
lose control over their data.
Hence, other approaches than centralized processing should be considered.
Here, Secure Multiparty Computation is a promising candidate for secure and
privacy-preserving computation happening close to the sources of the data.
In order to make SMC fit for application in these contexts, we extend SMC to
act as a service: We provide elements which allow third parties to query
computed data from a group of peers performing SMC. Furthermore, we establish
fine-granular access control on the level of individual data queries, yielding
data protection of the computed results. By adding measures to inform data
sources about requests and the usage of their data, we show how a fully
privacy-preserving service can be built on the foundation of SMC
Secure and scalable match: overcoming the universal circuit bottleneck using group programs
Confidential Content-Based Publish/Subscribe (C-CBPS) is an interaction
(pub/sub) model that allows parties to exchange data while still protecting
their security and privacy interests. In this paper we advance the state of the
art in C-CBPS by showing how all predicate circuits in NC1 (logarithmic-depth,
bounded fan-in) can be securely computed by a broker while guaranteeing perfect
information-theoretic security. Previous work could handle only strictly
shallower circuits (e.g. those with depth O(\sqrt{\lg n}) [SYY99, V76]. We
present three protocols -- UGP-Match, FSGP-Match and OFSGP-Match -- all three
are based on (2-decomposable randomized encodings of) group programs and handle
circuits in NC1. UGP-Match is conceptually simple and has a clean proof of
correctness but it is inefficient and impractical. FSGP-Match uses a "fixed
structure" trick to achieve efficiency and scalability. And, finally,
OFSGP-Match uses hand-optimized group programs to wring greater efficiencies.
We complete our investigation with an experimental evaluation of a prototype
implementation
SAFE: A Declarative Trust Management System with Linked Credentials
We present SAFE, an integrated system for managing trust using a logic-based
declarative language. Logical trust systems authorize each request by
constructing a proof from a context---a set of authenticated logic statements
representing credentials and policies issued by various principals in a
networked system.
A key barrier to practical use of logical trust systems is the problem of
managing proof contexts: identifying, validating, and assembling the
credentials and policies that are relevant to each trust decision. This paper
describes a new approach to managing proof contexts using context linking and
caching. Credentials and policies are stored as certified logic sets named by
secure identifiers in a shared key-value store. SAFE offers language constructs
to build and modify logic sets, link sets to form unions, pass them by
reference, and add them to proof contexts. SAFE fetches and validates
credential sets on demand and caches them in the authorizer. We evaluate and
discuss our experience using SAFE to build secure services based on case
studies drawn from practice: a secure name service resolver, a secure proxy
shim for a key value store, and an authorization module for a networked
infrastructure-as-a-service system with a federated trust structure.Comment: 17 pages, 7 figure
Pushing the Limits of Encrypted Databases with Secure Hardware
Encrypted databases have been studied for more than 10 years and are quickly
emerging as a critical technology for the cloud. The current state of the art
is to use property-preserving encrypting techniques (e.g., deterministic
encryption) to protect the confidentiality of the data and support query
processing at the same time. Unfortunately, these techniques have many
limitations. Recently, trusted computing platforms (e.g., Intel SGX) have
emerged as an alternative to implement encrypted databases. This paper
demonstrates some vulnerabilities and the limitations of this technology, but
it also shows how to make best use of it in order to improve on
confidentiality, functionality, and performance
Enigma: Decentralized Computation Platform with Guaranteed Privacy
A peer-to-peer network, enabling different parties to jointly store and run
computations on data while keeping the data completely private. Enigma's
computational model is based on a highly optimized version of secure
multi-party computation, guaranteed by a verifiable secret-sharing scheme. For
storage, we use a modified distributed hashtable for holding secret-shared
data. An external blockchain is utilized as the controller of the network,
manages access control, identities and serves as a tamper-proof log of events.
Security deposits and fees incentivize operation, correctness and fairness of
the system. Similar to Bitcoin, Enigma removes the need for a trusted third
party, enabling autonomous control of personal data. For the first time, users
are able to share their data with cryptographic guarantees regarding their
privacy
Recalling a Witness: Foundations and Applications of Monotonic State
We provide a way to ease the verification of programs whose state evolves
monotonically. The main idea is that a property witnessed in a prior state can
be soundly recalled in the current state, provided (1) state evolves according
to a given preorder, and (2) the property is preserved by this preorder. In
many scenarios, such monotonic reasoning yields concise modular proofs, saving
the need for explicit program invariants. We distill our approach into the
monotonic-state monad, a general yet compact interface for Hoare-style
reasoning about monotonic state in a dependently typed language. We prove the
soundness of the monotonic-state monad and use it as a unified foundation for
reasoning about monotonic state in the F* verification system. Based on this
foundation, we build libraries for various mutable data structures like
monotonic references and apply these libraries at scale to the verification of
several distributed applications.Comment: POPL'18 camera read
- …