Towards a Study of Meta-Predicate Semantics

We describe and compare design choices for meta-predicate semantics, as found in representative Prolog module systems and in Logtalk. We look at the consequences of these design choices from a pragmatic perspective, discussing explicit qualification semantics, computational reflection support, expressiveness of meta-predicate declarations, safety of meta-predicate definitions, portability of meta-predicate definitions, and meta-predicate performance. Our aim is to provide useful insight for debating meta-predicate semantics and portability issues based on actual implementations and common usage patterns.Comment: Online proceedings of the Joint Workshop on Implementation of Constraint Logic Programming Systems and Logic-based Methods in Programming Environments (CICLOPS-WLPE 2010), Edinburgh, Scotland, U.K., July 15, 201

Declarative Reconfigurable Trust Management

In recent years, there has been a proliferation of declarative logic-based trust management languages and systems proposed to ease the description, configuration, and enforcement of security policies. These systems have different tradeoffs in expressiveness and complexity, depending on the security constructs (e.g. authentication, delegation, secrecy, etc.) that are supported, and the assumed trust level and scale of the execution environment. In this paper, we present LBTrust, a unified declarative system for reconfigurable trust management, where various security constructs can be customized and composed in a declarative fashion. We present an initial proof-of-concept implementation of LBTrust using LogicBlox, an emerging commercial Datalog-based platform for enterprise software systems. The LogicBlox language enhances Datalog in a variety of ways, including constraints and meta-programming, as well as support for programmer defined constraints which on the meta-model itself ? meta-constraints ? which act to restrict the set of allowable programs. LBTrust utilizes LogicBlox?s meta-programming and meta-constraints to enable customizable cryptographic, partitioning and distribution strategies based on the execution environment. We present uses cases of LBTrust based on three trust management systems (Binder, D1LP, and Secure Network Datalog), and provide a preliminary evaluation of a Binder-based trust management system.Comment: CIDR 200

Secure Prolog-Based Mobile Code

LogicWeb mobile code consists of Prolog-like rules embedded in Web pages, thereby adding logic programming behaviour to those pages. Since LogicWeb programs are downloaded from foreign hosts and executed locally, there is a need to protect the client from buggy or malicious code. A security model is crucial for making LogicWeb mobile code safe to execute. This paper presents such a model, which supports programs of varying trust levels by using different resource access policies. The implementation of the model derives from an extended operational semantics for the LogicWeb language, which provides a precise meaning of safety.Comment: Appeared in Theory and Practice of Logic Programming, vol. 1, no. 3, 200

Multidimensional Predicates for Prolog

In 2014, Ungar et al. proposed Korz, a new computational model for structuring adaptive (object-oriented) systems. Korz combines implicit parameters and multiple dispatch to structure the behavior of objects in a multidimensional space. Korz is a simple yet expressive model which does not require special programming techniques such as the Visitor or Strategy pattern to accommodate a system for emerging contextual requirements. We show how the ideas of Korz can be integrated in a Prolog system by extending its syntax and semantics with simple meta-programming techniques. We developed a library, called mdp (multidimensional predicates) which can be used to experiment with multidimensional Prolog systems. We highlight its benefits with numerous scenarios such as printing debugging information, memoization, object-oriented programming and adaptive GUIs. In particular, we point out that we can structure and extend Prolog programs with additional concerns in a clear and concise manner. We also demonstrate how Prolog's unique meta-programming capabilities allow for quick experimentation with syntactical and semantical enhancement of the new, multidimensional model. While there are many open concerns, such as efficiency and comprehensibility in the case of larger systems, we will see that we can use the leverage of mdp and Prolog to explore new horizons in the design of adaptive systems.Comment: 17 pages, to be submitted to ICLP 201

Data Querying and Access Control for Secure Multiparty Computation

In the Internet of Things and smart environments data, collected from distributed sensors, is typically stored and processed by a central middleware. This allows applications to query the data they need for providing further services. However, centralization of data causes several privacy threats: The middleware becomes a third party which has to be trusted, linkage and correlation of data from different context becomes possible and data subject lose control over their data. Hence, other approaches than centralized processing should be considered. Here, Secure Multiparty Computation is a promising candidate for secure and privacy-preserving computation happening close to the sources of the data. In order to make SMC fit for application in these contexts, we extend SMC to act as a service: We provide elements which allow third parties to query computed data from a group of peers performing SMC. Furthermore, we establish fine-granular access control on the level of individual data queries, yielding data protection of the computed results. By adding measures to inform data sources about requests and the usage of their data, we show how a fully privacy-preserving service can be built on the foundation of SMC

Secure and scalable match: overcoming the universal circuit bottleneck using group programs

Confidential Content-Based Publish/Subscribe (C-CBPS) is an interaction (pub/sub) model that allows parties to exchange data while still protecting their security and privacy interests. In this paper we advance the state of the art in C-CBPS by showing how all predicate circuits in NC1 (logarithmic-depth, bounded fan-in) can be securely computed by a broker while guaranteeing perfect information-theoretic security. Previous work could handle only strictly shallower circuits (e.g. those with depth O(\sqrt{\lg n}) [SYY99, V76]. We present three protocols -- UGP-Match, FSGP-Match and OFSGP-Match -- all three are based on (2-decomposable randomized encodings of) group programs and handle circuits in NC1. UGP-Match is conceptually simple and has a clean proof of correctness but it is inefficient and impractical. FSGP-Match uses a "fixed structure" trick to achieve efficiency and scalability. And, finally, OFSGP-Match uses hand-optimized group programs to wring greater efficiencies. We complete our investigation with an experimental evaluation of a prototype implementation

SAFE: A Declarative Trust Management System with Linked Credentials

We present SAFE, an integrated system for managing trust using a logic-based declarative language. Logical trust systems authorize each request by constructing a proof from a context---a set of authenticated logic statements representing credentials and policies issued by various principals in a networked system. A key barrier to practical use of logical trust systems is the problem of managing proof contexts: identifying, validating, and assembling the credentials and policies that are relevant to each trust decision. This paper describes a new approach to managing proof contexts using context linking and caching. Credentials and policies are stored as certified logic sets named by secure identifiers in a shared key-value store. SAFE offers language constructs to build and modify logic sets, link sets to form unions, pass them by reference, and add them to proof contexts. SAFE fetches and validates credential sets on demand and caches them in the authorizer. We evaluate and discuss our experience using SAFE to build secure services based on case studies drawn from practice: a secure name service resolver, a secure proxy shim for a key value store, and an authorization module for a networked infrastructure-as-a-service system with a federated trust structure.Comment: 17 pages, 7 figure

Pushing the Limits of Encrypted Databases with Secure Hardware

Encrypted databases have been studied for more than 10 years and are quickly emerging as a critical technology for the cloud. The current state of the art is to use property-preserving encrypting techniques (e.g., deterministic encryption) to protect the confidentiality of the data and support query processing at the same time. Unfortunately, these techniques have many limitations. Recently, trusted computing platforms (e.g., Intel SGX) have emerged as an alternative to implement encrypted databases. This paper demonstrates some vulnerabilities and the limitations of this technology, but it also shows how to make best use of it in order to improve on confidentiality, functionality, and performance

Enigma: Decentralized Computation Platform with Guaranteed Privacy

A peer-to-peer network, enabling different parties to jointly store and run computations on data while keeping the data completely private. Enigma's computational model is based on a highly optimized version of secure multi-party computation, guaranteed by a verifiable secret-sharing scheme. For storage, we use a modified distributed hashtable for holding secret-shared data. An external blockchain is utilized as the controller of the network, manages access control, identities and serves as a tamper-proof log of events. Security deposits and fees incentivize operation, correctness and fairness of the system. Similar to Bitcoin, Enigma removes the need for a trusted third party, enabling autonomous control of personal data. For the first time, users are able to share their data with cryptographic guarantees regarding their privacy

Recalling a Witness: Foundations and Applications of Monotonic State

We provide a way to ease the verification of programs whose state evolves monotonically. The main idea is that a property witnessed in a prior state can be soundly recalled in the current state, provided (1) state evolves according to a given preorder, and (2) the property is preserved by this preorder. In many scenarios, such monotonic reasoning yields concise modular proofs, saving the need for explicit program invariants. We distill our approach into the monotonic-state monad, a general yet compact interface for Hoare-style reasoning about monotonic state in a dependently typed language. We prove the soundness of the monotonic-state monad and use it as a unified foundation for reasoning about monotonic state in the F* verification system. Based on this foundation, we build libraries for various mutable data structures like monotonic references and apply these libraries at scale to the verification of several distributed applications.Comment: POPL'18 camera read