25 research outputs found

    Structural studies of human mitochondrial LonP1 and cytosolic prefoldin involved in protein homeostasis

    Get PDF
    The mitochondrial Lon protease homolog (LonP1) hexamer controls mitochondrial health by digesting proteins from the mitochondrial matrix that are damaged or must be removed. Understanding how it is regulated requires characterizing its mechanism. Here, we show how human LonP1 functions, based on eight different conformational states that we determined by cryo-EM with a resolution locally extending to 3.6 Å for the best ordered states. LonP1 has a poorly ordered N-terminal part with apparent threefold symmetry, which apparently binds substrate protein and feeds it into its AAA+ unfoldase core. This translocates the extended substrate protein into a proteolytic cavity, in which we report an additional, previously unidentified Thr-type proteolytic center. Threefold rocking movements of the flexible N-terminal assembly likely assist thermal unfolding of the substrate protein. Our data suggest LonP1 may function as a sixfold cyclical Brownian ratchet controlled by ATP hydrolysis

    Featherweight VeriFast

    Full text link
    VeriFast is a leading research prototype tool for the sound modular verification of safety and correctness properties of single-threaded and multithreaded C and Java programs. It has been used as a vehicle for exploration and validation of novel program verification techniques and for industrial case studies; it has served well at a number of program verification competitions; and it has been used for teaching by multiple teachers independent of the authors. However, until now, while VeriFast's operation has been described informally in a number of publications, and specific verification techniques have been formalized, a clear and precise exposition of how VeriFast works has not yet appeared. In this article we present for the first time a formal definition and soundness proof of a core subset of the VeriFast program verification approach. The exposition aims to be both accessible and rigorous: the text is based on lecture notes for a graduate course on program verification, and it is backed by an executable machine-readable definition and machine-checked soundness proof in Coq

    Gestion unifiée et dynamique de la sécurité : un cadriciel dirigé par les situations

    Get PDF
    Les systèmes de gestion de la sécurité (SGS) font le lien entre les exigences de sécurité et le domaine d'application technique. D'un côté, le SGS doit permettre à l'administrateur sécurité de traduire les exigences de sécurité en configurations de sécurité (appelé ici le processus de déploiement). De l'autre, il doit lui fournir des mécanismes de supervision (tels que des SIEM, IDS, fichiers de logs, etc.) afin de vérifier que l'état courant du système est toujours conforme aux exigences de sécurité (appelé ici processus de supervision). Aujourd'hui, garantir que les exigences de sécurité sont respectées nécessite une intervention humaine. En effet, les processus de déploiement et de supervision ne sont pas reliés entre eux. Ainsi, les SGS ne peuvent garantir que les exigences de sécurité sont toujours respectées lorsque le comportement du système change. Dans le cadre du projet européen PREDYKOT, nous avons tenté de boucler la boucle de gestion en intégrant les informations sur le changement de comportement du système et en les injectant dans le processus de déploiement. Cela permet de faire appliquer des mesures de sécurité dynamiques en fonction des changements de comportement du système. Toutefois, il existe diverses approches pour exprimer et mettre en œuvre des politiques de sécurité. Chaque solution de gestion est dédiée à des problématiques de gestion des autorisations ou à celles des configurations de sécurité. Chaque solution fournit son propre langage de politique, son propre modèle architectural et son propre protocole de gestion. Or, il est nécessaire de gérer à la fois les autorisations et les configurations de sécurité de manière unifiée. Notre contribution porte principalement sur trois points : Le retour d'information de supervision : Le processus de supervision capture le comportement dynamique du système au travers d'évènements. Chaque évènement transporte peu de sens. Nous proposons de considérer non pas les évènements individuellement mais de les agréger pour former des situations afin d'amener plus de sémantique sur l'état du système. Nous utilisons ce concept pour relier les exigences de sécurité, les changements dans le système et les politiques de sécurité à appliquer. Un nouvel agent, appelé gestionnaire de situations, est responsable de la gestion du cycle de vie des situations (début et fin de situation, etc.) Nous avons implanté cet agent grâce à la technologie de traitement des évènements complexes. Expression de la politique : Nous proposons d'utiliser le concept de situation comme élément central pour exprimer des politiques de sécurité dynamiques. Les décisions de sécurité peuvent être alors automatiquement dirigées par les situations sans avoir besoin de changer la règle courante. Nous appliquons l'approche de contrôle d'accès à base d'attributs pour spécifier nos politiques. Cette approche orientée par les situations facilite l'écriture des règles de sécurité mais aussi leur compréhension. De plus, ces politiques étant moins techniques, elles sont plus proches des besoins métiers. L'architecture de gestion : Nous présentons une architecture de gestion orientée événement qui supporte la mise en œuvre de politiques de sécurité dirigées par les situations. Considérer les messages de gestion en terme d'évènements, nous permet d'être indépendant de tout protocole de gestion. En conséquence, notre architecture couvre de manière unifiée les approches de gestion des autorisations comme des configurations (obligations) selon les modèles de contrôle de politiques en externalisation comme en approvisionnement. De plus, les agents de gestion sont adaptables et peuvent être dynamiquement améliorés avec de nouvelles fonctionnalités de gestion si besoin. Notre cadriciel a été complètement implanté et est conforme au standard XACMLv3 d'OASIS. Enfin, nous avons évalué la généricité de notre approche à travers quatre scénarii.A Security Management System (SMS) connects security requirements to the technical application domain. On the one hand, an SMS must allow the security administrator/officer to translate the security requirements into security configurations that is known as the enforcement process. On the other hand, it must supply the administrator/officer with monitoring features (SIEM, IDS, log files, etc.) to verify that the environments' changes do not affect the compliance to the predefined security requirements known as the monitoring process. Nowadays, guarantying security objectives requires a human intervention. Therefore, the SMS enforcement process is disconnected from the monitoring process. Thus, an SMS cannot dynamically guarantee that security requirements are still satisfied when environment behavior changings are observed. As part of the European project PREDYKOT, we have worked on closing the management loop by establishing a feedback on the dynamic behavior, captured from the environment, to impact the enforcement process. As a result, expressing and applying a dynamic security policy will be possible. However, many policy expression and enforcement approaches exist currently. Each security management solution is dedicated to some specific issues related to authorization or to system/network management. Each solution provides a specific policy language, an architectural model and a management protocol. Nevertheless, closing the management loop implies managing both authorizations and system/network configurations in a unified framework. Our contribution tackles the following three main issues: Feedback: The monitoring process captures the highly dynamics of the behavior through events. However, each event is not semantically associated with other events. We propose to get more semantics about behavior's changings thus introducing the concept of "situation" to be dealt with in security management applications. This concept aggregates events and links relevant security requirements, relevant behavior changes, and relevant policy rules. A new management agent, called the situation manager, has been added. The latter is responsible for the management process of the situations lifecycle (situation beginning and ending, etc.). We implement this software module using the complex event processing technology. Policy Expression: We propose to specify dynamic security policies oriented by situations. By doing so, the expression of the security policy rules becomes simpler to understand, easier to write and closer to the business and security needs. Hence, each relevant situation orients automatically the policy evaluation process towards a new dynamic decision that doesn't require updating the policy rules. We apply the attribute-based expression approach because of its ability to represent everything through attribute terms, which is a flexible way to express our dynamic policy rules. Enforcement Architecture: we propose a unified and adaptive architecture that supports situations-oriented policies enforcement. We choose to build an event-driven architecture. Exchanging management messages in terms of events allows our architecture to be independent from the management protocols. Thus, it covers in a unified way authorizations as well as configurations management approaches considering both provisioning and outsourcing policy control models. In addition, management agents are adaptable and can be upgraded dynamically with new management functionalities. Our framework has been implemented and is compliant with the OASIS XACMLv3 standard. Finally, we evaluated our contributed according to four different scenarios to prove its generic nature

    Automated reasoning for reflective programs

    Get PDF
    Reflective programming allows one to construct programs that manipulate or examine their behaviour or structure at runtime. One of the benefits is the ability to create generic code that is able to adapt to being incorporated into different larger programs, without modifications to suit each concrete setting. Due to the runtime nature of reflection, static verification is difficult and has been largely ignored or only weakly supported. This work focusses on supporting verification for cases where generic code that uses reflection is to be used in a “closed” program where the structure of the program is known in advance. This thesis first describes extensions to a verification system and semi-automated tool that was developed to reason about heap-manipulating programs which may store executable code on the heap. These extensions enable the tool to support a wider range of programs on account of the ability to provide stronger specifications. The system’s underlying logic is an extension of separation logic that includes nested Hoare-triples which describe behaviour of stored code. Using this verification tool, with the crucial enhancements in this work, a specified reflective library has been created. The resulting work presents an approach where metadata is stored on the heap such that the reflective library can be implemented using primitive commands and then specified and verified, rather than developing new proof rules for the reflective operations. The supported reflective functions characterise a subset of Java’s reflection library and the specifications guarantee both memory safety and a degree of functional correctness. To demonstrate the application of the developed solution two case studies are carried out, each of which focuses on different reflection features. The contribution to knowledge is a first look at how to support semi-automated static verification of reflective programs with meaningful specifications

    User-centered visual analysis using a hybrid reasoning architecture for intensive care units

    Get PDF
    One problem pertaining to Intensive Care Unit information systems is that, in some cases, a very dense display of data can result. To ensure the overview and readability of the increasing volumes of data, some special features are required (e.g., data prioritization, clustering, and selection mechanisms) with the application of analytical methods (e.g., temporal data abstraction, principal component analysis, and detection of events). This paper addresses the problem of improving the integration of the visual and analytical methods applied to medical monitoring systems. We present a knowledge- and machine learning-based approach to support the knowledge discovery process with appropriate analytical and visual methods. Its potential benefit to the development of user interfaces for intelligent monitors that can assist with the detection and explanation of new, potentially threatening medical events. The proposed hybrid reasoning architecture provides an interactive graphical user interface to adjust the parameters of the analytical methods based on the users' task at hand. The action sequences performed on the graphical user interface by the user are consolidated in a dynamic knowledge base with specific hybrid reasoning that integrates symbolic and connectionist approaches. These sequences of expert knowledge acquisition can be very efficient for making easier knowledge emergence during a similar experience and positively impact the monitoring of critical situations. The provided graphical user interface incorporating a user-centered visual analysis is exploited to facilitate the natural and effective representation of clinical information for patient care

    Verification of unloadable C modules (Extended version)

    No full text
    Programs in unsafe languages, like C and C++, may dynamically load and unload modules. For example, some operating system kernels support dynamic loading and unloading of device drivers. This causes specific difficulties in the verification of such programs and modules; in particular, it must be verified that no functions or global variables from the module are used after the module is unloaded. We present the approach we used to add support for loading and unloading modules to our separation-logic-based program verifier VeriFast. Our approach to the specification and verification of function pointer calls, based on parameterizing function types by predicates, is sound in the presence of unloading, but at the same time does not complicate the verification of programs that perform no unloading, and does not require callers to distinguish between function pointers that point into unloadable modules and ones that do not. We offer a machine-checked formalization and soundness proof and we report on verifying a small kernel-like program using VeriFast. To the best of our knowledge, ours is the first approach for sound modular verification of C programs that load and unload modules.nrpages: 22status: publishe

    Verification of Unloadable Modules

    No full text
    load and unload modules. For example, some operating system kernels support dynamic loading and unloading of device drivers. This causes specific difficulties in the verification of such programs and modules; in particular, it must be verified that no functions or global variables from the module are used after the module is unloaded. We present the approach we used to add support for loading and unloading modules to our separation-logic-based program verifier VeriFast. Our approach to the specification and verification of function pointer calls, based on parameterizing function types by predicates, is sound in the presence of unloading, but at the same time does not complicate the verification of programs that perform no unloading, and does not require callers to distinguish between function pointers that point into unloadable modules and ones that do not. We offer a machine-checked formalization and soundness proof and we report on verifying a small kernel-like program using VeriFast. To the best of our knowledge, ours is the first approach for sound modular verification of C programs that load and unload modules.

    Enhanced specification expressivity for verification with separation logic

    Get PDF
    Ph.DDOCTOR OF PHILOSOPH
    corecore