On Strong and Weak Sustainability, with an Application to Self-Suspending Real-Time Tasks

Motivated by an apparent contradiction regarding whether certain scheduling policies are sustainable, we revisit the topic of sustainability in real-time scheduling and argue that the existing definitions of sustainability should be further clarified and generalized. After proposing a formal, generic sustainability theory, we relax the existing notion of (strongly) sustainable scheduling policy to provide a new classification called weak sustainability. Proving weak sustainability properties allows reducing the number of variables that must be considered in the search of a worst-case schedule, and hence enables more efficient schedulability analyses and testing regimes even for policies that are not (strongly) sustainable. As a proof of concept, and to better understand a model for which many mistakes were found in the literature, we study weak sustainability in the context of dynamic self-suspending tasks, where we formalize a generic suspension model using the Coq proof assistant and provide a machine-checked proof that any JLFP scheduling policy is weakly sustainable with respect to job costs and variable suspension times

On Strong and Weak Sustainability, with an Application to Self-Susp ending Real-Time Tasks

Motivated by an apparent contradiction regarding whether certain scheduling policies are sustainable, we revisit the topic of sustainability in real-time scheduling and argue that the existing definitions of sustainability should be further clarified and generalized. After proposing a formal, generic sustainability theory, we relax the existing notion of (strongly) sustainable scheduling policy to provide a new classification called weak sustainability. Proving weak sustainability properties allows reducing the number of variables that must be considered in the search of a worst-case schedule, and hence enables more efficient schedulability analyses and testing regimes even for policies that are not (strongly) sustainable. As a proof of concept, and to better understand a model for which many mistakes were found in the literature, we study weak sustainability in the context of dynamic self-suspending tasks, where we formalize a generic suspension model using the Coq proof assistant and provide a machine-checked proof that any JLFP scheduling policy is weakly sustainable with respect to job costs and variable suspension times.info:eu-repo/semantics/publishedVersio

HOW FAR AWAY ARE GAMMA-RAY BURSTERS?

The positions of over 1000 gamma-ray bursts detected with the BATSE experiment on board of the Compton Gamma Ray Observatory are uniformly and randomly distributed in the sky, with no significant concentration to the galactic plane or to the galactic center. The strong gamma-ray bursts have an intensity distribution consistent with a number density independent of distance in Euclidean space. Weak gamma-ray bursts are relatively rare, indicating that either their number density is reduced at large distances or that the space in which they are distributed is non-Euclidean. In other words, we appear to be at the center of a spherical and bounded distribution of bursters. This is consistent with the distribution of all objects that are known to be at cosmological distances (like galaxies and quasars), but inconsistent with the distribution of any objects which are known to be in our galaxy (like stars and globular clusters). If the bursters are at cosmological distances then the weakest bursts should be redshifted, i.e. on average their durations should be longer and their spectra should be softer than the corresponding quantities for the strong bursts. There is some evidence for both effects in the BATSE data. At this time the cosmological distance scale is strongly favored over the galactic one, but is not proven. A definite proof (or dis-proof) could be provided with the results of a search for very weak bursts in the Andromeda galaxy (M31) with an instrument $\sim 10$ times more sensitive than BATSE. If the bursters are indeed at cosmological distances then they are the most luminous sources of electromagnetic radiation known in the universe. At this time we have no clue as to their nature, even though well over a hundred suggestions were published in the scientific journals. An experiment providingComment: gziped, uuencoded PostScript with figures, presented at the 75th Anniversary Astronomical Debate "The Distance Scale to Gamma Ray Bursts", to appear in PASP; also available through WWW at http://www.astro.princeton.edu/~library/prep.html

Automated Certification of Authorisation Policy Resistance

Attribute-based Access Control (ABAC) extends traditional Access Control by considering an access request as a set of pairs attribute name-value, making it particularly useful in the context of open and distributed systems, where security relevant information can be collected from different sources. However, ABAC enables attribute hiding attacks, allowing an attacker to gain some access by withholding information. In this paper, we first introduce the notion of policy resistance to attribute hiding attacks. We then propose the tool ATRAP (Automatic Term Rewriting for Authorisation Policies), based on the recent formal ABAC language PTaCL, which first automatically searches for resistance counter-examples using Maude, and then automatically searches for an Isabelle proof of resistance. We illustrate our approach with two simple examples of policies and propose an evaluation of ATRAP performances.Comment: 20 pages, 4 figures, version including proofs of the paper that will be presented at ESORICS 201

PPP-Completeness with Connections to Cryptography

Polynomial Pigeonhole Principle (PPP) is an important subclass of TFNP with profound connections to the complexity of the fundamental cryptographic primitives: collision-resistant hash functions and one-way permutations. In contrast to most of the other subclasses of TFNP, no complete problem is known for PPP. Our work identifies the first PPP-complete problem without any circuit or Turing Machine given explicitly in the input, and thus we answer a longstanding open question from [Papadimitriou1994]. Specifically, we show that constrained-SIS (cSIS), a generalized version of the well-known Short Integer Solution problem (SIS) from lattice-based cryptography, is PPP-complete. In order to give intuition behind our reduction for constrained-SIS, we identify another PPP-complete problem with a circuit in the input but closely related to lattice problems. We call this problem BLICHFELDT and it is the computational problem associated with Blichfeldt's fundamental theorem in the theory of lattices. Building on the inherent connection of PPP with collision-resistant hash functions, we use our completeness result to construct the first natural hash function family that captures the hardness of all collision-resistant hash functions in a worst-case sense, i.e. it is natural and universal in the worst-case. The close resemblance of our hash function family with SIS, leads us to the first candidate collision-resistant hash function that is both natural and universal in an average-case sense. Finally, our results enrich our understanding of the connections between PPP, lattice problems and other concrete cryptographic assumptions, such as the discrete logarithm problem over general groups