Relational reasoning via probabilistic coupling

Probabilistic coupling is a powerful tool for analyzing pairs of probabilistic processes. Roughly, coupling two processes requires finding an appropriate witness process that models both processes in the same probability space. Couplings are powerful tools proving properties about the relation between two processes, include reasoning about convergence of distributions and stochastic dominance---a probabilistic version of a monotonicity property. While the mathematical definition of coupling looks rather complex and cumbersome to manipulate, we show that the relational program logic pRHL---the logic underlying the EasyCrypt cryptographic proof assistant---already internalizes a generalization of probabilistic coupling. With this insight, constructing couplings is no harder than constructing logical proofs. We demonstrate how to express and verify classic examples of couplings in pRHL, and we mechanically verify several couplings in EasyCrypt

Tracking Data-Flow with Open Closure Types

Type systems hide data that is captured by function closures in function types. In most cases this is a beneficial design that favors simplicity and compositionality. However, some applications require explicit information about the data that is captured in closures. This paper introduces open closure types, that is, function types that are decorated with type contexts. They are used to track data-flow from the environment into the function closure. A simply-typed lambda calculus is used to study the properties of the type theory of open closure types. A distinctive feature of this type theory is that an open closure type of a function can vary in different type contexts. To present an application of the type theory, it is shown that a type derivation establishes a simple non-interference property in the sense of information-flow theory. A publicly available prototype implementation of the system can be used to experiment with type derivations for example programs.Comment: Logic for Programming Artificial Intelligence and Reasoning (2013

Computational Soundness for Dalvik Bytecode

Automatically analyzing information flow within Android applications that rely on cryptographic operations with their computational security guarantees imposes formidable challenges that existing approaches for understanding an app's behavior struggle to meet. These approaches do not distinguish cryptographic and non-cryptographic operations, and hence do not account for cryptographic protections: f(m) is considered sensitive for a sensitive message m irrespective of potential secrecy properties offered by a cryptographic operation f. These approaches consequently provide a safe approximation of the app's behavior, but they mistakenly classify a large fraction of apps as potentially insecure and consequently yield overly pessimistic results. In this paper, we show how cryptographic operations can be faithfully included into existing approaches for automated app analysis. To this end, we first show how cryptographic operations can be expressed as symbolic abstractions within the comprehensive Dalvik bytecode language. These abstractions are accessible to automated analysis, and they can be conveniently added to existing app analysis tools using minor changes in their semantics. Second, we show that our abstractions are faithful by providing the first computational soundness result for Dalvik bytecode, i.e., the absence of attacks against our symbolically abstracted program entails the absence of any attacks against a suitable cryptographic program realization. We cast our computational soundness result in the CoSP framework, which makes the result modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape

Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties

In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA) for user mode executions. To obtain guarantees that arbitrary (and unknown) user processes are able to run isolated from privileged software and other user processes, instruction level noninterference and integrity properties are provided, along with proofs that transitions to privileged modes can only occur in a controlled manner. This work establishes a main requirement for operating system and hypervisor verification, as demonstrated for the PROSPER separation kernel. The proof is performed in the HOL4 theorem prover, taking the Cambridge model of ARM as basis. To this end, a proof tool has been developed, which assists the verification of relational state predicates semi-automatically

Sulfadimethoxine residues in rabbit muscle after extended oral treatment at therapeutic dosage

[EN] Sulfadimethoxine is extensively used in rabbit breeding for preventive and curative purpose and residues are sometimes observed in carcasses at slaughter. It has been suggested this is due to dosage and/or duration of treatment not being in compliance with the manufacturer's recommendations, which probably induces residue levels in the meat above the maximum residue limit (MRL) value of 100 ¿g/kg. In order to test this hypothesis, a study was carried out on gravid rabbits and their progeny. The animals were subjected to an extended treatment with sulfadimethoxine at therapeutic level in the feed. The feed was supplemented before pelleting with a commercial veterinary product containing 20 g of trimethoprim and 93 g of sulfadimethoxine per kg. On the basis of the dosage indicated for this commercial veterinary product, the incorporation level in the feed was 5 kg/ton (i.e. 465 g of sulfadimethoxine/ton), providing oral daily therapeutic treatment of the animals of ca. 12.5 to 50 mg of sulfadimethoxine per kg bodyweight. The mothers were treated during the last 21 d of pregnancy and during the whole period of lactation (35 d). The animals were sacrificed after a wash-out period of 12 d with blank feed. The young rabbits received the supplemented feed after weaning during the first 40 d of the fattening period. These animals were also sacrifi ced after a wash-out period of 8, 12, 15 or 20 d, respectively, with a blank feed. A sample of the leg muscle was taken for analysis. An HPLC analytical method was used to determine the sulfadimethoxine concentrations in tissue, with a LLOQ (Lower Limit Of Quantification) of 50 ¿g/kg of muscle (trimethoprim was not considered in this study). Sulfadimethoxine concentrations above the MRL value of 100 ¿g/kg were registered only in muscle from 1 out of 8 mothers and in 2 out of 8 young rabbits sacrificed 12 d after cessation of the treatment. For other young rabbits sacrificed on the 8th, 15th or 20th d after cessation of treatment, Sulphonamide concentrations in muscle always remained below the MRL value (8 animals per slaughtering time). These results show that oral treatment of rabbits with veterinary products containing sulfadimethoxine administered for a long period at the daily therapeutic level of 12.5 to 50 mg/kg does not seem to induce the accumulation of this molecule in muscle.Barthe, C.; Guicherd, A.; Quillon, J. (2009). Sulfadimethoxine residues in rabbit muscle after extended oral treatment at therapeutic dosage. World Rabbit Science. 17(3):137-144. doi:10.4995/wrs.2009.65313714417

Metallicity determination in gas-rich galaxies with semiempirical methods

A study of the precision of the semiempirical methods used in the determination of the chemical abundances in gas-rich galaxies is carried out. In order to do this the oxygen abundances of a total of 438 galaxies were determined using the electronic temperature, the $R_{23}$ and the P methods. The new calibration of the P method gives the smaller dispersion for the low and high metallicity regions, while the best numbers in the turnaround region are given by the $R_{23}$ method. We also found that the dispersion correlates with the metallicity. Finally, it can be said that all the semiempirical methods studied here are quite insensitive to metallicity with a value of $8.0\pm0.2$ dex for more than 50% of the total sample. \keywords{ISM: abundances; (ISM): H {\sc ii} regions}Comment: 26 pages, 9 figures and 2 tables. To appear at AJ, January 200

Geometric inequalities from phase space translations

We establish a quantum version of the classical isoperimetric inequality relating the Fisher information and the entropy power of a quantum state. The key tool is a Fisher information inequality for a state which results from a certain convolution operation: the latter maps a classical probability distribution on phase space and a quantum state to a quantum state. We show that this inequality also gives rise to several related inequalities whose counterparts are well-known in the classical setting: in particular, it implies an entropy power inequality for the mentioned convolution operation as well as the isoperimetric inequality, and establishes concavity of the entropy power along trajectories of the quantum heat diffusion semigroup. As an application, we derive a Log-Sobolev inequality for the quantum Ornstein-Uhlenbeck semigroup, and argue that it implies fast convergence towards the fixed point for a large class of initial states.Comment: 37 pages; updated to match published versio

In-flight calibration of the Hot Ion Analyser on board Cluster

The Hot Ion Analyser (HIA), part of the Cluster Ion Spectrometry experiment, has the objective to measure the three-dimensional velocity distributions of ions. Due to a variety of factors (exposure to radiation, detector fatigue and aging, changes in the operating parameters, etc.), the particles' detection efficiency changes over time, prompting for continuous in-flight calibration. This is achieved by comparing the HIA data with the data provided by the WHISPER (Waves of HIgh frequency and Sounder for Probing of Electron density by Relaxation) experiment on magnetosheath intervals, for the high-sensitivity section of the instrument, or solar wind intervals, for the low-sensitivity section. The paper presents in detail the in-flight calibration methodology, reports on the work carried out for calibrating HIA and discusses plans to extend this activity in order to ensure the instrument's highest data accuracy

Isoperimetry and stability of hyperplanes for product probability measures

International audienceWe investigate stationarity and stability of half-spaces as isoperimetric sets for product probability measures, considering the cases of coordinate and non-coordinate half-spaces. Moreover, we present several examples to which our results can be applied, with a particular emphasis on the logistic measure