On Pitts' Relational Properties of Domains

Andrew Pitts' framework of relational properties of domains is a powerful method for defining predicates or relations on domains, with applications ranging from reasoning principles for program equivalence to proofs of adequacy connecting denotational and operational semantics. Its main appeal is handling recursive definitions that are not obviously well-founded: as long as the corresponding domain is also defined recursively, and its recursion pattern lines up appropriately with the definition of the relations, the framework can guarantee their existence. Pitts' original development used the Knaster-Tarski fixed-point theorem as a key ingredient. In these notes, I show how his construction can be seen as an instance of other key fixed-point theorems: the inverse limit construction, the Banach fixed-point theorem and the Kleene fixed-point theorem. The connection underscores how Pitts' construction is intimately tied to the methods for constructing the base recursive domains themselves, and also to techniques based on guarded recursion, or step-indexing, that have become popular in the last two decades

A Methodology For Micro-Policies

This thesis proposes a formal methodology for defining, specifying, and reasoning about micro-policies — security policies based on fine-grained tagging that include forms of access control, memory safety, compartmentalization, and information-flow control. Our methodology is based on a symbolic machine that extends a conventional RISC-like architecture with tags. Tags express security properties of parts of the program state ( this is an instruction, this is secret, etc.), and are checked and propagated on every instruction according to flexible user-supplied rules. We apply this methodology to two widely studied policies, information-flow control and heap memory safety, implementing them with the symbolic machine and formally characterizing their security guarantees: for information-flow control, we prove a classic notion of termination-insensitive noninterference; for memory safety, a novel property that protects memory regions that a program cannot validly reach through the pointers it possesses — which, we believe, provides a useful criterion for evaluating and comparing different flavors of memory safety. We show how the symbolic machine can be realized with a more practical processor design, where a software monitor takes advantage of a hardware cache to speed up its execution while protecting itself from potentially malicious user-level code. Our development has been formalized and verified in the Coq proof assistant, attesting that our methodology can provide rigorous security guarantees

Really Natural Linear Indexed Type Checking

Recent works have shown the power of linear indexed type systems for enforcing complex program properties. These systems combine linear types with a language of type-level indices, allowing more fine-grained analyses. Such systems have been fruitfully applied in diverse domains, including implicit complexity and differential privacy. A natural way to enhance the expressiveness of this approach is by allowing the indices to depend on runtime information, in the spirit of dependent types. This approach is used in DFuzz, a language for differential privacy. The DFuzz type system relies on an index language supporting real and natural number arithmetic over constants and variables. Moreover, DFuzz uses a subtyping mechanism to make types more flexible. By themselves, linearity, dependency, and subtyping each require delicate handling when performing type checking or type inference; their combination increases this challenge substantially, as the features can interact in non-trivial ways. In this paper, we study the type-checking problem for DFuzz. We show how we can reduce type checking for (a simple extension of) DFuzz to constraint solving over a first-order theory of naturals and real numbers which, although undecidable, can often be handled in practice by standard numeric solvers

Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation

Compartmentalization is good security-engineering practice. By breaking a large software system into mutually distrustful components that run with minimal privileges, restricting their interactions to conform to well-defined interfaces, we can limit the damage caused by low-level attacks such as control-flow hijacking. When used to defend against such attacks, compartmentalization is often implemented cooperatively by a compiler and a low-level compartmentalization mechanism. However, the formal guarantees provided by such compartmentalizing compilation have seen surprisingly little investigation. We propose a new security property, secure compartmentalizing compilation (SCC), that formally characterizes the guarantees provided by compartmentalizing compilation and clarifies its attacker model. We reconstruct our property by starting from the well-established notion of fully abstract compilation, then identifying and lifting three important limitations that make standard full abstraction unsuitable for compartmentalization. The connection to full abstraction allows us to prove SCC by adapting established proof techniques; we illustrate this with a compiler from a simple unsafe imperative language with procedures to a compartmentalized abstract machine.Comment: Nit

Projeto conceitual de uma injetora de bancada para moldagem por injeção de pequenos lotes de produtos termoplásticos utilizando moldes fabricados por manufatura aditiva

Trabalho de Conclusão de Curso (Graduação)A moldagem por injeção (MPI) é o principal método de transformação de polímeros. O molde, juntamente com a injetora, tem a função de dar forma ao produto injetado. Moldes metálicos são ferramentais de elevado valor agregado e por isso demandam grandes lotes para cobrir o seu custo de fabricação. Uma solução já estabelecida para os lotes pequenos é a moldagem por injeção de baixa tiragem (low-run injection molding) utilizando um molde fabricado por manufatura aditiva (MA), popularmente conhecida como impressão 3D. Nesse caso, o desafio passa ser a disponibilidade e/ou o custo de uma máquina injetora. O desenvolvimento de uma injetora de bancada viabilizaria a MPI de baixa tiragem em laboratórios de pesquisa e empresas com necessidade de produção em pequena escala. Tal equipamento já existe no mercado, porém o custo é elevado. Nesse contexto, o presente trabalho teve como objetivo elaborar um projeto conceitual de uma injetora de bancada para moldagem por injeção de baixa tiragem de produtos termoplásticos utilizando moldes com matrizes intercambiáveis fabricadas por MA. Para atingir esse objetivo a estratégia foi fazer uma revisão bibliográfica sobre o tema e um benchmarking das injetoras de bancada disponíveis no mercado. A partir disso, foram elaboradas questões fundamentais que nortearam o desenvolvimento do projeto conceitual, como tipo de estrutura, mecanismo de fechamento, sistema de extração, etc. Por fim, foi elaborado um esboço de um conceito de injetora de bancada em software CAD. A partir desse projeto conceitual e do esboço elaborado no presente trabalho, pretende se projetar e fabricar uma injetora de bancada funcional em trabalhos futuros

A reforma do Conselho de Segurança da ONU: entre a necessidade e a possibilidade

O presente trabalho trata a respeito da reforma do Conselho de Segurança das Nações Unidas. Primeiramente, o trabalho se dedicará à evolução do sistema de segurança coletiva para entender os processos históricos que resultaram na criação da ONU. A partir de então seu Conselho de Segurança, responsável pela manutenção da paz e da segurança internacionais, será analisado de forma específica, discorrendo a respeito de toda a sua estrutura, para finalmente poder identificar suas falhas, apontar as críticas contra ele e avaliar as diferentes propostas de reforma em discussão, bem como os obstáculos a sua realização

A Verified Information-Flow Architecture

SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and flexible propagation and combination of tags as instructions are executed. The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. We present a formal, machine-checked model of the key hardware and software mechanisms used to dynamically control information flow in SAFE and an end-to-end proof of noninterference for this model. We use a refinement proof methodology to propagate the noninterference property of the abstract machine down to the concrete machine level. We use an intermediate layer in the refinement chain that factors out the details of the information-flow control policy and devise a code generator for compiling such information-flow policies into low-level monitor code. Finally, we verify the correctness of this generator using a dedicated Hoare logic that abstracts from low-level machine instructions into a reusable set of verified structured code generators

Transcriptogramer: pacote em R para análise transcricional

The transcriptogram, a method used on transcriptomes analysis, uses protein-protein interaction data to build an ordered gene list. On this list, genes are placed such that the probability of interaction between its products exponentially decreases with the increase of the distance between its positions. The ordered gene list is then used to calculate the average expression value of functionally associated genes in a window with settable radius, allowing the differential expression of non-predefined gene sets in case-control studies. This study aims to implement an R package that uses transcriptograms and integrates features from packages known by the scientific community, able to perform: differential expression, functional enrichment, and network visualization. The transcriptogramer package was implemented and is available at Bioconductor, a repository for open source softwares developed in the R language for use in bioinformatics. In a comparison between the transcriptogramer and a pipeline combining features from limma and topGO packages, was noticed that the transcriptogramer identified nearly 10 times more Gene Ontology terms significantly enriched, among which most of the terms identified by the conventional pipeline were found.O transcriptograma, um método utilizado na análise de transcriptomas, utiliza dados de interação proteína-proteína para construir uma lista ordenada de genes. Nesta lista, genes são posicionados de forma que a probabilidade de interação entre seus produtos decaia exponencialmente com o aumento da distância entre suas posições. A lista ordenada de genes é então utilizada para calcular o valor de expressão médio de genes funcionalmente associados numa janela com raio configurável, permitindo a expressão diferencial de grupos gênicos não pré-definidos em estudos caso-controle. O objetivo deste estudo é a implementação de um pacote em R que use transcriptogramas e integre funcionalidades de pacotes já conhecidos pela comunidade científica, capaz de realizar: expressão diferencial, enriquecimento funcional, e visualização de rede. O pacote transcriptogramer foi implementado e encontra-se disponível no Bioconductor, um repositório para softwares open source desenvolvidos na linguagem R para utilização em bioinformática. Numa comparação entre o transcriptogramer e um pipeline combinando funcionalidades dos pacotes limma e topGO, observou-se que o transcriptogramer identificou aproximadamente 10 vezes mais termos do Gene Ontology significativamente enriquecidos, dentre os quais foram encontrados a maioria dos termos identificados pelo pipeline convencional