Nonmalleable Information Flow: Technical Report

Noninterference is a popular semantic security condition because it offers strong end-to-end guarantees, it is inherently compositional, and it can be enforced using a simple security type system. Unfortunately, it is too restrictive for real systems. Mechanisms for downgrading information are needed to capture real-world security requirements, but downgrading eliminates the strong compositional security guarantees of noninterference. We introduce nonmalleable information flow, a new formal security condition that generalizes noninterference to permit controlled downgrading of both confidentiality and integrity. While previous work on robust declassification prevents adversaries from exploiting the downgrading of confidentiality, our key insight is transparent endorsement, a mechanism for downgrading integrity while defending against adversarial exploitation. Robust declassification appeared to break the duality of confidentiality and integrity by making confidentiality depend on integrity, but transparent endorsement makes integrity depend on confidentiality, restoring this duality. We show how to extend a security-typed programming language with transparent endorsement and prove that this static type system enforces nonmalleable information flow, a new security property that subsumes robust declassification and transparent endorsement. Finally, we describe an implementation of this type system in the context of Flame, a flow-limited authorization plugin for the Glasgow Haskell Compiler

JMatch: Java plus Pattern Matching

The JMatch language extends Java with \emph{iterable abstract pattern matching}, pattern matching that is compatible with the data abstraction features of Java and makes iteration abstractions convenient. JMatch has ML-style deep pattern matching, but patterns can be abstract; they are not tied to algebraic data constructors. A single JMatch method may be used in several modes; modes may share a single implementation as a boolean formula. Modal abstraction simplifies specification and implementation of abstract data types. This paper describes the JMatch language and its implementation. (updated April 20, 2005)

Cis-regulatory basis of sister cell type divergence in the vertebrate retina

Multicellular organisms evolved via repeated functional divergence of transcriptionally related sister cell types, but the mechanisms underlying sister cell type divergence are not well understood. Here, we study a canonical pair of sister cell types, retinal photoreceptors and bipolar cells, to identify the ke

Stringy Effects During Inflation and Reheating

We consider inflationary cosmology in the context of string compactifications with multiple throats. In scenarios where the warping differs significantly between throats, string and Kaluza-Klein physics can generate potentially observable corrections to the cosmology of inflation and reheating. First we demonstrate that a very low string scale in the ground state compactification is incompatible with a high Hubble scale during inflation, and we propose that the compactification geometry is altered during inflation. In this configuration, the lowest scale is just above the Hubble scale, which is compatible with effective field theory but still leads to potentially observable CMB corrections. Also in the appropriate region of parameter space, we find that reheating leads to a phase of long open strings in the Standard Model sector (before the usual radiation-dominated phase). We sketch the cosmology of the long string phase and we discuss possible observational consequences.Comment: 33pp, RevTeX4, v2. minor changes, added ref

Civitas: Toward a Secure Voting System

Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through information-flow security analysis. Experimental results give a quantitative evaluation of the tradeoffs between time, cost, and security.Engineering and Applied Science

Observations of Global and Local Infall in NGC 1333

We report ``infall asymmetry'' in the HCO$^+$ (1--0) and (3--2) lines toward NGC 1333, extended over $\sim 0.39 {\rm pc}^2$, a larger extent than has been reported be fore, for any star-forming region. The infall asymmetry extends over a major portion of the star-forming complex, and is not limited to a single protostar, or to a single dense core, or to a single spectral line. It seems likely that the infall asymmetry represents inward motions, and that these motions are physically associated with the complex. Both blue-asymmetric and red-asymmetric lines are seen, but in both the (3--2) and (1--0) lines of HCO$^+$ the vast majority of the asymmetric lines are blue, indicating inward motions. The (3--2) line, tracing denser gas, has the spectra with the strongest asymmetry and these spectra are associated with the protostars IRAS 4A and 4B, which most likely indicates a warm central source is affecting the line profiles. The (3--2) and (1--0) lines usually have the same sense of asymmetry in common positions, but their profiles differ significantly, and the (1--0) line appears to trace motions on much larger spatial scales than does the (3--2) line. Line profile models fit the spectra well, but do not strongly constrain their parameters. The mass accretion rate of the inward motions is of order 10$^{-4}$ M$_\odot$/yr, similar to the ratio of stellar mass to cluster age.Comment: 28 pages, 11 figures, 1 colour figur

07091 Abstracts Collection -- Mobility, Ubiquity and Security

From 25.02.2007 to 02.03.2007, the Dagstuhl Seminar 07091 ``Mobility, Ubiquity and Security\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available