Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

Efficient Java Code Generation of Security Protocols Specified in AnB/AnBx

The implementation of security protocols is challenging and error-prone, as experience has proved that even widely used and heavily tested protocols like TLS and SSH need to be patched every year due to low-level implementation bugs. A model-driven development approach allows automatic generation of an application, from a simpler and abstract model that can be formally verified. In this work we present the AnBx compiler, a tool for automatic generation of Java code of security protocols specified in the popular Alice & Bob notation, suitable for agile prototyping. In contrast with the existing tools, the AnBx compiler uses a simpler specification language and computes the consistency checks that agents has to perform on reception of messages. This is an important feature for robust implementations. Moreover, the tool applies various optimization strategies to achieve efficiency both at compile time and at run time. A support library interfaces the Java Cryptographic Architecture allowing for easy customization of the application

Autoantibody profile in rheumatoid arthritis during long-term infliximab treatment

The aim of the present study was to investigate the effect of long-term infliximab treatment on various autoantibodies in patients with rheumatoid arthritis. Serum samples from 30 consecutive patients, who were prospectively followed during infliximab and methotrexate therapy for refractory rheumatoid arthritis, were tested at baseline and after 30, 54 and 78 weeks. At these points, median values of the Disease Activity Score were 6.38 (interquartile range 5.30-6.75), 3.69 (2.67-4.62), 2.9 (2.39-4.65) and 3.71 (2.62-5.06), respectively. Various autoantibodies were assessed by standard indirect immunofluorescence and/or ELISA. Initially, 50% of patients were positive for antinuclear antibodies, and this figure increased to 80% after 78 weeks (P=0.029). A less marked, similar increase was found for IgG and IgM anticardiolipin antibody titre, whereas the frequency of anti-double-stranded DNA antibodies (by ELISA) exhibited a transient rise (up to 16.7%) at 54 weeks and dropped to 0% at 78 weeks. Antibodies to proteinase-3 and myeloperoxidase were not detected. The proportion of patients who were positive for rheumatoid factor (RF) was similar at baseline and at 78 weeks (87% and 80%, respectively). However, the median RF titre exhibited a progressive reduction from 128 IU/ml (interquartile range 47-290 IU/ml) to 53 IU/ml (18-106 IU/ml). Anti-cyclic citrullinated peptide (CCP) antibodies were found in 83% of patients before therapy; anti-CCP antibody titre significantly decreased at 30 weeks but returned to baseline thereafter. In conclusion, the presence of anti-double-stranded DNA antibodies is a transient phenomenon, despite a stable increase in antinuclear and anticardiolipin antibodies. Also, the evolution of RF titres and that of anti-CCP antibody titres differed during long-term infliximab therapy

Physical stratigraphy and geotechnical properties controlling the local seismic response in explosive volcanic settings: the Stracciacappa maar (central Italy)

Nowadays, policies addressed to prevention and mitigation of seismic risk need a consolidated methodology finalised to the assessment of local seismic response in explosive volcanic settings. The quantitative reconstruction of the subsoil model provides a key instrument to understand how the geometry and the internal architecture of outcropping and buried geological units have influence on the propagation of seismic waves. On this regard, we present a multidisciplinary approach in the test area of the Stracciacappa maar (Sabatini Volcanic District, central Italy), with the aim to reconstruct its physical stratigraphy and to discuss how subsoil heterogeneities control the 1D and 2D local seismic response in such a volcanic setting. We first introduce a new multidisciplinary dataset, including geological (fieldwork and log from a 45-m-thick continuous coring borehole), geophysical (electrical resistivity tomographies, single station noise measurements, and 2D passive seismic arrays), and geotechnical (simple shear tests performed on undisturbed samples) approaches. Then, we reconstruct the subsoil model for the Stracciacappa maar in terms of vertical setting and distribution of its mechanical lithotypes, which we investigate for 1D and 2D finite element site response analyses through the application of two different seismic scenarios: a volcanic event and a tectonic event. The numerical modelling documents a significant ground motion amplification (in the 1–1.5 Hz range) revealed for both seismic scenarios, with a maximum within the centre of the maar. The ground motion amplification is related to both 1D and 2D phenomena including lithological heterogeneity within the upper part of the maar section and interaction of direct S-waves with Rayleigh waves generated at edges of the most superficial lithotypes. Finally, we use these insights to associate the expected distribution of ground motion amplification with the physical stratigraphy of an explosive volcanic setting, with insights for seismic microzonation studies and local seismic response assessment in populated environments

The NASA B-757 HIRF test series: Low power on-the-ground tests

The data acquisition phase of a program intended to provide data for the validation of computational, analytical and experimental for the assessment of electromagnetic effects i n transports, for the checkout of instrumentation for following test programs, and for the support of protection engineering of airborne systems has been completed. Funded by the NASA Fly-By-Light/Power-By-Wire Program, the initial phase involved on-the-ground electromagnetic measurements using the NASA Boeing 757 and was executed in the LESLI Facility at the USAF Phillips Laboratory. The major participants were LLNL, NASA Langley Research Center, Phillips Laboratory, and UIE, Inc. Measurements were made of the fields coupled into the aircraft interior and signals induced in select structures and equipment under controlled illumination by RF fields. A characterization of the ground was also performed to permit ground effects to be included in forthcoming validation exercises. A series of fly-by experiments were conducted in early 1995 in which the NASA B-757 was flown in the vicinity of a Voice of America station ({approximately}25 MHz), a fixed transmitter driving an LP array (172 MHz), and an ASRF radar at Wallops Island (430 MHz). In this paper, the overall test program is defined with particular attention to the on-the-ground portion. It is described in detail with presentation of the test rationale, test layout, and samples of the data. Samples of some inferences from the data that will be useful in protection engineering and EM effects mitigation will also be presented

Numerical and experimental investigation of a lightweight bonnet for pedestrian safety

A topic of great consideration in current vehicle development in Europe is pedestrian protection. The enforcement of a new regulation trying to decrease the injuries to head, pelvis, and leg of pedestrian impacted by cars, is imposing great changes in vehicles' front design. In the present work a design solution for the bonnet, which is the main body part interacting with the human head during a car to pedestrian collision, is proposed. This solution meets the stiffness and safety targets, takes into account the manufacturing and recyclability requirements and gives a relevant contribution to vehicle lightweight. Thus this proposed solution puts in evidence that safety and lightweight are not incompatible targets. The amount of potential injury to the pedestrian head is evaluated, as prescribed by the standard test procedures, by means of a headform launched on the bonnet. However, the standard approach based on the head injury criterion (HIC) value only is reported to be largely unsatisfactory: therefore, a new experimental methodology for the measurement of the translational and the rotational accelerations has been developed, and the experimental results are reported. This would be a starting point for the evolution of currently adopted injury criteria to increase the safety of the vulnerable road user