465 research outputs found
Nexus Authorization Logic (NAL): Logical Results
Nexus Authorization Logic (NAL) [Schneider et al. 2011] is a logic for
reasoning about authorization in distributed systems. A revised version of NAL
is given here, including revised syntax, a revised proof theory using localized
hypotheses, and a new Kripke semantics. The proof theory is proved sound with
respect to the semantics, and that proof is formalized in Coq
Belief Semantics of Authorization Logic
Authorization logics have been used in the theory of computer security to
reason about access control decisions. In this work, a formal belief semantics
for authorization logics is given. The belief semantics is proved to subsume a
standard Kripke semantics. The belief semantics yields a direct representation
of principals' beliefs, without resorting to the technical machinery used in
Kripke semantics. A proof system is given for the logic; that system is proved
sound with respect to the belief and Kripke semantics. The soundness proof for
the belief semantics, and for a variant of the Kripke semantics, is mechanized
in Coq
Civitas: Implementation of a Threshold Cryptosystem
This paper describes the implementation of a threshold cryptosystem for Civitas, a secure electronic voting system. The cryptosystem improves the availability of Civitas by enabling tabulation to complete despite the failure of some agents. The implementation includes a sophisticated distributed key generation protocol, which was designed by Gennaro, Jarecki,
Krawczyk, and Rabin. The cryptosystem is implemented in Jif, a security-typed language
Recommended from our members
Civitas: Toward a Secure Voting System
Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through information-flow security analysis. Experimental results give a quantitative evaluation of the tradeoffs between time, cost, and security.Engineering and Applied Science
Quantifying Information Flow with Beliefs
To reason about information flow, a new model is developed that
describes how attacker beliefs change due to the attacker's observation of the execution of a probabilistic (or deterministic) program. The model enables compositional reasoning about information flow from attacks involving sequences of interactions. The model also supports a new metric for quantitative information flow that measures accuracy of an attacker's beliefs. Applying this new metric reveals inadequacies of traditional information flow metrics, which are based on reduction of uncertainty. However, the new metric is sufficiently general that it can be instantiated to measure either accuracy or uncertainty. The new metric can also be used to reason about misinformation; deterministic programs are shown to be incapable of producing misinformation. Additionally, programs in which nondeterministic choices are made by insiders, who collude with attackers, can be analyzed
Surveying definitions of election verifiability
We explore definitions of verifiability by Juels et al. (2010), Cortier et al. (2014), and Kiayias et al. (2015). We discover that voting systems vulnerable to attacks can be proven to satisfy each of those definitions and conclude they are unsuitable for the analysis of voting systems. Our results will fuel the exploration for a new definition
A Chemical Composition Survey of the Iron-Complex Globular Cluster NGC 6273 (M 19)
Recent observations have shown that a growing number of the most massive
Galactic globular clusters contain multiple populations of stars with different
[Fe/H] and neutron-capture element abundances. NGC 6273 has only recently been
recognized as a member of this "iron-complex" cluster class, and we provide
here a chemical and kinematic analysis of > 300 red giant branch (RGB) and
asymptotic giant branch (AGB) member stars using high resolution spectra
obtained with the Magellan-M2FS and VLT-FLAMES instruments. Multiple lines of
evidence indicate that NGC 6273 possesses an intrinsic metallicity spread that
ranges from about [Fe/H] = -2 to -1 dex, and may include at least three
populations with different [Fe/H] values. The three populations identified here
contain separate first (Na/Al-poor) and second (Na/Al-rich) generation stars,
but a Mg-Al anti-correlation may only be present in stars with [Fe/H] > -1.65.
The strong correlation between [La/Eu] and [Fe/H] suggests that the s-process
must have dominated the heavy element enrichment at higher metallicities. A
small group of stars with low [alpha/Fe] is identified and may have been
accreted from a former surrounding field star population. The cluster's large
abundance variations are coupled with a complex, extended, and multimodal blue
horizontal branch (HB). The HB morphology and chemical abundances suggest that
NGC 6273 may have an origin that is similar to omega Cen and M 54.Comment: Accepted for Publication in The Astrophysical Journal; 50 pages; 18
figures; 8 tables; higher resolution figures are available upon request or in
the published journal articl
Election Verifiability: Cryptographic Definitions and an Analysis of Helios, Helios-C, and JCJ
Election verifiability is defined in the computational
model of cryptography. The definition formalizes
notions of voters verifying their own votes, auditors
verifying the tally of votes, and auditors verifying that
only eligible voters vote.
The Helios (Adida et al., 2009), Helios-C (Cortier et al., 2014) and
JCJ (Juels et al., 2010) election schemes are analyzed using the definition.
Neither Helios nor Helios-C satisfy the definition
because they do not ensure that recorded ballots are
tallied in certain cases when the adversary posts malicious material on the bulletin board.
A variant of Helios is proposed and shown to satisfy the definition.
JCJ similarly does not ensure that recorded ballots are tallied in certain cases.
Moreover, JCJ does not ensure that only eligible voters vote, due to a trust assumption it makes.
A variant of JCJ is proposed and shown to satisfy a weakened definition
that incorporates the trust assumption.
Previous definitions of verifiability (Juels et al., 2010; Cortier et al., 2014; Kiayias et al., 2015)
and definitions of global verifiability (Kuesters et al., 2010; Cortier et al., 2016)
are shown to permit election schemes vulnerable to attacks, whereas the new definition
prohibits those schemes.
And a relationship between the new definition and a variant of global verifiability is shown
- …