Proof Theory, Transformations, and Logic Programming for Debugging Security Protocols

We define a sequent calculus to formally specify, simulate, debug and verify security protocols. In our sequents we distinguish between the current knowledge of principals and the current global state of the session. Hereby, we can describe the operational semantics of principals and of an intruder in a simple and modular way. Furthermore, using proof theoretic tools like the analysis of permutability of rules, we are able to find efficient proof strategies that we prove complete for special classes of security protocols including Needham-Schroeder. Based on the results of this preliminary analysis, we have implemented a Prolog meta-interpreter which allows for rapid prototyping and for checking safety properties of security protocols, and we have applied it for finding error traces and proving correctness of practical examples

SpecCert: Specifying and Verifying Hardware-based Security Enforcement

Over time, hardware designs have constantly grown in complexity and modern platforms involve multiple interconnected hardware components. During the last decade, several vulnerability disclosures have proven that trust in hardware can be misplaced. In this article, we give a formal definition of Hardware-based Security Enforcement (HSE) mechanisms, a class of security enforcement mechanisms such that a software component relies on the underlying hardware platform to enforce a security policy. We then model a subset of a x86-based hardware platform specifications and we prove the soundness of a realistic HSE mechanism within this model using Coq, a proof assistant system

Middle-out reasoning for synthesis and induction

We develop two applications of middle-out reasoning in inductive proofs: Logic program synthesis and the selection of induction schemes. Middle-out reasoning as part of proof planning was first suggested by Bundy et al [Bundy et al 90a]. Middle-out reasoning uses variables to represent unknown terms and formulae. Unification instantiates the variables in the subsequent planning, while proof planning provides the necessary search control. Middle-out reasoning is used for synthesis by planning the verification of an unknown logic program: The program body is represented with a meta-variable. The planning results both in an instantiation of the program body and a plan for the verification of that program. If the plan executes successfully, the synthesized program is partially correct and complete. Middle-out reasoning is also used to select induction schemes. Finding an appropriate induction scheme during synthesis is difficult, because the recursion of the program, which is un..

Человечество. Нестандартные модели

It is described the first results of the usage of the proposed by the authors information-wave theory of the interacting systems for the humanity investigation as a complex self-organizing system within the synergetic paradigm. It is determined the “unit complex parameter”, characterizing the humanity as a unit system; its change dynamics is studied. It is proposed a new model for the growth dynamics of the complex unit parameter and it is given the previous information interpretation of the imaginary part of this complex parameter. It is constructed the chains of the threefold elements, which characterize the main parameters, determining the human society dynamics, and these parameters measures are proposed. It is made the first attempt of investigation of the boundaries influence on the human population dynamics.В настоящей работе излагаются первые результаты приложения разрабатываемой авторами в рамках синергетической парадигмы информационно-волновой теории взаимодействия структур и систем к исследованию человечества как сложной самоорганизующейся системы. Выполнен предварительный лингвистический анализ слов «человек» и «человечество». Определён «комплексный параметр целого», характеризующий человечество как единую систему, и исследована динамика его изменения. Предложена новая модель динамики роста комплексного параметра целого и дана предварительная информационная интерпретация мнимой части этого комплексного параметра. Построена цепочка триад, элементы которых характеризуют основные параметры, определяющие динамику человеческого общества, и предложены измерители этих параметров. Сделана первая попытка изучения влияния границ на динамику человеческой популяции

Monitoring Time Intervals

Run-time checking of timed properties requires to monitor events occurring within a specified time interval. In a distributed setting, working with intervals is complicated due to uncertainties about network delays and clock synchronization. Determining that an interval can be closed - i.e., that all events occurring within the interval have been observed - cannot be done without a delay. In this paper, we consider how an appropriate delay can be determined based on parameters of a monitoring setup, such as network delay, clock skew and clock rate. We then propose a generic scheme for monitoring time intervals, parameterized by the detection delay, and discuss the use of this monitoring scheme to check different timed specifications, including real-time temporal logics and rate calculations

Event Stream Processing with Multiple Threads

Current runtime verification tools seldom make use of multi-threading to speed up the evaluation of a property on a large event trace. In this paper, we present an extension to the BeepBeep 3 event stream engine that allows the use of multiple threads during the evaluation of a query. Various parallelization strategies are presented and described on simple examples. The implementation of these strategies is then evaluated empirically on a sample of problems. Compared to the previous, single-threaded version of the BeepBeep engine, the allocation of just a few threads to specific portions of a query provides dramatic improvement in terms of running time

Non-collaborative Attackers and How and Where to Defend Flawed Security Protocols (Extended Version)

Security protocols are often found to be flawed after their deployment. We present an approach that aims at the neutralization or mitigation of the attacks to flawed protocols: it avoids the complete dismissal of the interested protocol and allows honest agents to continue to use it until a corrected version is released. Our approach is based on the knowledge of the network topology, which we model as a graph, and on the consequent possibility of creating an interference to an ongoing attack of a Dolev-Yao attacker, by means of non-collaboration actuated by ad-hoc benign attackers that play the role of network guardians. Such guardians, positioned in strategical points of the network, have the task of monitoring the messages in transit and discovering at runtime, through particular types of inference, whether an attack is ongoing, interrupting the run of the protocol in the positive case. We study not only how but also where we can attempt to defend flawed security protocols: we investigate the different network topologies that make security protocol defense feasible and illustrate our approach by means of concrete examples.Comment: 29 page

Lapex: A Phoswich balloon experiment for hard X-ray astronomy

Satellite and balloon observations have shown that several classes of celestial objects are hard ( 15 keV) energy band with a sensitivity of approx 10 mCrab has been performed with the UCSD/MIT instrument (A4) on board the HEAO 1 satellite. About 70 X-ray sources were detected, including galactic and extragalactic objects. Hard X-ray emission has been detected in the Galaxy from X-ray pulsars. Extragalactic sources of hard X-ray emission include clusters of galaxies, QSOs, BL Lac objects, Seyfert galaxies. The essential characteristics of the Large Area Phoswich Experiment (LAPEX) for crowded sky field observations are described. It has: (1) a broad energy band of operation (20-300 keV); (2) a 3 sigma sensitivity of about 1 mCrab in 10,000 s of live observing time; and (3) imaging capabilities with an angular resolution of about 20'